• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Plesk domains can submit emails through unauthenticated SMTP

T

TeunieP

Basic Pleskian
I am being plagued by unknown PHP scripts on infected domains that are sending spam out.
After finally having removed these scripts I want to prevent this from happening again.

My Plesk email settings are allready set at enable message submission (secure port 587 TLS and working fine with authentication) and authorisation required for SMTP relaying.
Also I am in the process of blocking PHP MAIL function on individual domains.

When I use TELNET to connect to my Plesk server over the internet I cannot relay to external domains without authenticating. So this is working fine.

However when CMS software like Prestashop or Joomla is used in one of the Plesk domains, they can set their emailfunction to SMTP port 25 and send mails OUT to EXTERNAL addresses without authenticating...
This is UNWANTED behavior.

So in short, I would like to block ALL UNAUTHENTICATED outgoing emails originating from within one of my Plesk domains.
Domain users should only be able to send mails when they authenticate with valid mailbox name and password.

How can I achieve this using Plesk 10.4.4?

Note:
When unauthenticated SMTP is used it shows "X-No-Auth: unauthenticated sender" in the email header.
So postfix does somehow note that the sender is not authenticated but however does not block sending.
 
Last edited:
Well, I removed "permit_mynetworks" for variable smtpd_recipient_restrictions in /etc/postfix/main.cf and restarted postfix.
This seems to have solved my issue.
Now unauthenticated SMTP can only send to domains residing within the Plesk server and relaying to outside email domains is prohibited.

Also added to main.cf for security reasons (for anyone interested;
smtpd_client_connection_count_limit = 20
smtpd_sasl_authenticated_header = yes
maximal_queue_lifetime = 1d

Now I only have to find a way to block sendmail php scripts...
 
You must log in or register to reply here.

Similar threads

carlsson
Resolved Outgoing administrator mail not authorized [missing SPF record in sender domain]
Replies
11
Views
1K
rkbonatto
rkbonatto
A
Issue DKIM and DMARC issue, emails not sending
Replies
4
Views
530
danami
danami
F
Resolved System mails (MAILER-DAEMON) Undelivered Mail Returned to Sender
Replies
6
Views
364
fvrk4n
F
B
Resolved Change email address for notifications
Replies
4
Views
940
Peter Debik
P
A
Question Disable local mail delivery
Replies
3
Views
252
Kaspar
K
Back
Top