- Plesk for Linux
CONFIG_TEXT: dovecot service=lda, firstname.lastname@example.org, ip=. sieve: email@example.com: redirect action: forwarded to firstname.lastname@example.org
- There are forwarding rules set up in Roundcube: Log in to webmail.example.com > Settings > Filters.
The account is compromized, attacker created the forwarding via webmail.
1. Immediately change the affected account's password to a stronger one:
- Log in to Plesk
- Navigate to Domains > example.com > Mail Accounts
- Select the affected mailbox and generate a new password or set one manually
2. Log in to the affected mailbox via webmail and go to Settings > Filters to remove the malicious forwarding rule.