Facebook
Twitter
LeonardChallis
New Pleskian
Hi,
I recently got an email from my VPS provider saying that a specific account on my Plesk-based VPS (11.0.9) was sending many spam emails. I contacted the user and it turns out they had been receiving thousands of rejected/bounced emails, which I confirmed. I immediately changed their password to something new and more secure - I figured this would stop the problems as it must have been a hacked account because the SMTP is set to only work authenticated.
This morning however I was told that the user received more of these emails. I disabled mail completely for this domain, for fear of having my server shut down. I suspect it's already blacklisted. However I then thought about the mail queue - maybe it was retrying ones still in the queue? I looked on this forum at some advice from IgorG with things like mailqueuemng. However...
[root@vps]# /usr/local/psa/admin/sbin/mailqueuemng -L
/usr/local/psa/admin/sbin/mailqueuemng: invalid option -- L
mailqueuemng did, however, list a lot of emails from the above user.
I then noted his other advice:
postsuper -d ALL
Which cleared out a few thousand remaining emails.
I am going to wait a while before reenabling the mail service for that domain, but my actual question is this: Can anyone suggest any more things I need to check/do to stop this happening again? I am no server expert but I'm happy on the command line if you want to send me any advice I can read up on.
Many thanks
I recently got an email from my VPS provider saying that a specific account on my Plesk-based VPS (11.0.9) was sending many spam emails. I contacted the user and it turns out they had been receiving thousands of rejected/bounced emails, which I confirmed. I immediately changed their password to something new and more secure - I figured this would stop the problems as it must have been a hacked account because the SMTP is set to only work authenticated.
This morning however I was told that the user received more of these emails. I disabled mail completely for this domain, for fear of having my server shut down. I suspect it's already blacklisted. However I then thought about the mail queue - maybe it was retrying ones still in the queue? I looked on this forum at some advice from IgorG with things like mailqueuemng. However...
[root@vps]# /usr/local/psa/admin/sbin/mailqueuemng -L
/usr/local/psa/admin/sbin/mailqueuemng: invalid option -- L
mailqueuemng did, however, list a lot of emails from the above user.
I then noted his other advice:
postsuper -d ALL
Which cleared out a few thousand remaining emails.
I am going to wait a while before reenabling the mail service for that domain, but my actual question is this: Can anyone suggest any more things I need to check/do to stop this happening again? I am no server expert but I'm happy on the command line if you want to send me any advice I can read up on.
Many thanks
