- Plesk for Linux
CONFIG_TEXT: dovecot service=lda, email@example.com, ip=. sieve: firstname.lastname@example.org: redirect action: forwarded to email@example.com
- There are forwarding rules set up in Roundcube: Log in to webmail.example.com > Settings > Filters.
The account is compromized, attacker created the forwarding via webmail.
1. Immediately change the affected account's password to a stronger one:
- Log in to Plesk
- Navigate to Domains > example.com > Mail Accounts
- Select the affected mailbox and generate a new password or set one manually
2. Log in to the affected mailbox via webmail and go to Settings > Filters to remove the malicious forwarding rule.