• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Postfix not dropping spam

R

[email protected]

Guest
Hi,
I setup a new install of Plesk 9 about a month ago on a new server and restored from a bckup of our old Plesk 8.6 server. I configured plesk to use postfix.

It seems that some spammers are trying to use us as a relay, and postfix is putting the messages in the deferred queue. The mail queue in mail settings is filled with messages that look like this:



Received: from vmdy.yahoo.com.hk (vmdy.yahoo.com.hk [182.228.69.68]) by with Microsoft SMTPSVC(5.0.2195.6824);
Tue, 17 Feb 2009 23:27:57 +0600
Message-ID: <[email protected]>
Date: Tue, 17 Feb 2009 12:30:57 -0500
From: "¤èRock" <[email protected]>
Reply-To: "¤èJames" <[email protected]>
To: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], wsl2
[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: ¼ï¼z¦p^ÅS¨Å·w°Õ'
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="--NextPart_x6dcp_rf_wm_o1xhvx2ilf_bj3z"


If I run postsuper -r ALL I am told that anywhere between 30000 and 200000 messages have been requeued. Nagios is complaining that the server's SMTP seems to be flapping, I'm seeing postfix segfaults in dmesg, and my load averages are up in the 40s-50s. I've tried updating to Plesk 9.0.1 but the issue persists. How do I fix it?
 
I'm using postfix too, but but my complaint is about spam-hooks, which are not working.

As for you spam problem,

As for your provided log file, look at the top line:

Received: from vmdy.yahoo.com.hk (vmdy.yahoo.com.hk [182.228.69.68]) by with Microsoft SMTPSVC(5.0.2195.6824);
Why microsoft SMTP server is receiving these messages?
Check your main log files, look for message_id (opfifmjtrupgdevbyxibsuci.970092782549284083462887) to find where did you received it from exactly and why you received it (host is included in my_networks). If someone from you clients is flooding you with spam, just cut him off.

As for spam messages, add a DNS filtering, it will help alot. Go to Settings-> Mail Server Settings -> add checkbox on Switch on spam protection based on DNS blackhole lists and enter zen.spamhaus.org -> this should could down the incoming spam considerably.
 
it appears that the server is acting a bit like an open relay. When I telnet to the SMTP port, it allows me to attempt to deliver a message to a domain that does not exist on the server. For example:

HELO tsrv
250 plesk1
MAIL FROM:<[email protected]>
250 2.1.0 Ok
RCPT TO:<[email protected]>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
test message
.
250 2.0.0 Ok: queued as 4108F1E065B

it then appears to put the message into the deferred queue.
 
well, I suppose the problem is this your smtp_recipients_restrictions.
Post your postconf -n output
 
Never mind. The problem turned out to be that, in testing some load balancing software, one of my colleagues had set up a load balancer between this plesk box and another SMTP server on the same subnet. Postfix saw the connections as coming from the same subnet, which was set by plesk in the mynetworks field. Presto, instant open relay! It didn't even take 24 hours for the size of the deferred queue from undeliverable mail completely overwhelmed the server.
 
You must log in or register to reply here.
Back
Top