Plesk emails are automatically forwarded to an unknown address

Started by senthil, Apr 21, 2025, 07:24 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

senthil

Apr 21, 2025, 07:24 AM
Symptoms
  • All mail from a Plesk email address is forwarded to an unknown email address, with these records logged to
    /var/log/maillog:
    Code Select
    dovecot service=lda, user=john.doe@example.com, ip=[]. sieve:
    msgid=618dad9e22271@example.com: redirect action: forwarded to
    unknown@example.com
  • There are unknown forwarding rules in Roundcube (webmail.example.com > Settings > Filters)
Cause
The account has been compromised; the attacker created the forwarding rules in webmail.

Resolution
Secure the account and remove the forwarding rules.
  • Set a stronger password for the affected account
  • Log in to the affected mailbox in webmail
  • Go to Settings> Filters and remove the malicious forwarding rule(s).
To help prevent such issue, harden the Plesk server: How to secure a Plesk server
Print
Go Up Pages1
User actions