today I had few support tickets that customer emails are not being delivered to their accounts. After some investigation I've discovered that those accounts had content filtering rules which where forwarding messages to some spamish gmail account with message deletion.
Does someone of you encountered similar situation maybe in past? Most interesting thing here is that this issues had been reported today (when I upgraded SmarterMail over weekend from build 8251 (or similar) to 8545. Just to be clear here: I'm not reporting anything wrong with latest version in this matter BUT maybe something has been fixed in forwardings which made those forwarding rules to be operational or MAYBE during some upgrade actions of settings.json file checking those forwardings where fixed and started to be operational.
So bottom line: does anyone encountered similar issues? Most of the time when account gets corrupted some SMTP connections are being made with spam sending but this is something new (or old?).
From affected email accounts only for one I was able to find in administrative logs entry:
2023.05.22 08:46:35.596 [188.8.131.52] User EMAILADDRESSAFFECTED calling set content filters
2023.05.22 08:47:23.185 [184.108.40.206] User EMAILADDRESSAFFECTED calling set content filters
For other accounts I didn't find anything in logs I have (1 year in past).
EDIT: I was able to find those accounts using Total Commander search for settings.json files with regex content search: