• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

PLESK 8.1.0 & QMail .. the OpenRelay Disaster

S

semthetic

Guest
Well, it is really the way uncool to egt waked up at 6 pm in the morning by your boss calling that one of our machines is sending massspam over nigth. Exactly this is what happned to me today and well yes it did not made me to have a lucky daystart.

I read a bit up on the net and as it seems the QMail going wild and becoming a OpenRelay problem seems to be not as uncommon as I thougth. After some checkups with Plesk I found out I can sqithc of relaying in the Plesk Backend but if I set it on with Auth options, these are ignore completly.

None of the solutions suggested in the common internet forums helped for me yet, most of them refered to xinet.d which I don't have. The machine I am refering to is a Debian Sarge box with Plesk 8.1.0 installed.

I hope I can find someone here to enligthen me with a solution for my problem.

The server is holding 50+ Customers and I can't even switch the qmail of without getting threwn to death with anoyed customers calling so ... I have no idea what is better, beeing spamlisted or beeing stoned by customers.
If you need any information I will happly provide you with it.

Thanks.
 
Nobody has any idea for me? I am still sitting in office and don't know any further...
 
I dont know if my problem is related or now, but just 2 weeks ago my datacenter said i was spamming, i logged into my plesk 8.01 and yes the box was spamming. I show down the qmail for 6 hours until it stopped, until now i could not find how the spammer did it. I looked every where, and the box is not cracked at all, someohow he used my server, i guess this was the same issue then. Glad that i found out now how he did it.
 
Originally posted by nibb
I dont know if my problem is related or now, but just 2 weeks ago my datacenter said i was spamming, i logged into my plesk 8.01 and yes the box was spamming. I show down the qmail for 6 hours until it stopped, until now i could not find how the spammer did it. I looked every where, and the box is not cracked at all, someohow he used my server, i guess this was the same issue then. Glad that i found out now how he did it.

Maybe there's an unsafe mail form on one of the sites on the box?
 
PHP has a history of not being able to track which users are sending out mail through the PHP mail function from the nobody user causing leaks in formmail scripts and malicious users to spam from your server without you knowing who or where. Please PM me for a link to a script to see who is doing it :) It works on the servers I have tested on it is actually not an issue caused by the control panel but php this answer is based on what information you have provided in this thread.

Thanks
 
Back
Top