• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Question Lots of incoming spam with Plesk Email Security Pro 1.1.0

O

obendev

Basic Pleskian
Hey, we just uninstalled Plesk Email Security and upgraded / reinstalled Plesk Email Security Pro.
Now my customers get lots of spam and I can confirm this. For example: I've set a local Windows Email Server and I'm sending from a domain that has spf set to v=spf1 include:spf.protection.outlook.com -all and dmarc set to v=DMARC1; p=quarantine; pct=100, the MX is pointed to Outlook (Office 365) and still the Mail gets accepted.
This is the easiest email spoofing, how does Plesk Email Security not filter this?
Code: 
X-Virus-Scanned: Debian amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 1.405
X-Spam-Level: *
X-Spam-Status: No, score=1.405 tagged_above=-9999 required=3
    tests=[FSL_HELO_NON_FQDN_1=0.001, HELO_NO_DOMAIN=0.001,
    KHOP_HELO_FCRDNS=0.121, RDNS_DYNAMIC=0.363, SPF_FAIL=0.919]
    autolearn=no autolearn_force=no
Another line:
Code: 
Received-SPF: fail (plesk.server.tld: domain of sender.tld does not designate 1.1.1.1 as permitted sender) client-ip=1.1.1.1; [email protected]; helo=LUCA-PC;
Received: from [127.0.0.1] (Luca-PC [127.0.0.1])
    by LUCA-PC with ESMTPA
    ; Tue, 28 Jul 2020 09:54:41 +0200
I obviously censored the domains and IP addresses, I changed my external IP address in the example to 1.1.1.1.
 
Sorry but this is getting ridiculous, now I've made up another test where I've sent a Email from [email protected] (The domain sdfljhbsfduzgfsdzb.de has no A-, nor a MX-Record) and even this Email gets accepted. It is just unacceptable. The spam filter shouldn't let any mails through with a domain that has no A- or MX-Record set.
The whole EMail
Code: 
Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from plesk.server.tld (localhost.localdomain [127.0.0.1])
    by plesk.server.tld (Postfix) with ESMTP id 3FFF614A346E
    for <[email protected]>; Tue, 28 Jul 2020 10:14:27 +0200 (CEST)
Authentication-Results: plesk.server.tld;
    dmarc=none (p=NONE sp=NONE) smtp.from=sdfljhbsfduzgfsdzb.de header.from=sdfljhbsfduzgfsdzb.de;
    spf=pass (sender IP is 127.0.0.1) [email protected] smtp.helo=plesk.server.tld
Received-SPF: pass (plesk.server.tld: localhost is always allowed.) client-ip=127.0.0.1; [email protected]; helo=plesk.server.tld;
X-Virus-Scanned: Debian amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 1.366
X-Spam-Level: *
X-Spam-Status: No, score=1.366 tagged_above=-9999 required=3
    tests=[FROM_DOMAIN_NOVOWEL=0.5, FSL_HELO_NON_FQDN_1=0.001,
    HELO_NO_DOMAIN=0.001, KHOP_HELO_FCRDNS=0.121, NO_DNS_FOR_FROM=0.379,
    RDNS_DYNAMIC=0.363, SPF_NONE=0.001] autolearn=no autolearn_force=no
Received: from plesk.server.tld ([127.0.0.1])
    by plesk.server.tld (plesk.server.tld [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id ykYtNNLJEj_0 for <[email protected]>;
    Tue, 28 Jul 2020 10:14:18 +0200 (CEST)
Received: from LUCA-PC (ip-1.1.1.1.hsi16.unitymediagroup.de [1.1.1.1])
    by plesk.server.tld (Postfix) with ESMTPS id 2EC6014A346A
    for <[email protected]>; Tue, 28 Jul 2020 10:14:18 +0200 (CEST)
Received-SPF: none (plesk.server.tld: no valid SPF record)
Received: from [127.0.0.1] (Luca-PC [127.0.0.1])
    by LUCA-PC with ESMTPA
    ; Tue, 28 Jul 2020 10:14:16 +0200
To: [email protected]
From: Max Mustermann <[email protected]>
Subject: Eine normale Nachricht
Message-ID: <[email protected]>
Date: Tue, 28 Jul 2020 10:14:16 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.0.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
 
Hi!

SPF spam protection is a separate handler in Plesk. Please make sure to set the "Reject" option in "Tools & Settings" -> "Mail Server Settings" -> "SPF spam protection" -> "SPF checking mode":

1596190469916.png

We're working on improving the restrictions to stop such spam emails completely also directly via Plesk Email Security. Expect an update with the strict rules at the beginning of next week.

Cheers
 
You must log in or register to reply here.

Similar threads

E
Question Is multiple HELO registration possible?
Replies
2
Views
417
emrekoc
E
D
Issue Spoofed Emails Appearing as Sent from My Own Server Despite Correct SPF/DKIM/DMARC Configuration?
Replies
2
Views
1K
drdna
D
I
Issue Plesk email to gmail/outlook marked as spam.
Replies
14
Views
2K
iks
I
M
Resolved Plesk Email Security Pro: No access to individual Blacklist/Whitelist/Filter sensitivity - Button is Missing since
Replies
2
Views
630
mcac
M
W
Issue Mail forwarded on the server in the target mailbox is delivered to the SPAM folder
Replies
0
Views
301
W4ru
W
Back
Top