• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Question mailenable - smtp spam

mudassar

Basic Pleskian
Server operating system version
windows server 2019
Plesk version and microupdate number
obsidian 18.0.47
Hi,

I have been notified by my server that there is a high level of spam being sent from my server. I have been investigating and in the mailenable logs there are thousands and thousands of emails sent and queued. They are all saying sent from smtp:[email protected]
The server has multiple domains and mail accounts and these messages seem to be coming from most of them.

I am taking this as my server has been compromised, and I have no idea what next step to take! I find it hard to believe that someone could guess the password to MOST of the mail accounts on my server.

Is there a specific log somewhere of which IP has logged in to which SMTP mailbox?

I could TRY and just block all of the IP's that are not known to me. That seems a bit futile though.
 
Hi @mudassar, have you seen this article? It could be a good starting point:

Also, I realize that you are on a Windows server. It is possible that the mails are sent from a virus on the system. This cannot be handled by Plesk, it is more a problem on the system itself. Instead, try to do a thorough check, maybe even get a 2nd opinion by a different scanner.
 
Back
Top