NethServer Version: 7.9 fully updated
Hi all,
I am receiving a lot of this king of emails:
Subject: Undelivered Mail Returned to Sender
This is the mail system at host dorgee.micronator.org.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
[<anette_lennon@yahoo.co.uk>](mailto:anette_lennon@yahoo.co.uk): connect to mx-eu.mail.am0.yahoodns.net[188.125.72.74]:25: Connection timed out
...
.
I tried the below iptables command to no avail…
/sbin/iptables -I INPUT -s 188.125.72.74/32 -j DROP
I checked for virus, etc…
How can I stop those email ?
Thank you,
Michel-André
Hi @michelandre
Check the outgoing mailqueue on your system, are there a lot of such mails already on your system?
First, you need to find out HOW mails are being submitted to your system:
- Via Network to the SMTP Port
- Via Webmail
- Other methods (Compromised Client / User)
The logs will help with this.
Second, you need to stop the incoming mails.
How to best do this depends on the method used above.
Via Network to the SMTP Port - Best blocked at firewall level, (your OPNsense?)
Via Webmail or compromised user / pc / system - Change involved Passwords and check the next 2-3 weeks.
These two suggestions should solve the issue.
My 2 cents
Andy
1 Like
Hi @Andy_Wismer,
There was some emails in the queue - I deleted all of them.
I change the password of one of the user only.
No more those “Undelivered Mail…”
Question:
The emails in the queue, where are they coming from ?
Michel-André
Hi @michelandre
Probably that one account was compromised.
The logs would verify which user was used to send the mails…
My 2 cents
Andy
1 Like