1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Big Issue on Qmail Server - Being used by spammers

Discussion in 'Plesk 9.x for Linux Issues, Fixes, How-To' started by Prasad Vadke, May 18, 2010.

  1. Prasad Vadke

    Prasad Vadke New Pleskian

    22
    57%
    Joined:
    Feb 24, 2009
    Messages:
    14
    Likes Received:
    0
    Hi,

    I am facing a very big issue since long time. I have a server running RHEL4 with Plesk 9.5.2 which is running Qmail as a mailserver. I have a valid mailbox created on the server & i configure the valid email account in my outlook express & send an email using smtp authentication & it works fine. Now say if i change my email address i.e mail from address as anything & in smtp authentication i use my valid email id & valid password & send email, it authenticates the qmail smtp server against my valid email id/password & sends the email with any from address & qmail server accepts it since it sees that the smtp authentication is done but it does not checks whether the mail from email address & authentication is the same.

    thousands of clients are using the qmail server & it happens like some of the computers are infected & the viruses in that computer sends the email via outlook but they set the from address as anything & authenticates the qmail server using the valid email account & the qmail server also accepts & send it.

    Is there any setting in Qmail that it should check that whenever a client is sending the email the mail from address & the authenticated email address is the same. If it finds the authentication email id & mail from email id as different, it should straightway reject it. Please help on this.
     
  2. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,572
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
    You can use DomainKeys spam protection system to sign outgoing e-mail messages.
     
  3. MarkF

    MarkF Guest

    0
     
    Hi,

    DomainKeys will not resolve this issue.

    I am having the same problem.

    Postfix has the ability to work-around this by using sender-restrictions but Qmail doesnt have this feature.

    I am running Plesk 8.6 (linux) and it seems that I cannot use postfix!

    Is there anything else I can do to solve this problem?
     
  4. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,572
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
    Why you still use this very old Plesk version? Why you can't perform upgrade to latest version?
     
  5. Prasad Vadke

    Prasad Vadke New Pleskian

    22
    57%
    Joined:
    Feb 24, 2009
    Messages:
    14
    Likes Received:
    0
    Hello,

    I am using the very latest verion of plesk i.e 9.5.2

    Domain keys or DKIM will just insert signatures in the email going out via the smtp & the same signatures needs to be published in DNS. This is done just for dkim or domain keys authentication. The problem which we are facing is related to smtp relay security in qmail server.

    Most of the modern mail servers comeup with an option to reject if the auth & the email address doesnot matches e.g Icewarp merak Mailserver which i am using in Windows Servers & it just works fantastic. No spam & enhanced security. I am waiting for Icewarp merak Mailserver support to come in Linux & shall change the mailserver immediately once plesk announces the support of this mail server on plesk. However would appreciate if anyone can give solution on this problem with Qmail Server running with Plesk.
     
  6. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,572
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
  7. MarkF

    MarkF Guest

    0
     
    We are using Plesk 8.6 because we are using CMail and Expand 2.2.4.

    We have not ugraded Plesk on Cmail because there is a problem with Expand and Plesk 9 (the mail menu does not work).

    Is there another way around this?
     
  8. mrfisho

    mrfisho Guest

    0
     
    I have the same problem. using the annoymous@domain.com to send. How do I stop this ? thoushands of emails being sent.

    seems to be the return path is annonymous@domain.com is there a way to stop that annonymous accepting the emails and just rejecting them ?
     
  9. Email Marketing

    Email Marketing Guest

    0
     

    All These people are totally absolutely wrong plain and simple. You really can't stop someone from changing the way there email is viewed when sending with qmail I believe. But this is not the problem. The problem is your users. Also first thing is first make sure you qmail server requires authentication to even send mail in the first place or require APOP login to send mail. This is where the user must login to the popserver before he is aloud to send email.

    Next you must implement FBL's for all the domains so you can actually track what email is getting marked as SPAM. FBL's are Feed Back Loops that you request through all postmasters. Some are:

    http://postmaster.aol.com
    http://postmaster.yahoo.com
    etc...

    Now what these FBL's do is when a user clicks the spam button on a received email then the FBL will in return notify you that a user has clicked the spam button and they should offer you the header of the original email. The only people I believe that do not are msn. By the header you can track where the original email came from usually can track who it was sent to and the originating IP. But you must do administrative work to catch this. You must sift through accounts watch the way bandwidth is used by the email server. Track the account using the most bandwidth and start from there. It's most likely a user or client and it's highly unlikely it's a virus. That virus sending emails thing can happen but those viruses would have already had your email servers totally absolutely black listed and your qmail servers emails would not make it to anyones inbox.
     
  10. Prasad Vadke

    Prasad Vadke New Pleskian

    22
    57%
    Joined:
    Feb 24, 2009
    Messages:
    14
    Likes Received:
    0
    Dear Email marketing,

    it seems you just post to forum's thread by searching here around. Do you have actual experience on this problem which we all are facing?? have you personally tested by changing email address in outlook & using valid email id/password in smtp authentication & sending email via qmail

    We have seen infected computers outlook express generating thousands of messages & sending emails via qmail which in turn causes a huge queue


    we have thoushands of email ids which are connected to server & few who are infected can cause lots of problem. If qmail qould have checked that the email address & the authentication is done of same email address then there was no question of posting a thread here & other people who are facing this problem are replying to it.
     
  11. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    This is not a perfect solution, but qmail-scanner does allow you to scan outbound messages from the server using spamassassin.
     
  12. Prasad Vadke

    Prasad Vadke New Pleskian

    22
    57%
    Joined:
    Feb 24, 2009
    Messages:
    14
    Likes Received:
    0
  13. 64bithost.com

    64bithost.com Regular Pleskian

    25
    57%
    Joined:
    Jul 30, 2007
    Messages:
    182
    Likes Received:
    0
    Plesk 8.6 -> Plesk 9.x


    Please upgrade to PLESK 9.x (current version) and then see if you are still having the same problem
     
Loading...