I am being plagued by unknown PHP scripts on infected domains that are sending spam out.
After finally having removed these scripts I want to prevent this from happening again.
My Plesk email settings are allready set at enable message submission (secure port 587 TLS and working fine with authentication) and authorisation required for SMTP relaying.
Also I am in the process of blocking PHP MAIL function on individual domains.
When I use TELNET to connect to my Plesk server over the internet I cannot relay to external domains without authenticating. So this is working fine.
However when CMS software like Prestashop or Joomla is used in one of the Plesk domains, they can set their emailfunction to SMTP port 25 and send mails OUT to EXTERNAL addresses without authenticating...
This is UNWANTED behavior.
So in short, I would like to block ALL UNAUTHENTICATED outgoing emails originating from within one of my Plesk domains.
Domain users should only be able to send mails when they authenticate with valid mailbox name and password.
How can I achieve this using Plesk 10.4.4?
Note:
When unauthenticated SMTP is used it shows "X-No-Auth: unauthenticated sender" in the email header.
So postfix does somehow note that the sender is not authenticated but however does not block sending.
After finally having removed these scripts I want to prevent this from happening again.
My Plesk email settings are allready set at enable message submission (secure port 587 TLS and working fine with authentication) and authorisation required for SMTP relaying.
Also I am in the process of blocking PHP MAIL function on individual domains.
When I use TELNET to connect to my Plesk server over the internet I cannot relay to external domains without authenticating. So this is working fine.
However when CMS software like Prestashop or Joomla is used in one of the Plesk domains, they can set their emailfunction to SMTP port 25 and send mails OUT to EXTERNAL addresses without authenticating...
This is UNWANTED behavior.
So in short, I would like to block ALL UNAUTHENTICATED outgoing emails originating from within one of my Plesk domains.
Domain users should only be able to send mails when they authenticate with valid mailbox name and password.
How can I achieve this using Plesk 10.4.4?
Note:
When unauthenticated SMTP is used it shows "X-No-Auth: unauthenticated sender" in the email header.
So postfix does somehow note that the sender is not authenticated but however does not block sending.
Last edited: