Knowledge Base

Emails are automatically forwarded to an unknown address

Symptoms

All emails from one affected mailbox (e.g. [email protected]) are automatically forwarded to an unknown address (e.g. [email protected]). Records like this can be seen in /var/log/maillog:

dovecot service=lda, [email protected], ip=[]. sieve: [email protected]: redirect action: forwarded to [email protected]

There are forwarding rules set up in Roundcube: Log in to webmail.example.com > Settings > Filters.

Cause

The account is compromized, attacker created the forwarding via webmail.

Resolution

1. Immediately change the affected account's password to a stronger one:

Log in to Plesk
Navigate to Domains > example.com > Mail Accounts
Select the affected mailbox and generate a new password or set one manually

2. Log in to the affected mailbox via webmail and go to Settings > Filters to remove the malicious forwarding rule.

Related Posts

Exploring Plesk’s Added Value Solutions So Far in 2023

Unveiling Sitejet Builder: The Perfect Match for Your Effortless Website Creation Needs

Dynamic List vs. Active List: A Comprehensive Comparison – Unveiling the Ultimate Winner!

Knowledge Base

Unable to issue a Let’s Encrypt certificate for a domain or its mail in Plesk: the DNS challenge used another IP address

Unable to access mail: Warning: Inotify instance limit for user exceeded

Email header analysis reports SPF failed for localhost IP on mail sent from Plesk hosted mailbox: SPF Authentication : SPF Failed for IP – 127.0.0.1

Websites on Plesk server are slow or show error 500 or PHP mail cannot be sent: ap_pass_brigade failed

Hosting Wiki