• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Outgoing Spam

vaarsn

New Pleskian
Recently I used cPanel to host my accounts. Because of cheap price for the Plesk I migrated most of them on it. I bought 3 VPS servers (Centos 6.6 and installed Plesk). There was no problem with cPanel but now I'm facing the problems with outgoing email on 3 my servers. Accident? I'm hosting totally different sites there (Magento, Wordpress etc.). Today I got the message from my datacenter that my servers are sending the spam. centos was installed and configured by me, Plesk was installed and configured by me as well. Also, I'm installed and configured CSF firewall, ClamAV and Maldet software. I had similar problems before with Plesk, since it looks like total hole for hackers. I asked a few my friends with a huge administering skills to help me. We configured everything, but no success. I'm using Postfix and Courier as well.

Thank you.
 
I did most of these settings. But what about this part "Web scripts for malicious mass mailing"? How can I detect the script which used to send spam?
I tried the next article: http://kb.odin.com/en/114845
But I can't detect exact folder location.
 
I did most of these settings. But what about this part "Web scripts for malicious mass mailing"? How can I detect the script which used to send spam?
I tried the next article: http://kb.odin.com/en/114845
But I can't detect exact folder location.
@vaarsn I faced this problem before, and what I did, was disable any anauthorized SMTP communication from scripts that didn't auth successfully to a mail user. You can use WP plugins to allow them to connect to an SMTP server and send mail via SMTP. I'm sure Magento's case would be the same. That has saved me a few times from abuse reports. I've also used Outbound spam protection and have limited the amount of mail a user can send per hour, so I can notify the account's owner directly if something bad happens.
 
Is there any way how can I disable unauthorized SMTP connection via Plesk panel or I need to to that directly by editing Postfix's conf?
Also, how can I recognize script which sends unwanted email to kill it? And recognize how it was uploaded to the server.

Thanks
 
Is there any way how can I disable unauthorized SMTP connection via Plesk panel or I need to to that directly by editing Postfix's conf?
Also, how can I recognize script which sends unwanted email to kill it? And recognize how it was uploaded to the server.

Thanks
I think that enabling Message Submission does what you want, though I am not so sure if it will disable scripts sending to port 25 completely. You'll have to notify your clients to update their scripts and mail software to send through port 587.
 
I'm not sure if this will help me, since Message Submission just enables port 587. How I'll tell malware scripts to send email through port 587 (which requires auth) but not through 25 port? :)
 
I'm not sure if this will help me, since Message Submission just enables port 587. How I'll tell malware scripts to send email through port 587 (which requires auth) but not through 25 port? :)
The same way you tell your scripts to connect to the SMTP server, just change the port of your scripts from 25 to 587 and enter the respective account info (ie. username & password for the mail account used to send emails). In WP, you have to use a plugin to allow it to connect to an SMTP server, as WP doesn't have that feature implemented yet. Joomla, Magento, etc. should have the fields already present in the settings.
 
I understood that I need to change the scripts to tell them to use secured ports instead of 25. But what about malware scripts? They will continue to send spam unless I find them and destroy.
 
I understood that I need to change the scripts to tell them to use secured ports instead of 25. But what about malware scripts? They will continue to send spam unless I find them and destroy.
After you change the port to your legitimate scripts, and implement an outbound antispam policy, you can easily detect which scripts and accounts still try to connect to port 25 and destroy them. I think this article may help you a bit more on the command line side of things: http://serverfault.com/questions/483650/how-to-find-which-script-on-my-server-is-sending-spam-emails.
 
Back
Top