Articles in this section

How to train SpamAssassin on Plesk server?
How to exclude a domain from DMARC check in Plesk for Linux
SpamAssassin rules can't be updated on CentOS 7 server with Plesk: config: SpamAssassin failed to parse line, is not valid for "util_rb_3tld"
Is Roundcube 1.4 secured against CVE-2026-25916 and CVE-2026-26079 in Plesk?
Integrating SmarterMail 100.0.9560 with Plesk fails: Login failure: Missing auth
Dovecot IMAP crashes on a Plesk server with Ubuntu 24.04: Panic: file imap-sieve-storage.c: line 216 (imap_sieve_add_mailbox_event): assertion failed
Unable to start Amavis: ERROR: MISSING REQUIRED ADDITIONAL MODULES: DBD::MariaDB
Unable to send or receive email with Plesk Email Security extension installed
It is not possible to receive messages coming from a specific domain to a specific mailbox on a Linux Plesk server. What can be checked?
How to configure Apache Solr search for Dovecot?
See more

Emails are automatically forwarded to an unknown address in Plesk

Leo Mastropierro

Updated November 27, 2025 15:53

Plesk for Linux kb: technical

Applicable to:

Plesk for Linux

Symptoms

All mail from a Plesk email address is forwarded to an unknown email address, with these records logged to /var/log/maillog:

dovecot service=lda, user=john.doe@example.com, ip=[]. sieve: msgid=618dad9e22271@example.com: redirect action: forwarded to unknown@example.com
Custom forwarding rules exist in Roundcube at Settings > Filters

Cause

The account has been compromised, and malicious rules have been created in Roundcube.

Resolution

Secure the account and remove the forwarding rules:

Set a stronger password for the affected account.
Log in to webmail of the affected mailbox
Go to Settings > Filters and remove the malicious forwarding rule(s).

Note: To help prevent such thing to occur again, secure Plesk server.

Comments

0 comments

Please sign in to leave a comment.