Hi,
I am using Mail-in-a-box with SES on aws. Somehow one of my mail is using 24 gb not sure what is going on. I can also one hacked account in my Mail-In-a-Box user list. Help me to solve this.
Regards,
Ashish
Hi @ashishnm,
If you have a compromised user account on your Mail-in-a-Box, you need to change the password for or delete that account immediately, depending on if it’s an account you set up or not. That may well be why your email usage has increased. You should also take a look at the Postfix and Dovecot logs. Since you claim you have an unauthorized user in your user list, it doesn’t hurt to look at /var/log/auth.log to ensure that no one has compromised your SSH credentials. Additionally you need to change the password for any of the administrator users of Mail-in-a-Box.
Hi,
I have deleted the account. I can see suspicious account folder on ubuntu in “/home/user-data/mail/mailboxes”. Also a log in Mail-in-a-box admin log. "The SSL certificate has a problem: The certificate is for the wrong domain name. It is for “suspicious account name”. Do i need to delete folder in “/home/user-data/mail/mailboxes”? also how can i resolve this ssl issue so i am not hacked again.
Regards,
Ashish
Deleting the folder in /home/user-data/mail/mailboxes/domain/suspicious-email-account will remove all of the unauthorized email from the server.
You need to change the passwords for your Mail-in-a-Box administrator accounts, your server accounts, and to be safe, create a new SSH key pair if you were using one. If you were not using an SSH key pair you should create one and start using that for authentication.