Has my server been hacked? Please check my email logs

Anwarul · October 22, 2024, 12:43pm

Has my server been hacked? Please check my email logs ?

I have seen lots of email sending details on email logs. Around 100-200 emails logs I can seen on logs details. also my hoster warn me that I am crossing each day bandwidth limit of port 25

Also I remove port 25 from firewall and disabled all email functions from cyberpanel. Now no any created email on my server also told my hoster to block port 25 but still my server is sending emails automatically.

please check screenshot : 100-200 logs generating within a minute
ibb .co/PF6fr26
ibb .co/6v1kJ61
ibb. co/hdvvV7m

I never created any email from day first to last

Anwarul · October 22, 2024, 1:15pm

someone help please

maxwell · October 22, 2024, 9:07pm

Did you get service from Contabo? This happened to me before. I got rid of it by reinstalling.

Anwarul · October 23, 2024, 11:08am

yes bro, from contabo but my another server in ovh and same issue

maxwell · October 23, 2024, 5:28pm

Scan your system with lynis, rkhunter and clamav. You may need to uninstall and reinstall dovecot and postfix. I recommend reinstalling the system from scratch.

Anwarul · October 24, 2024, 2:15am

anybody tell me how can I uninstall complete email system. I am not using email related any services.
Thank You

maxwell · October 24, 2024, 4:07pm

If you are not an expert in such matters, do not try it. I do not accept any responsibility. Before trying, back up your important emails.

# Remove Postfix
sudo systemctl stop postfix
sudo apt-get remove --purge postfix

# Remove Dovecot
sudo systemctl stop dovecot
sudo apt-get remove --purge dovecot-core dovecot-imapd dovecot-pop3d

# Remove Rspamd (If installed)
sudo systemctl stop rspamd
sudo apt-get remove --purge rspamd

# Remove SpamAssassin
sudo systemctl stop spamassassin
sudo apt-get remove --purge spamassassin

# Clean up remaining dependencies
sudo apt-get autoremove --purge
sudo apt-get autoclean

Anwarul · November 6, 2024, 4:44am

Brother please help me.
I am using AlmaLinux OS and those commends are not working on AlmaLinux

Anwarul · November 6, 2024, 5:00am

email logs : Nov 5 17:02:29 vmi2267 postfix/submission/smtpd[16045]: disconnect from unknown[167.94.138.60] unknown=0/1 commands=0/1
Nov 5 17:02:30 vmi227 postfix/submission/smtpd[16045]: warning: hostname scanner-07.ch1.censys-scanner.com does not resolve to address 167.94.138.60: Name or service not known
Nov 5 17:02:30 vmi2367 postfix/submission/smtpd[16045]: connect from unknown[167.94.138.60]
Nov 5 17:02:30 vmi2267 postfix/submission/smtpd[16045]: improper command pipelining after CONNECT from unknown[167.94.138.60]: \026\003\001\001\264\001\000\001\260\003\003v\f\314I\356\004\345\020\357:]\207\036\016e\332/\332\v\2526!\221K\325\016\317\000\313?g\035 \264\266=\366+&\020\tjy9^\264\301\032\356\251\307\243BK^1l<a\255h\214\020\261\035\000\214\312\312\300\022\300\023\300\a\300’\314\024\300/\023\001\300\024\023\002\300(…
…
…
…
…

jurubba · November 7, 2024, 1:38pm

Esses são comandos básicos de Linux, trabalhar com hospedagem requer algum nível de conhecimento em Linux, porque você vai ter muitos problemas ao decorrer do tempo, vai sofrer ataque, aplicações vai falha, outras vai parar de funcionar. Acredite, nem sempre as soluções encontradas na internet vai te ajudar.

njamal816 · November 8, 2024, 12:48pm

for Almalinux

# Remove Postfix
sudo systemctl stop postfix
sudo dnf remove -y postfix

# Remove Dovecot
sudo systemctl stop dovecot
sudo dnf remove -y dovecot dovecot-core dovecot-imap dovecot-pop3

# Remove Rspamd (If installed)
sudo systemctl stop rspamd
sudo dnf remove -y rspamd

# Remove SpamAssassin
sudo systemctl stop spamassassin
sudo dnf remove -y spamassassin

# Clean up remaining dependencies
sudo dnf autoremove -y
sudo dnf clean all