• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Issue Postfix hacked - sending emails from non-existing accounts

F

Filipe Silva

Basic Pleskian
Hi.

Someone is sending emails from our company postfix using non-existing accounts. Luckly the spam filter is filtering some emails and are being sent only to our employes.

I have added this in /etc/postfix/main.cf :

"
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated, reject_sender_login_mismatch, reject_unauth_pipelining, reject_unknown_reverse_client_hostname, permit_mynetworks, reject_non_fqdn_sender, reject_invalid_hostname
"

But every time I found a solution in the next day the spammers find a workaround.

This is an example seen in the maillog:

"
Dec 21 10:48:09 vpsxxxxxxx postfix/smtpd[2936]: NOQUEUE: reject: RCPT from unknown[177.1.75.239]: 554 5.7.1 Service unavailable; Client host [177.1.75.239] blocked using bl.spamcop.net; Blocked - see SpamCop.net - Blocking List ( bl.spamcop.net ) from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[177.1.75.239]>
"
NOTE: I censored private information with: "ourdomain", "employeeX" and "vpsxxxxxxx"

I would appreciate any help,
Thanks.

EDIT: Just added "reject_unlisted_sender" to my "smtpd_sender_restrictions". Lets see how that goes. In the meanwhile I accept any feedback to improve the mail security.
 
Where do you derive that the mail is sent from the company postfix server? To me it looks rather as if mail is sent from an external source to recipients on your server.

What does it have to do with Plesk?
 
You must log in or register to reply here.

Similar threads

itexpertnow
Plesk failed to protect from email spoofing
Replies
1
Views
584
Kaspar
K
T
Issue SMTPD No Auth from IP Issue
Replies
2
Views
1K
Tessxr
T
P
Resolved Use PLESK/Postfix mailservice in combination with Office 365 - Problems sending mails to same domain (from local to office)
Replies
3
Views
3K
Jargon
J
F
Issue Amavis (10024: Connection refused) no transport
Replies
7
Views
14K
cambrantskv
C
T
Resolved send mails from non-existing account
Replies
2
Views
1K
Tobias Janzen
T
Back
Top