This security hole CVE-2021-41739 can be fixed by removing the file cyrus.events.php inside the folder /usr/share/artica-postfix directory.
Details of this security hole can be viewed here
To exploit this hole, the attacker “must be logged” trough the Artica Web Console.
It is automatically fixed with artica v4.30 SP206 Hotfix 20220419, Artica v4.30 SP208, Artica v4.30 unstable Service Pack 759 or above