ISPConfig email queue shows unknown emails (likely spams), is my server hacked?

Question

I use ISPconfig and when I look on "Mail Queue" I can see lot of unknown emails (I did not sent any emails to them). Was my server hacked?

Example:

-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
1A5E7CECD 6284 Wed Oct 18 08:55:45 MAILER-DAEMON
(connect to nadinefranvil.com[185.140.110.3]:25: Connection refused)
radimxb6sq4d@nadinefranvil.com

1C710CE42 7056 Sun Oct 15 08:21:56 MAILER-DAEMON
(connect to dnamufflers.com[185.140.110.3]:25: Connection refused)
zorazexyrp8@dnamufflers.com

14AFCC2D1 7414 Sun Oct 15 19:52:14 MAILER-DAEMON
(connect to tappnetworks.com[185.140.110.3]:25: Connection refused)
alojzyht8jspmasek@tappnetworks.com

1B3E3CF0D 5515 Mon Oct 16 05:30:32 MAILER-DAEMON
(Host or domain name not found. Name service error for name=101.141.97.202.adsl-pool.sx.cn type=MX: Host not found, try again)
Dyjalo@101.141.97.202.adsl-pool.sx.cn

16F03CE22 7296 Tue Oct 17 11:23:18 MAILER-DAEMON
(connect to brittanyjezouit.com[185.140.110.3]:25: Connection refused)
radomilq2we1mh@brittanyjezouit.com

1521CC603 42026 Sun Oct 15 18:44:48 MAILER-DAEMON
(connect to mail.alice-with-christina.us[80.209.252.94]:25: Connection refused)
victoria_marilyn@alice-with-christina.us

12319CEB9 7051 Sun Oct 15 09:24:48 MAILER-DAEMON
(connect to seonbaptiste.com[185.140.110.3]:25: Connection refused)
zdislav3925syr@seonbaptiste.com

1E7C7CEE5 7030 Mon Oct 16 11:03:13 MAILER-DAEMON
(connect to ewsfairs.com[185.140.110.3]:25: Connection refused)
dominikkb20zrabarton@ewsfairs.com

1E614C27A 4178 Tue Oct 17 08:15:47 MAILER-DAEMON
(connect to keretaminimalang.com[185.140.110.3]:25: Connection refused)
dominikngh9ft1sikora@keretaminimalang.com

B9C08CF00 6252 Wed Oct 18 23:27:17 MAILER-DAEMON
(connect to sehzadeotel.com[185.140.110.3]:25: Connection refused)
amalientsj82kjanecek@sehzadeotel.com

B5F6FCE3A 4664 Thu Oct 19 18:15:05 MAILER-DAEMON
(connect to mail.game-n-bonus.us[185.207.205.49]:25: Connection refused)
lilian_emma@game-n-bonus.us

...and many others. Can I see which php script sent this emails or what happend?

There's a way you can check the outgoing messages in `/var/spool/`, it just depends on which smtp program you're using. Here's some [postfix info](http://www.tech-g.com/2012/07/15/inspecting-postfixs-email-queue/), [exim info](http://www.inmotionhosting.com/support/email/exim/manage-the-exim-mail-queue-via-ssh), and [sendmail info](http://osr507doc.xinuos.com/en/MailMsgG/sndmlT18.html) — aynber, Oct 19 '17 at 21:01
Thank you, I see one of the email: https://pastebin.com/waBt9kLv It looks like somebody sent email to my work email adress (which is hosted on this server), then this message was redirected to my personal email on gmail (which is correct) and gmal refused the message because it is spam. — JackDavis, Oct 19 '17 at 21:16

ISPConfig email queue shows unknown emails (likely spams), is my server hacked?

0 Answers0