• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Plesk, qmail, and backscatter spam

A

Angeltek

Guest
Hi,

I'm trying to resolve what seems to be a common problem in here... one of my clients has been told by their hosting company that their server is sending spam in the form of backscatter. The server is based on CentOS 5 (64bit kernel v2.6.18) and uses a Plesk-specific version of qmail (psa-qmail v1.03-cos5.build95100504.10) as part of Plesk Panel v9.5.2.

I've had a look through this forum and have found quite a lot of posts on the issue, but so far haven't seen a comprehensive list of fixes. I have followed the instructions in http://kb.odin.com/766 and enabled "Reject mail to nonexistent user" for all the mail domains. I have also ensured that there are no wildcard addresses for any of the domains.

Is there anything else I need to do?

In particular I note that http://spamlinks.net/prevent-secure-backscatter.htm#reject-qmail lists a number of qmail patches related to "rcptto". I have read http://kb.odin.com/en/1161 on how to apply Plesk-specific patches to the vanilla qmail source code, but can't find information on what these patches actually do and whether they already deal with rcptto.

Cheers
Dom.
 
Hi,

I also have the same problem with PLESK 9.5.4 and qmail on a SUSE 11.0 host. My e-mail configuration is also set to "reject not bounce", which should lead into a status 550 in the SMTP-dialog if the recipient doesn't exist.

I have done the following backscatter-tests with telnet on port 25 to reproduce the problem:

1.) domain of recipient is not configured on this host:
telnet myhost.domain.tld 25
Trying xxx.xxx.xxx...
Connected to myhost.domain.tld.
Escape character is '^]'.
220 myhost.domain.tld ESMTP
HELO random.work.local
250 myhost.domain.tld
MAIL FROM: [email protected]
250 ok
RCPT TO: [email protected]
553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1) ->>> correct answer

2.) domain of recipient is configured on this host, but does not exist
telnet myhost.domain.tld 25
Trying xxx.xxx.xxx...
Connected to myhost.domain.tld.
Escape character is '^]'.
220 myhost.domain.tld ESMTP
HELO random.work.local
250 myhost.domain.tld
MAIL FROM: [email protected]
250 ok
RCPT TO: [email protected]
550 sorry, no mailbox here by that name. (#5.7.17) ->>> correct answer

3.) domain-part is missing in RCPT TO:
telnet myhost.domain.tld 25
Trying xxx.xxx.xxx...
Connected to myhost.domain.tld.
Escape character is '^]'.
220 myhost.domain.tld ESMTP
HELO random.work.local
250 myhost.domain.tld
MAIL FROM: [email protected]
250 ok
RCPT TO:local_part_Test
250 ok ->>> this is a wrong answer
data
354 go ahead
This is a backscattering testmail
test
.
250 ok 1298565272 qp 10583 ->>> this is a wrong answer

You can see here that the last test was not successful.

The only solution for me now is to switch to postfix but any hint to this problem with qmail is appreciated.

Cheers
 
Last edited:
Same problem as you in a Plesk 9.5 environment, with no solutions.
 
Please click one of the Quick Reply icons in the posts above to activate Quick Reply.
 
You must log in or register to reply here.

Similar threads

Alex Presland
Issue Emails forwarded by Plesk fail DKIM checks with certain attachments
2
Replies
21
Views
2K
Alex Presland
Alex Presland
CobraArbok
Issue Mailboxes no longer receive mail and GMail puts mail in Spam.
Replies
17
Views
2K
CobraArbok
CobraArbok
T
Issue SMTPD No Auth from IP Issue
Replies
2
Views
1K
Tessxr
T
M
Question Prevent outbound spam from Plesk
Replies
7
Views
2K
Cike76
C
O
Forwarded to devs Weak Postfix security configuration
Replies
6
Views
2K
Viktor Vogel
Viktor Vogel
Back
Top