• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

How to "solve" Spam attack

J

j Zim

Guest
I'm running Plesk 8.6 on Suse 10.2 server. Every software like qmail are the one installed with Plesk and SpamAssasin is installed and is running.

But... since yesterday, our mail server is receiving a huge amount of spam and it causes very big delay in message delivery. The queue is containing about 3000 messages.

It looks like the normal filtering (spamassassin or list like sbl.spamhaus.org) is not working or cannot do the exprected filtering.

Is the option "Switch on spam protection based on DNS blackhole list" with sbl.spamhaus.org ok?
Is there a way to check the way the filtering is working?
Is there another way to say tha qmail should NOT handle any messages comming from an ip address/range?

Thanks in advance for your help.
vc
 
Hi there

I'm a newbie to all of this, but I'm having the same problem.

I have a VDS through Godaddy, which is currently (yes as we speak) being manipulated by a spammer to route spam via my SMTP server.
For the moment I have shut down the SMTP server side of things, but messages keep stacking up in the "Preprocess" side of things. When I discovered the problem, there were in excess of 100,000 emails ready to go.

In any case, I'm not a hugely tech savvy type of person, so I've had to go on a steep learning curve yesterday to try and figure out how to combat this problem. This meant learning how to use SSH with Putty, something I've never used before (always simply used Plesk side of things and FTP to setup sites).

Anyway, I've looked through a lot of posts on this site, and I've managed to narrow it down to the article posted here:
http://kb.odin.com/en/1711

This is exactly the answer I need, as I have managed to look at the headers, and they say UID 48, so it's most likely a PHP script the spammer is using on one of my sites. Unfortunately I'm not very clued up on how to create a secure site, so this will make sense.

In any case, I'm rambling.

I just have one question: Can someone please explain to me in slightly more simple English HOW to follow the steps outlined in the link above?
In particular, in step 1 it talks about creating a "script". How do I do this?

Help would be greatly appreciated!!
 
Sorry to tell you, but if you don't understand these instructions then you better don't touch anything. Hire someone that understands to do the job.
 
#nano /var/qmail/bin/sendmail-wrapper

paste in file this lines

#!/bin/sh
(echo X-Additional-Header: $PWD ;cat) | tee -a /var/tmp/mail.send|/var/qmail/bin/sendmail-qmail "$@"

after ctrl + x (yes) to quit

#chmod 755 /var/qmail/bin/sendmail-wrapper

wrapper is ready
 
You must log in or register to reply here.

Similar threads

D4NY
Issue Outgoing mail queue, how to find the source of the spam?
Replies
19
Views
5K
mow
M
P
Question How to add Email Header Check for less spam with Postfix and Spamassasin?
Replies
2
Views
5K
pleskify
P
S
Resolved Spamassassin - no scan is performed / x-spam missing in headers
Replies
2
Views
3K
Boris Ortega
B
P
Issue Spam Issue - Need Assistance
Replies
2
Views
2K
PleskyStuff
P
N
Question block .local (invalid) emails (spam issue)
Replies
2
Views
2K
Alberto Pizzarelli
Alberto Pizzarelli
Back
Top