Weird email log probably spam attack?

@girish What determines what is shown there and what not. With these botnets it seems always the first connection attempt shows up in the UI, the other 99 do not. So it is one denied connection per IP per x minutes?

In the UI it is possible to filter the display so that denied mails do not show up, but unfortunately this filter is not saved on page reload. That would be a nice possibility to have because during these annoying botnet "campaigns" if several domains are being targeted the UI still shows one entry for each domain per hour.

@girish Is there really any point blocking the IPs in this case? They tend to only be used once and a short time later a different compromised computer will try to connect with a different IP address.

Yes, this is an attempted spam attack from a botnet pointlessly sending mails from compromised computers to non-existent addresses at regular intervals. If you look closely there will be 100 at a time, probably about once an hour to each targeted domain and each time from a different IP. I have no idea what the spammers are trying to achieve here other than maybe trying to find insecure or poorly configured mailservers, but we see it from time to time as well.

There is nothing much you can do about it but apart from annoying entries in the log nothing will happen as the mails will be rejected / the sender blocked and after a while (possibly a few weeks) they will just stop.

I was experiencing the same problem. The solution is to select filter by realm roles. It seems to default to filter by realm clients.

If clearing the cache doesn't help, check to see if the ServiceWorker HumHub automatically installs is still being loaded in the browser.

@nebulon Correct, but I just realised that in copying and pasting I appear to have missed something.
That's embarassing. In any case it has now worked and this is resolved. Thanks for the quick reply.

I am trying to use the terminal to set an admin user as per the instructions in the documentation but don't seem to be able to find the correct place to do so and keep getting "command not found". Do I need to run the command as root and / or from a particular directory? Using the latest version of the app.

I can also recommend the Custom Fields and Workflows modules.

@archos I think you are maybe misunderstanding something here. Users and customers are not the same thing. Users are support staff who log in to Freescout and can reply to tickets. Customers should not have accounts / be able to log in at all as otherwise they will indeed see - and be able to reply to - all conversations in mailboxes they are allocated to.

Customers can access their own tickets if you have the module End User Portal: https://freescout.net/module/end-user-portal/. What they see there is linked to their email address(es) and the respective mailbox in Freescout.

@murgero Many thanks for your help.

@murgero Thank you. Unfortunately it still doesn't work. Now getting

/usr/bin/env: ‘node’: No such file or directory

as a response.

As I understand it npm should be installed and usuable in the LAMP app, bit every time i try to execute the command

npm clean-install

as the www-data user in the public directory I get the error npm: command not found. I've seen a few tips here in the forum relating to problems with npm but nothing that solves this.

Is it maybe possible to change the order in which incoming mails are filtered? With sieve you can tell the server to discard mails that match certain criteria, but that only works for mails that have not already been classified as SPAM. i suspect this is not that trivial though because the sieve filters work at the mailbox level.

@W1LMS See it as two levels of security. Firewall at DC level and at server level is also best practice.

Yes, you have to upload it to the server's file system first.

Is the www subdomain pointing to your Cloudron server in DNS?

@girish Done: https://forum.cloudron.io/post/89451

Related to the thread https://forum.cloudron.io/post/89330:

Effective SPAM protection includes the possibility to implement rules to discard messages that match certain criteria before they reach a user's mailbox. This is not currently possible as the Spamassassin rules only allow assigning a score based on defined criteria and if that score is over 5 the mail will go to the SPAM folder. Once an email has been classified as spam users can no longer use sieve filters to discard it. Some users receive several mails each day matching clearly defined criteria and that are either SPAM or Phishing attempts.

Feature request:

• The ability to filter out emails that do not get rejected by the MTA deny rules if they match specific criteria (e.g. subject, sender hostname) with wildcards as a possibility.

• The ability to also add hostnames to the network firewall. Using wildcards would enable persistent spammers to be blocked even if they send via several different IPs.

You would have to do that directly on the server's IPTables firewall but it is not recommended to do this, nor is running additional software besides Cloudron.

The correct syntax for the php.ini file is Name = Value:

post_max_size = 6000M
upload_max_filesize = 6000M
memory_limit = 1024M
max_execution_time = 6000
max_input_time = 6000
session.gc_maxlifetime = 1200

The syntax you used is for .htaccess files.