• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question non-existence users can send email

R

rout3rx

Basic Pleskian
hello
as a picture bellow i my plesk mail server, [email protected] could send email to existence users!
how can i block ?
in the picture bellow user : 2221 is not valid but can send email!

tempsnip.png

please help.
thanks
 
I assume that most people who read this are afraid to answer with a simple: There is not way, it cannot be done. Because there will be some way for sure, but it is probably complicated enough that comes close to a "it cannot be done".

Basically, an email sender can place anything she wants into the from field. At least the visible part. It is also possible to send emails with forged senders in the invisible part, because when email was invented, the inventors did not take all the criminals into account who are prone to abuse the Internet for their nasty stuff by the millions each day.

If you are receiving the mails from a local account (one that is located on the same server), I suggest to ask the user to stop or to leave. If you are receiving such mails from an external source, I recommend to use SPF lookup in the general mail settings to block all incoming mails that have no SPF record in their domains or an SPF record that does not match the sender's IP address. This will block most of such forged mails.
 
Unfortunately that will block most non-forged mails too as very many senders still don't have a SPF and/or DKIM record.

And blocking just mails where SPF fails (when you have a SPF record yourself) still doesn't help against this kind of abuse: While it would seem that it should block external senders from sending mail that appear to be from your domain, to pass SPF, it is enough for the sender information in that invisible part Peter mentioned (the "smtp envelope") to be acceptable by another domain's SPF settings.
 
You must log in or register to reply here.

Similar threads

A
Question Mail spam in my inbox
Replies
1
Views
569
nmdpa3
N
H
Question Send mail using a site Not hosted on Plesk.
Replies
8
Views
952
Kaspar@Plesk
Kaspar@Plesk
X
Question How To Setup Outgoing Only Mail
Replies
1
Views
197
scsa20
scsa20
sweetp
Resolved emails sent to non-existent addresses not being rejected
Replies
11
Views
862
Markus G.
M
J
Question Force same domain emails to use MX records
Replies
6
Views
1K
jenjohn
J
Back
Top