On Thursday, December 18th, 2025 at 1:08 AM, Eugene R via Postfix-users
<[email protected]> wrote:
>
>
> Hello,
>
> Perhaps I am missing something, but what exactly leads you to believe
> that there actually was a hacking event, let alone the event related to
> a specific perpetrator?
> Looks like pretty big trouble and effort for them to go into, for such a
> small prank without obvious payback.
>
> Might the configuration changes be caused by some misconfiguration
> and/or incorrect update and/or defaults reset caused by either your
> system or your hosting provider?
>
> But, of course, is is a good idea to check and update the passwords etc,
> anyway.
>
> Best regards
> Eugene
Advanced Persistent Threat (APT) hackers have been hacking into my Android
phones, home desktop computers, laptops, Windows and Linux servers and other
online accounts for the past 18 years since 2007.
Seems like they have been instructed to do those things ("pranks") to annoy and
frustrate me, or to cause paranoia.
Regards,
Mr. Turritopsis Dohrnii Teo En Ming
Extremely Democratic People's Republic of Singapore
19 Dec 2025 Friday 11.21 am Singapore Time
>
> On 17.12.2025 10:58, Turritopsis Dohrnii Teo En Ming via Postfix-users
> wrote:
>
> > Subject: Advanced Persistent Threat (APT) hackers had hacked into my
> > Virtualmin Linux Virtual Private Server (VPS) on 15 Dec 2025 Monday around
> > noon time
> >
> > Good day from Singapore,
> >
> > Today 17 Dec 2025 Wednesday around 12.30 PM, I was trying to use GMail
> > (Google Mail) to send email to my email accounts hosted in Virtualmin Linux
> > Virtual Private Server (VPS) (aka web hosting control panel). GMail
> > reported the error "554 5.7.1 Relay access denied". Which means all of my
> > email accounts hosted in Virtualmin Linux VPS could no longer receive
> > emails.
> >
> > Advanced Persistent Threat (APT) hackers must have hacked into my
> > Virtualmin Linux VPS and changed my server configuration.
> >
> > Webmin version: 2.520
> > Virtualmin version: 7.50.0 GPL
> > Operating system: AlmaLinux 9.6
> > Usermin version: 2.420
> > Authentic theme version: 25.20
> > Linux Kernel and CPU: Linux 5.14.0-570.51.1.el9_6.x86_64 on x86_64
> >
> > When I logged in to Roundcube Webmail, I noticed that I had stopped
> > receiving emails with the email accounts hosted in Virtualmin Linux VPS
> > since 15 Dec 2025 Monday around 12 noon Singapore Time.
> >
> > When I checked /var/log/maillog in Virtualmin Linux VPS, I observed that I
> > had started getting "554 5.7.1 Relay access denied" errors since 15 Dec
> > 2025 Monday around 12.28 PM (for my email accounts hosted in Virtualmin
> > Linux VPS).
> >
> > Advanced Persistent Threat (APT) hackers must have hacked into my
> > Virtualmin Linux VPS and changed my server configuration.
> >
> > When I checked /etc/postfix/main.cf on my Virtualmin Linux VPS, Advanced
> > Persistent Threat (APT) hackers had changed the following line to:
> >
> > mydestination = $myhostname, localhost.$mydomain, localhost,
> > ns1.turritopsis-dohrnii-teo-en-ming.com
> >
> > I had to change the above line back to:
> >
> > mydestination = $myhostname, localhost.$mydomain, localhost,
> > ns1.turritopsis-dohrnii-teo-en-ming.com, teo-en-ming.com,
> > teo-en-ming-corp.com
> >
> > And then restart Postfix daemon/service (systemctl restart postfix).
> >
> > For Virtual Server teo-en-ming-corp.com in Virtualmin Linux VPS:
> >
> > Advanced Persistent Threat (APT) hackers had changed my email account
> > user's Login access to Database, FTP and SSH. I had to change it back to
> > Database, Email, FTP and SSH.
> >
> > Advanced Persistent Threat (APT) hackers had also changed "Primary email
> > address enabled" to No. I had to change it back to Yes.
> >
> > For Virtual Server teo-en-ming.com in Virtualmin Linux VPS:
> >
> > Advanced Persistent Threat (APT) hackers had changed my email account
> > user's Login access to FTP and SSH. I had to change it back to Email, FTP
> > and SSH.
> >
> > Advanced Persistent Threat (APT) hackers had also changed "Primary email
> > address enabled" to No. I had to change it back to Yes.
> >
> > After making all of the above changes, I am able to start receiving emails
> > with my email accounts hosted in Virtualmin Linux VPS since 1.15 PM today
> > 17 Dec 2025 Wednesday.
> >
> > When I checked OpenSSH server logins and Virtualmin logins, only public
> > IPv4 addresses belonging to me were present. There were no traces of
> > Advanced Persistent Threat (APT) hackers gaining unauthorized entry into my
> > Virtualmin Linux VPS at all. Of course, if they are Advanced Persistent
> > Threat (APT) hackers, they must be very smart and intelligent (their
> > intelligence quotient IQ sure way above me) to remove all traces of their
> > unauthorized intrusions into my Virtualmin Linux VPS.
> >
> > How can I make a request to Advanced Persistent Threat (APT) hackers so
> > that they will stop playing pranks on my Android (Linux) phones, home
> > desktop computer, laptops, Virtualmin and Webmin Linux servers and other
> > various numerous online accounts not secured with 2FA / MFA?
> >
> > Please advise.
> >
> > Thank you very much.
> >
> > Regards,
> >
> > Mr. Turritopsis Dohrnii Teo En Ming
> > Extremely Democratic People's Republic of Singapore
> > 17 Dec 2025 Wednesday 3.50 PM Singapore Time
> >
> > _______________________________________________
> > Postfix-users mailing list -- [email protected]
> > To unsubscribe send an email to [email protected]
>
> _______________________________________________
> Postfix-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
