• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

How to "solve" Spam attack

J

j Zim

Guest
I'm running Plesk 8.6 on Suse 10.2 server. Every software like qmail are the one installed with Plesk and SpamAssasin is installed and is running.

But... since yesterday, our mail server is receiving a huge amount of spam and it causes very big delay in message delivery. The queue is containing about 3000 messages.

It looks like the normal filtering (spamassassin or list like sbl.spamhaus.org) is not working or cannot do the exprected filtering.

Is the option "Switch on spam protection based on DNS blackhole list" with sbl.spamhaus.org ok?
Is there a way to check the way the filtering is working?
Is there another way to say tha qmail should NOT handle any messages comming from an ip address/range?

Thanks in advance for your help.
vc
 
Hi there

I'm a newbie to all of this, but I'm having the same problem.

I have a VDS through Godaddy, which is currently (yes as we speak) being manipulated by a spammer to route spam via my SMTP server.
For the moment I have shut down the SMTP server side of things, but messages keep stacking up in the "Preprocess" side of things. When I discovered the problem, there were in excess of 100,000 emails ready to go.

In any case, I'm not a hugely tech savvy type of person, so I've had to go on a steep learning curve yesterday to try and figure out how to combat this problem. This meant learning how to use SSH with Putty, something I've never used before (always simply used Plesk side of things and FTP to setup sites).

Anyway, I've looked through a lot of posts on this site, and I've managed to narrow it down to the article posted here:
http://kb.odin.com/en/1711

This is exactly the answer I need, as I have managed to look at the headers, and they say UID 48, so it's most likely a PHP script the spammer is using on one of my sites. Unfortunately I'm not very clued up on how to create a secure site, so this will make sense.

In any case, I'm rambling.

I just have one question: Can someone please explain to me in slightly more simple English HOW to follow the steps outlined in the link above?
In particular, in step 1 it talks about creating a "script". How do I do this?

Help would be greatly appreciated!!
 
Sorry to tell you, but if you don't understand these instructions then you better don't touch anything. Hire someone that understands to do the job.
 
#nano /var/qmail/bin/sendmail-wrapper

paste in file this lines

#!/bin/sh
(echo X-Additional-Header: $PWD ;cat) | tee -a /var/tmp/mail.send|/var/qmail/bin/sendmail-qmail "$@"

after ctrl + x (yes) to quit

#chmod 755 /var/qmail/bin/sendmail-wrapper

wrapper is ready
 
You must log in or register to reply here.

Similar threads

D4NY
Issue Outgoing mail queue, how to find the source of the spam?
Replies
19
Views
3K
mow
M
P
Question How to add Email Header Check for less spam with Postfix and Spamassasin?
Replies
2
Views
4K
pleskify
P
S
Resolved Spamassassin - no scan is performed / x-spam missing in headers
Replies
2
Views
3K
Boris Ortega
B
P
Issue Spam Issue - Need Assistance
Replies
2
Views
2K
PleskyStuff
P
N
Question block .local (invalid) emails (spam issue)
Replies
2
Views
1K
Alberto Pizzarelli
Alberto Pizzarelli
Back
Top