• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

How to fight SMTP relaying

A

Artur

Guest
We had a customer sign up and appear to be completely normal, signed up for a normal account, paid in a normal way and behaved completely fine. However, there was an immense amount of spam complaints coming in and I finally broke down and decided to track who is to blame.

The headers suggested that it was a legitimate message that was being relayed through our server, so, here is the command I used to see who is connecting to SMTP:

cat /var/log/secure*|grep smtp|awk -F: '{print $5}'|sed 's/^.*from=//; s/\.[0-9]\{1,3\}$//;'|sort|uniq -c|sed 's/^ *//;'|sort -gnr|more

Then I confirmed in /var/log/messages which website user is authenticating with the top hitting ip addresses and cancel their account.
 
What is actually causing and smtp pid..... in /var/log/messages.. one IP occured over 15000 times, but I couldn't find it in /var/log/messages and no trace in /usr/local/psa/var/log/messages or any other file..

so..what is causing those pids?


EDIT:
Actually noticed that if I
PHP:
telnet my_server.com 25

I got a pid in secure log.. does this mean that someone is trying to relay, but doesn't get trough?
 
Back
Top