• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

"failure notice" spam after upgrade to 9.0.0

I

intelitech

Guest
I am getting 30-50 "failure notice" spam messages a day after upgrade to Plesk 9.0.0 on CentOS 5.

Message looks like this:

---------------------------------------------------------
Hi. This is the qmail-send program at server.mydomain.net.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<[email protected]>:

--- Below this line is a copy of the message.

---------------------------------------------------------

The mail log looks like:

Dec 14 16:33:08 server relaylock: /var/qmail/bin/relaylock: mail from 213.222.51.114:2182 (inet.kirov.net)
Dec 14 16:33:10 server qmail-queue-handlers[13861]: Handlers Filter before-queue for qmail started ...
Dec 14 16:33:10 server qmail-queue-handlers[13861]: [email protected]
Dec 14 16:33:10 server qmail-queue-handlers[13861]: [email protected]


Other accounts are getting the same messages with spam in the body. From "me (customer email)" to "me (customer email)" - same failure notice.
There is no relay. Had no issues before upgrade.


Thank you for assistance and advise in resolving this issue.
 
The problem is actually with the way plesk handles spam messages. If the message is above the threshold for being a spam and you want to delete it, it actually creates a message in /usr/local/psa/handlers/spool and then sends out a rejection notice.

I have not found a fix as of yet as they have recompiled most the handlers for plesk and messed a whole bunch of things up. You would think they would test this stuff before they put the software out.
 
Thanks 247trader,

What if the mail is switched to postfix?
Should it resolve the issue or will it give me more grief?
 
intelitech said:
Thanks 247trader,

What if the mail is switched to postfix?
Should it resolve the issue or will it give me more grief?
Click to expand...

The MTA is not the problem. Qmail works great and I have used it for many years without issue. It is the hooks that plesk uses to make spamassassin, virus protection, spf, domain-keys, etc work. They have completely changed it in 9.0.0.

So just sit tight and wait until they patch it or I get the source and fix it myself.
 
247trader said:
So just sit tight and wait until they patch it or I get the source and fix it myself.
Click to expand...

I wish I could tell that to my customers that think they are being hacked and hijacked.
I got a dozen of complaints already. Thanks Plesk.
 
intelitech said:
I wish I could tell that to my customers that think they are being hacked and hijacked.
I got a dozen of complaints already. Thanks Plesk.
Click to expand...

I have a call into swsoft right now and I am waiting for the download location for the patches they used to build the current system. As soon as I get them and see where they have screwed it up I will let you know.
 
So here is the latest. I have talked to support and they know it is a bug. We are waiting on developers to fix it and release a patch along with the original Qmail patches they used to compile the system. I am waiting for them to tell me the ETS for this.

For now this is all I have.
 
Hello all..

same problem for me, CentOS 5 on plesk 9.

i'm use qmail+spamassassin+domain key+spf
1. all mail password changed,
2. full virus scan on my machine,
3. mail setting nonexitent mail reject,
4. test open relay ok no problem. no open relay.
5. test full dns report on intodns.com all report: OK no problem (green)
6. i have rdns all domains.
7. after i changed my hostname.
8. after i check rootkit, and the other..
My plesk panel and centos 5.2 : up to date.

But i am getting "failure notice" spam messages....

After installed postfix, using postfix...

but i am getting "failure notice" spam messages....

Please help me...
note: sorry my english language not enought. :(
 
lavinya said:
Hello all..

same problem for me, CentOS 5 on plesk 9.

i'm use qmail+spamassassin+domain key+spf
1. all mail password changed,
2. full virus scan on my machine,
3. mail setting nonexitent mail reject,
4. test open relay ok no problem. no open relay.
5. test full dns report on intodns.com all report: OK no problem (green)
6. i have rdns all domains.
7. after i changed my hostname.
8. after i check rootkit, and the other..
My plesk panel and centos 5.2 : up to date.

But i am getting "failure notice" spam messages....

After installed postfix, using postfix...

but i am getting "failure notice" spam messages....

Please help me...
note: sorry my english language not enought. :(
Click to expand...

This will be fixed with the hotfix coming out. Just hang tight for a them to produce it.
 
lavinya said:
247trader thanks for reply. :)

But fix where? this problem very importance! :(
Click to expand...

The fix is part of spamassassin. The code to correct it is compiled so you can not fix it without parallels sending the patch. You are just going to have to put up with the messages until they release it.
 
plesk sending out replies to spam mails

i think the 'failure notices' are only one symptom of the problem occuring only if forged from adress exists on the system.

what's worse is that plesk does not delete detected spam mails if user has choosen this, but instead sends a failure notice for each and every spam mail it receives on accounts with this setting.

you can try yourself by sending an GTUBE test mail (http://spamassassin.apache.org/gtube/) from outside.

though i can imagine this to be useful to avoid liability for deleting false positives, in fact in only produces lots of useless spam sent to forged sender-adresses.

is there any switch to stop this behaviour?
 
azur99 said:
i think the 'failure notices' are only one symptom of the problem occuring only if forged from adress exists on the system.

what's worse is that plesk does not delete detected spam mails if user has choosen this, but instead sends a failure notice for each and every spam mail it receives on accounts with this setting.

you can try yourself by sending an GTUBE test mail (http://spamassassin.apache.org/gtube/) from outside.

though i can imagine this to be useful to avoid liability for deleting false positives, in fact in only produces lots of useless spam sent to forged sender-adresses.

is there any switch to stop this behaviour?
Click to expand...

This is the whole problem and it is what we are waiting on Parallels to send us the fix for.
 
Today I noticed an update downloaded for SpamAssassin. The date changed to 12/21 for /usr/local/psa/handlers/hooks/spam file. Is it going to resolve the issue? Where can I find the changelog for the update. Thanks.
 
Is this suppiosedly fixed in the 9.0.0.2 patch they have released?

I use qmail-scanner and clamav and when I install the "patched" qmail it breaks qmail-scanner and you can't get it to install.

Everything seems to be working fine except for the To:[email protected] Fm:[email protected] Spam issue.
 
You must log in or register to reply here.

Similar threads

P
Issue Notification emails from psaadm when checking for updates are being blocked.
Replies
2
Views
2K
pick3pro
P
D
Issue Server is sending spam
Replies
5
Views
4K
Bitpalast
Bitpalast
T
Issue SpamAssassin is not scanning server-wide
Replies
2
Views
1K
japjay
J
M
Question Spamtrap detected from my IP – no spam sent in logs, only NOQUEUE relay responses...
Replies
0
Views
872
mnightingale
M
stevland
Issue qmail failure notices from Sender: #@[]
Replies
7
Views
2K
stevland
stevland
Back
Top