Facebook
Twitter-
Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
-
We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies! -
The BIND DNS server has already been deprecated and removed from Plesk for Windows.
If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release. -
The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.
Issue Plesk Spam Mail
- Thread starter PandoraT
- Start date
-
- Tags
- email plesk plesk onyx spam
Looks like your server is being abused to send spam. You most likely have a compromised account on your server or you configured your server as an open relay.
Check your mail log files and find out how those mails were sent (smtp? generated by a PHP script? etc.) and close the source of the spam.
Also check:
How to secure a Plesk server
Many email messages are sent from PHP scripts on a Plesk server. How to find domains on which these scripts are running if Postfix is used?
How to verify that the server is not acting as an open relay on Plesk?
Server sending spam from non-existing mailboxes
How to remove emails from the queue in Plesk
Check your mail log files and find out how those mails were sent (smtp? generated by a PHP script? etc.) and close the source of the spam.
Also check:
How to secure a Plesk server
Many email messages are sent from PHP scripts on a Plesk server. How to find domains on which these scripts are running if Postfix is used?
How to verify that the server is not acting as an open relay on Plesk?
Server sending spam from non-existing mailboxes
How to remove emails from the queue in Plesk
I had the problem some time ago as well. The cause was a gap in a Wordpress plugin which then sent e-mails via PHP. Here is a little reading:
Many email messages are sent from PHP scripts
Many email messages are sent from PHP scripts
GwenDragon
Basic Pleskian
Could be caused by:
- Hijacked mail user's accounts
- Broken/insecure form processed by PHP or other server-sided language
- Malware on server
- Infected PHP programs and/or PHP modules
- Insecure Wordpress or other CMS plugins
GwenDragon
Basic Pleskian
Example of such header
Code:
Received: by srv31221.example.tld (Postfix, from userid 10003)
id E2A1E810FD5; Sun, 27 Nov 2022 11:06:04 +0100 (CET)Thanks GwenDragon. There are no mailboxes for the domain. Emails hosted with gsuite. So no email account hacked. I’ve disabled the contact form and removed the plugin altogether. For the malware, insecure plugin or infected php scripts, what scanning service could i used to test any vulnerabilities?
I will post an extract from my email header next
I will post an extract from my email header next
Below an extract of the email header. From what I have gathered, the sender 51.15.81.111 is using my server to send out spam. What I still can't figure out is how, given I have disabled mail function, ban his IP and mail is not running on plesk for this domain. Anyone?
Authentication-results spf=softfail (sender IP is xx.xx.xxx.xx) smtp.mailfrom=hotmail.com; dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=getmedia78.jonathanbullock.com;compauth=fail reason=001
Received-spf
SoftFail (protection.outlook.com: domain of transitioning hotmail.com discourages use of xx.xx.xxx.xx as permitted sender)
softfail (myserver.com: transitioning domain of hotmail.com does not designate 51.15.81.111 as permitted sender) client-ip=51.15.81.111; envelope-from=[email protected]; helo=enterprise-ireland.com;
Authentication-results-original myserver.com; spf=softfail (sender IP is 51.15.81.111) smtp.mailfrom=[email protected] smtp.helo=enterprise-ireland.com
From Window Upgrade <[email protected]>
To [email protected]; [email protected]
Date Fri, 25 Nov 2022 14:42:22 +0000
Content-transfer-encoding quoted-printable
Content-type text/html; charset="UTF-8"
Message-id <1pdaiqo2q2fkzrz.RTjt65cji80ch9gnns3u0oZHLOVYTWMK@cx3o.wp-junkie.club>
X-incomingheadercount
8
13
62
Authentication-results spf=softfail (sender IP is xx.xx.xxx.xx) smtp.mailfrom=hotmail.com; dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=getmedia78.jonathanbullock.com;compauth=fail reason=001
Received-spf
SoftFail (protection.outlook.com: domain of transitioning hotmail.com discourages use of xx.xx.xxx.xx as permitted sender)
softfail (myserver.com: transitioning domain of hotmail.com does not designate 51.15.81.111 as permitted sender) client-ip=51.15.81.111; envelope-from=[email protected]; helo=enterprise-ireland.com;
Authentication-results-original myserver.com; spf=softfail (sender IP is 51.15.81.111) smtp.mailfrom=[email protected] smtp.helo=enterprise-ireland.com
From Window Upgrade <[email protected]>
To [email protected]; [email protected]
Date Fri, 25 Nov 2022 14:42:22 +0000
Content-transfer-encoding quoted-printable
Content-type text/html; charset="UTF-8"
Message-id <1pdaiqo2q2fkzrz.RTjt65cji80ch9gnns3u0oZHLOVYTWMK@cx3o.wp-junkie.club>
X-incomingheadercount
8
13
62
