• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Outgoing Spam

V

vaarsn

New Pleskian
Recently I used cPanel to host my accounts. Because of cheap price for the Plesk I migrated most of them on it. I bought 3 VPS servers (Centos 6.6 and installed Plesk). There was no problem with cPanel but now I'm facing the problems with outgoing email on 3 my servers. Accident? I'm hosting totally different sites there (Magento, Wordpress etc.). Today I got the message from my datacenter that my servers are sending the spam. centos was installed and configured by me, Plesk was installed and configured by me as well. Also, I'm installed and configured CSF firewall, ClamAV and Maldet software. I had similar problems before with Plesk, since it looks like total hole for hackers. I asked a few my friends with a huge administering skills to help me. We configured everything, but no success. I'm using Postfix and Courier as well.

Thank you.
 
I did most of these settings. But what about this part "Web scripts for malicious mass mailing"? How can I detect the script which used to send spam?
I tried the next article: http://kb.odin.com/en/114845
But I can't detect exact folder location.
 
vaarsn said:
I did most of these settings. But what about this part "Web scripts for malicious mass mailing"? How can I detect the script which used to send spam?
I tried the next article: http://kb.odin.com/en/114845
But I can't detect exact folder location.
Click to expand...
@vaarsn I faced this problem before, and what I did, was disable any anauthorized SMTP communication from scripts that didn't auth successfully to a mail user. You can use WP plugins to allow them to connect to an SMTP server and send mail via SMTP. I'm sure Magento's case would be the same. That has saved me a few times from abuse reports. I've also used Outbound spam protection and have limited the amount of mail a user can send per hour, so I can notify the account's owner directly if something bad happens.
 
Is there any way how can I disable unauthorized SMTP connection via Plesk panel or I need to to that directly by editing Postfix's conf?
Also, how can I recognize script which sends unwanted email to kill it? And recognize how it was uploaded to the server.

Thanks
 
vaarsn said:
Is there any way how can I disable unauthorized SMTP connection via Plesk panel or I need to to that directly by editing Postfix's conf?
Also, how can I recognize script which sends unwanted email to kill it? And recognize how it was uploaded to the server.

Thanks
Click to expand...
I think that enabling Message Submission does what you want, though I am not so sure if it will disable scripts sending to port 25 completely. You'll have to notify your clients to update their scripts and mail software to send through port 587.
 
I'm not sure if this will help me, since Message Submission just enables port 587. How I'll tell malware scripts to send email through port 587 (which requires auth) but not through 25 port? :)
 
vaarsn said:
I'm not sure if this will help me, since Message Submission just enables port 587. How I'll tell malware scripts to send email through port 587 (which requires auth) but not through 25 port? :)
Click to expand...
The same way you tell your scripts to connect to the SMTP server, just change the port of your scripts from 25 to 587 and enter the respective account info (ie. username & password for the mail account used to send emails). In WP, you have to use a plugin to allow it to connect to an SMTP server, as WP doesn't have that feature implemented yet. Joomla, Magento, etc. should have the fields already present in the settings.
 
I understood that I need to change the scripts to tell them to use secured ports instead of 25. But what about malware scripts? They will continue to send spam unless I find them and destroy.
 
vaarsn said:
I understood that I need to change the scripts to tell them to use secured ports instead of 25. But what about malware scripts? They will continue to send spam unless I find them and destroy.
Click to expand...
After you change the port to your legitimate scripts, and implement an outbound antispam policy, you can easily detect which scripts and accounts still try to connect to port 25 and destroy them. I think this article may help you a bit more on the command line side of things: http://serverfault.com/questions/483650/how-to-find-which-script-on-my-server-is-sending-spam-emails.
 
You must log in or register to reply here.

Similar threads

W
Resolved Magento 2.4.2, Varnish in Docker and Getting 501 PURGE errors in NGINX
Replies
17
Views
3K
Peter Debik
P
W
  • Locked
Issue Magento 2, Docker and Varnish Working but Purge errors with 501
Replies
1
Views
892
Peter Debik
P
propz
Resolved Email Domain Blacklisting not working 100%
Replies
7
Views
2K
Kaspar
K
Dene Wilby
Resolved Upgrading my MariaDB. Issues.
Replies
8
Views
412
Dene Wilby
Dene Wilby
datea.services
Question Attempts to exceed outgoing limits: log of mails not sent
Replies
4
Views
1K
Peter Debik
P
Back
Top