when I ran ‘sudo doveadm who’, i see these two connections remaining when all the mail clients are disconnected.
I changed passwords for the accounts; reset the mailserver and after entering the account in my mail software (apple mail, spark for apple (alternative)), these two connections popped up (within 2 seconds).
Are these push notifications from apple? Or do I’ve to look somewhere else?
By the way, I’m the only user, for who this occurs, even after changing all the passwords
Certainly no brute-force attacks. It’s just 2 open connections from of my 4 my mailboxes to a strange ip addresses. After changing passwords and even force restarting the server, the connections reappear, when I start email for the first time.
But i don’t see push notifications, so sending an email, with the mail-app closed doesn’t give any result
Not always. The push notifications on iOS will always come from apple, but where did apple get the notification? From the email apps developer. On the developers server, it will check your inbox for new email, then tell apple to send a push notification when required. I could almost guarantee that is the issue you are seeing.
It could be a logical explanation, but I don’t understand, why only my accounts are involved. There are only a few users not using apple stuff and most of them, don’t know how to configure it, so all the configurations are almost the same.
Just an observation here. It sounds very much like Spark works in a similar manner to Accompli - Which was bought by Microsoft and rebranded as Outlook Mobile app.
Although you set it up in a way similar to any other email client, the app doesn’t communicate directly with your email servers, rather it sends traffic to servers run by the app maker which acts as a MITM and passes the message on to your mail servers. (I remember scratching my head when looking at the SMTP headers on mail sent using the app)
More information on Outlook Mobile can be found here.
I think I might have a play with Spark and confirm what they do.