• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

How to Drop all opened SMTP connections?

D

dragnovich

Basic Pleskian
Hello I have some customers that their email accounts, where compromissed and are sending hundreds of emails per minute, so when this happens I need to "suspend the hole site" how ever the spamer email connection is "live", and it keeps sending emails EVEN IF I DELETE THE USER ACCOUNT, this is because once plesk grants the connection to a user, that connection is not dropped until the user drops it, this can take several minutes, even hours!. Mean while the spammer is happly sending emails.

Is there any way I can KILL all the opened STMP connections, forcing the users to relogin, and/or reducing the time the connection is keept open?

I try
/etc/init.d/qmail stop
(wait 1 minute)
/etc/init.d/qmail start

But did not drop the attackers connection, it just stopped sending emails in that period. I also try restarting the hole qmail service, how ever if I dont stoped and wait more than 5 minutes, it does not kill the connections. And in a production server I cant wait that ammount of time.

Any Ideas?

NOTES:
1) Changing the users email or password is not an option (I al ready did that), because their computers/networks are compromissed
2) Deleting the sites are also not an option
3) I just need to block the current compromised email/domain until the problem is fixed.

Regards
 
You must log in or register to reply here.

Similar threads

J
Resolved 25: Connection timed out - Almalinux 9.4 x86_64 | 18.0.61.1
Replies
2
Views
2K
josemanuuxd
J
ilogus
Resolved Incoming email DKIM issue
Replies
4
Views
566
ilogus
ilogus
E
Issue SMTP / connection dropped for one sender
Replies
5
Views
1K
Peter Debik
P
S
Issue Too many connections (Several plesk servers same problem in the last week)
Replies
8
Views
2K
SalvadorS
S
H
Issue DB query failed: SQLSTATE[HY000] [2002] Connection refused
2
Replies
26
Views
21K
Apparire
A
Back
Top