11 Apr
2024
11 Apr
'24
8:52 p.m.
I went back to the logs and instead found Dovecot IMAP server activity during those times. Apparently Russian hax0rs (hostnames stat_list.ip-ptr.tech and service_stat.ip-ptr.tech) compromised an account and logged into it via IMAP, and somehow were able to create these two sp*m e-mails on my system.
Putting an email in a imap folder is not to difficult or have you done something special that everyhing is read only? I have even een sieve script that puts log output in a mail item.