• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Backscatter

M

Mitti

New Pleskian
Hi all,

I am a plesk user since a couple of years now and I'd say I have a really strong know-how about server systems. However, this a few weeks, I have a new crazy issue on our hosting server: It is always on a backscatter black list and client emails are blocked from other mail servers.

The blacklist (Backscatterer.org powered by UCEPROTECT) shows me the timestamp and I the maillog I can see several entries like

postfix/qmgr[581]: E20DE81224: from=<>, size=7926, nrcpt=1 (queue active)

but I don't find any reason. I also logged in at the server through telnet (25) and manually sent a message without a sender to an external domain, which was blocked due to denied relay access. In a next step I tried to send it to a local recipient on the server without a sender which worked out. This was a mailbox with forwarding to an external address where I have received the mail (and it showed Mailer-Daemon as sender).

I am not sure what to do; but backscatter says that it finds every day an entry....

Anyone got an idea?

Thanks
Manuel
 
Hello,

I had a similar problem and I found out that the problem are the bounce mails from MAILER-DAEMON.

So, spam was sent to not existing mail boxes and the MAILER-DAEMON tries to return a bounce message. As the sending mail address is forged, this bounce can't be sent, so the mail stays in the queue and is tried to be sent again, again and again.

I use a cron script which scans the mail queue once an hour for this MAILER-DAEMON and flushes them.

So, first use a cron for
  • /usr/sbin/postqueue -f
once an hour, which tries to send legitimate mails from the daemon in mailqueue again.
Than, about 2-3 minutes later use this cron to flush the mails which can't be sent:
  • mailq|gawk '/MAILER-DAEMON/ { print $1 }'|/usr/sbin/postsuper -d -
Now the mailqueue cleans itself once an hour and most blacklists accept this, as this is the only try to send the spam-mails.

#edit
Changed "postqueue -f" to "/usr/sbin/postqueue -f"
 
Last edited:
You must log in or register to reply here.

Similar threads

V
Issue Smarthost + SRS = relay?
Replies
2
Views
879
vanlier
V
G
Issue [email protected] keeps sending e-mail notification even if i've edited panel.ini file.
Replies
2
Views
887
IT Ufficio Key-One
I
K
Question Where are mails to root stored and how to forward them to an external address?
Replies
1
Views
875
mow
M
B
Resolved Mail get lost with wrong Dmarc
Replies
1
Views
3K
Martin Dias
Martin Dias
J
Issue Notifications Email and 550 error
Replies
1
Views
3K
mariano_loo
M
Back
Top