[GH-ISSUE #577] Relay used as spam #978

New issue

Closed

opened 2026-03-14 11:21:02 +03:00 by kerem · 3 comments

kerem commented 2026-03-14 11:21:02 +03:00

Owner

Copy link

Originally created by @GitTworn on GitHub (Jan 3, 2024).
Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/577

Hi all,
My hosting server does not allow the use of port 25 so I setup AnonAddy to with the use of the POSTFIX_RELAYHOST variables and use another server to send the email.

My setup works perfectly but once in the 2 months I get the below message.

I use AA only for myself so a max of 50 emails per month with 1 user.

Can anyone tell me how can I debug this?

The *USER_ACCOUNT* account has just finished sending 1000 emails.
There could be a spammer, the account could be compromised, or just sending more emails than usual.

After some processing of the /etc/virtual/usage/USER_ACCOUNT.bytes file, it was found that the highest sender was double-bounce@mail.anonaddy-domain.com, at 757 emails.

The top authenticated user was USER_ACCOUNT, at 1276 emails.
This accounts for 127% of the emails.  The higher the value, the more likely this is the source of the emails.
An authenticated username is the user and password value used at smtp time to authenticate with exim for delivery.

The top sending host was *IP*, at 1276 emails (127%).

This warning was generated because the 1000 email threshold was hit.

================================
Automated Message Generated by DirectAdmin

Originally created by @GitTworn on GitHub (Jan 3, 2024). Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/577 Hi all, My hosting server does not allow the use of port 25 so I setup AnonAddy to with the use of the POSTFIX_RELAYHOST variables and use another server to send the email. My setup works perfectly but once in the 2 months I get the below message. I use AA only for myself so a max of 50 emails per month with 1 user. Can anyone tell me how can I debug this? ``` The *USER_ACCOUNT* account has just finished sending 1000 emails. There could be a spammer, the account could be compromised, or just sending more emails than usual. After some processing of the /etc/virtual/usage/USER_ACCOUNT.bytes file, it was found that the highest sender was double-bounce@mail.anonaddy-domain.com, at 757 emails. The top authenticated user was USER_ACCOUNT, at 1276 emails. This accounts for 127% of the emails. The higher the value, the more likely this is the source of the emails. An authenticated username is the user and password value used at smtp time to authenticate with exim for delivery. The top sending host was *IP*, at 1276 emails (127%). This warning was generated because the 1000 email threshold was hit. ================================ Automated Message Generated by DirectAdmin ```

kerem closed this issue 2026-03-14 11:21:08 +03:00

kerem commented 2026-03-14 11:21:13 +03:00

Author

Owner

Copy link

@willbrowningme commented on GitHub (Jan 24, 2024):

I'm sorry but I don't think I can help in this situation. I would recommend checking the mail logs on your other mail server on the dates when you get that message.

<!-- gh-comment-id:1908534663 --> @willbrowningme commented on GitHub (Jan 24, 2024): I'm sorry but I don't think I can help in this situation. I would recommend checking the mail logs on your other mail server on the dates when you get that message.

kerem commented 2026-03-14 11:21:18 +03:00

Author

Owner

Copy link

@Bart1909 commented on GitHub (Jun 29, 2024):

Did you find a solution for this @GitTworn? I'm facing the same issue.

<!-- gh-comment-id:2198143960 --> @Bart1909 commented on GitHub (Jun 29, 2024): Did you find a solution for this @GitTworn? I'm facing the same issue.

kerem commented 2026-03-14 11:21:24 +03:00

Author

Owner

Copy link

@GitTworn commented on GitHub (Aug 31, 2024):

Unfortunately not. I still have the issue. It is a very annoying one.

Now and then this still occurs. The spam messages are not actually delivered to other people. The system still blocks the spam messages, but the spammer does try to send them and then my server maxes out the amount of allowed emails sent which is 1000 in my case.

<!-- gh-comment-id:2323052197 --> @GitTworn commented on GitHub (Aug 31, 2024): Unfortunately not. I still have the issue. It is a very annoying one. Now and then this still occurs. The spam messages are not actually delivered to other people. The system still blocks the spam messages, but the spammer does try to send them and then my server maxes out the amount of allowed emails sent which is 1000 in my case.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

v1.5.0

v1.4.1

v1.4.0

v1.3.8

v1.3.7

v1.3.6

v1.3.5

v1.3.4

v1.3.3

v1.3.2

v1.3.1

v1.3.0

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.0

v1.0.9

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

v0.14.1

v0.14.0

v0.13.13

v0.13.12

v0.13.11

v0.13.10

v0.13.9

v0.13.8

v0.13.7

v0.13.6

v0.13.5

v0.13.4

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.3

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.1

v0.10.0

v0.9.1

v0.9.0

v0.8.10

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.5

v0.7.4

v0.7.3

v0.7.2

v0.7.1

v0.7.0

v0.6.2

v0.6.1

v0.6.0

v0.5.0

v0.4.0

v0.3.0

v0.2.13

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.8

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.6

v0.1.5

v0.1.4

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels   

bug

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/anonaddy#978

No description provided.