• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.

POSTFIX appears to allow sending mail without full login - sasl_method=PLAIN

M

Mick Froggatt

New Pleskian
Hi

Odd one, I've checked the server on mxtoolbox for it being a open relay, and it reports that it isn't, but I'm having issues with the server 'sending' spam.

The spam is coming from logins which show in the maillog as

Sep 30 16:10:43 myserver postfix/smtpd[18348]: 3E944BE0A0D: client=unknown[187.213.216.53], sasl_method=PLAIN, [email protected]
Sep 30 16:11:09 myserverpostfix/smtpd[18348]: 4392DBE09F6: client=unknown[187.213.216.53], sasl_method=PLAIN, [email protected]
Sep 30 16:11:23 myserverpostfix/smtpd[18348]: 8F668BE0A0D: client=unknown[187.213.216.53], sasl_method=PLAIN, [email protected]
Sep 30 16:11:38 myserverpostfix/smtpd[18348]: A9964BE0A25: client=unknown[187.213.216.53], sasl_method=PLAIN, [email protected]
Sep 30 16:11:58 myserverpostfix/smtpd[18348]: E0F7FBE0A3A: client=unknown[187.213.216.53], sasl_method=PLAIN, [email protected]

etc etc (various IP addresses)

[email protected] is a genuine user on the server, however, I have reset the password on the account (but not told anyone) and the logins still appear. This is doing my nut

Whats the difference between sasl_method=PLAIN and sasl_method=LOGIN, as I can see the LOGIN method for most genuine emails passing though the logs.

Mick
 
You must log in or register to reply here.

Similar threads

wakabayashi
Resolved Fail2Ban - Postfix not working for SASL (bug?)
Replies
4
Views
2K
mizar
mizar
EnriqueR
Question Incoming mail is stored in Junk folder
Replies
6
Views
1K
EnriqueR
EnriqueR
Bitpalast
Forwarded to devs Spamassassin ignores mails to mailboxes that contain an ampersand, e.g. d&[email protected]
Replies
9
Views
2K
Bitpalast
Bitpalast
M
Question Unable to send mail (postfix)
Replies
0
Views
1K
Manuxy
M
W
Issue Mail forwarded on the server in the target mailbox is delivered to the SPAM folder
Replies
0
Views
551
W4ru
W
Back
Top