1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

How to "solve" Spam attack

Discussion in 'Plesk for Linux - 8.x and Older' started by j Zim, May 27, 2009.

  1. j Zim

    j Zim Guest

    0
     
    I'm running Plesk 8.6 on Suse 10.2 server. Every software like qmail are the one installed with Plesk and SpamAssasin is installed and is running.

    But... since yesterday, our mail server is receiving a huge amount of spam and it causes very big delay in message delivery. The queue is containing about 3000 messages.

    It looks like the normal filtering (spamassassin or list like sbl.spamhaus.org) is not working or cannot do the exprected filtering.

    Is the option "Switch on spam protection based on DNS blackhole list" with sbl.spamhaus.org ok?
    Is there a way to check the way the filtering is working?
    Is there another way to say tha qmail should NOT handle any messages comming from an ip address/range?

    Thanks in advance for your help.
    vc
     
  2. Nataliya Zagr

    Nataliya Zagr Regular Pleskian

    21
    87%
    Joined:
    Apr 14, 2009
    Messages:
    242
    Likes Received:
    0
  3. Sevenhelmets

    Sevenhelmets Guest

    0
     
    Hi there

    I'm a newbie to all of this, but I'm having the same problem.

    I have a VDS through Godaddy, which is currently (yes as we speak) being manipulated by a spammer to route spam via my SMTP server.
    For the moment I have shut down the SMTP server side of things, but messages keep stacking up in the "Preprocess" side of things. When I discovered the problem, there were in excess of 100,000 emails ready to go.

    In any case, I'm not a hugely tech savvy type of person, so I've had to go on a steep learning curve yesterday to try and figure out how to combat this problem. This meant learning how to use SSH with Putty, something I've never used before (always simply used Plesk side of things and FTP to setup sites).

    Anyway, I've looked through a lot of posts on this site, and I've managed to narrow it down to the article posted here:
    http://kb.odin.com/en/1711

    This is exactly the answer I need, as I have managed to look at the headers, and they say UID 48, so it's most likely a PHP script the spammer is using on one of my sites. Unfortunately I'm not very clued up on how to create a secure site, so this will make sense.

    In any case, I'm rambling.

    I just have one question: Can someone please explain to me in slightly more simple English HOW to follow the steps outlined in the link above?
    In particular, in step 1 it talks about creating a "script". How do I do this?

    Help would be greatly appreciated!!
     
  4. VladimirrV

    VladimirrV Guest

    0
     
    Sorry to tell you, but if you don't understand these instructions then you better don't touch anything. Hire someone that understands to do the job.
     
  5. sosbilisim

    sosbilisim Basic Pleskian

    26
    23%
    Joined:
    May 25, 2007
    Messages:
    55
    Likes Received:
    0
    #nano /var/qmail/bin/sendmail-wrapper

    paste in file this lines

    #!/bin/sh
    (echo X-Additional-Header: $PWD ;cat) | tee -a /var/tmp/mail.send|/var/qmail/bin/sendmail-qmail "$@"

    after ctrl + x (yes) to quit

    #chmod 755 /var/qmail/bin/sendmail-wrapper

    wrapper is ready
     
Loading...