Our email server used by others for spamming

I am using open source mail server which is iRedMail. We follow the standard procedure how to set it up given by iRedMail too. Then we try also to follow standard procedure given by google and MX Lookup Tool for having a mail server. But this past few weeks we encountered that our mail server is used by others for malicious matter like spamming. We tried to change all of credentials but still, the spamming is continuous. I attached the screenshot so you can have idea.

4 Replies

You can't attach screenshots here… You're going to have to provide more information…

  1. Are the spammers able to login to your server using fake accounts?
  2. Are the spammers able to use your server as an open relay?

-- sw

@allworldtrade Something to check,

I had the same situation recently but managed to catch it early. An instance of WordPress on the same machine became compromised and the attacker was using a custom uploaded PHP script to send a bunch of email messages.

thank you for the response Sir stevewi.

1.) Not sure if they are able to login to my server, because they only using my email to send a spam message but not actually my email sent the spam message. Sent tab is complete empty an indicator that sending spam message is not happened inside our email server.

2.) Yes. Based on the reports and logs, they use our server as an open relay.

2.) Yes. Based on the reports and logs, they use our server as an open relay.

If you use postfix, this will be helpful (this is from my main postfix config file, *main.cf):

# sw - my networks (localhost) definition
mynetworks = [::ffff:]/104 [::1]/128

# The relay_domains parameter restricts what destinations this system will
# relay mail to.  See the smtpd_recipient_restrictions description in
# postconf(5) for detailed information.
# By default, Postfix relays mail
# - from "trusted" clients (IP address matches $mynetworks) to any destination,
# - from "untrusted" clients to destinations that match $relay_domains or
#   subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is $mydestination.
# In addition to the above, the Postfix SMTP server by default accepts mail
# that Postfix is final destination for:
# - destinations that match $inet_interfaces or $proxy_interfaces,
# - destinations that match $mydestination
# - destinations that match $virtual_alias_domains,
# - destinations that match $virtual_mailbox_domains.
# These destinations do not need to be listed in $relay_domains.
# Specify a list of hosts or domains, /file/name patterns or type:name
# lookup tables, separated by commas and/or whitespace.  Continue
# long lines by starting the next line with whitespace. A file name
# is replaced by its contents; a type:name table is matched when a
# (parent) domain appears as lookup key.
# NOTE: Postfix will not automatically forward mail for domains that
# list this system as their primary or backup MX host. See the
# permit_mx_backup restriction description in postconf(5).
#relay_domains = $mydestination

# sw - this host does not relay mail
relay_domains =


# The relayhost parameter specifies the default host to send mail to
# when no entry is matched in the optional transport(5) table. When
# no relayhost is given, mail is routed directly to the destination.
# On an intranet, specify the organizational domain name. If your
# internal DNS uses no MX records, specify the name of the intranet
# gateway host instead.
# In the case of SMTP, specify a domain, host, host:port, [host]:port,
# [address] or [address]:port; the form [host] turns off MX lookups.
# If you're connected via UUCP, see also the default_transport parameter.
#relayhost = $mydomain
#relayhost = [gateway.my.domain]
#relayhost = [mailserver.isp.tld]
#relayhost = uucphost
#relayhost = [an.ip.add.ress]

# sw - this host does not relay mail
relayhost =

So… what you need to do is set mynetworks appropriately and specifically unset (don't let them default) relayhost and relaydomain.

You may want to put additional restrictions on incoming mail and senders:


— sw


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct