1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Postfix not dropping spam

Discussion in 'Plesk 9.x for Linux Issues, Fixes, How-To' started by rjst01@iinet.net.au, Feb 9, 2009.

  1. Hi,
    I setup a new install of Plesk 9 about a month ago on a new server and restored from a bckup of our old Plesk 8.6 server. I configured plesk to use postfix.

    It seems that some spammers are trying to use us as a relay, and postfix is putting the messages in the deferred queue. The mail queue in mail settings is filled with messages that look like this:

    Received: from vmdy.yahoo.com.hk (vmdy.yahoo.com.hk []) by with Microsoft SMTPSVC(5.0.2195.6824);
    Tue, 17 Feb 2009 23:27:57 +0600
    Message-ID: <opfifmjtrupgdevbyxibsuci.970092782549284083462887@yahoo.com.hk>
    Date: Tue, 17 Feb 2009 12:30:57 -0500
    From: "¤èRock" <lblkgdiwjowgmq@yahoo.com.hk>
    Reply-To: "¤èJames" <lblkgdiwjowgmq@yahoo.com.hk>
    To: altis0439@yahoo.com.tw, wpjleo@yahoo.com.tw, aken@pchome.com.tw, iamterryliu@yahoo.com.tw, ope2005x@yahoo.com.tw, lan.liu0610@msa.hinet.net, wen-chin@datafab.com.tw, icprint3@yahoo.com.tw, gogosong2000@yahoo.com.tw, g221094690@yahoo.com.tw, wsl2
    33233@yahoo.com.tw, weiyangi@ms17.hinet.net, bwu0179@yahoo.com.tw, zll5927@yahoo.com.tw, q69211215@yahoo.com.tw, multicom@ksts.seed.net.tw, iamjeffrey1@yahoo.com.tw
    Subject: ¼ï¼z¦p^ÅS¨Å·w°Õ'
    Mime-Version: 1.0
    Content-Type: multipart/alternative;

    If I run postsuper -r ALL I am told that anywhere between 30000 and 200000 messages have been requeued. Nagios is complaining that the server's SMTP seems to be flapping, I'm seeing postfix segfaults in dmesg, and my load averages are up in the 40s-50s. I've tried updating to Plesk 9.0.1 but the issue persists. How do I fix it?
  2. ramuva

    ramuva Guest

    I'm using postfix too, but but my complaint is about spam-hooks, which are not working.

    As for you spam problem,

    As for your provided log file, look at the top line:

    Received: from vmdy.yahoo.com.hk (vmdy.yahoo.com.hk []) by with Microsoft SMTPSVC(5.0.2195.6824);
    Why microsoft SMTP server is receiving these messages?
    Check your main log files, look for message_id (opfifmjtrupgdevbyxibsuci.970092782549284083462887) to find where did you received it from exactly and why you received it (host is included in my_networks). If someone from you clients is flooding you with spam, just cut him off.

    As for spam messages, add a DNS filtering, it will help alot. Go to Settings-> Mail Server Settings -> add checkbox on Switch on spam protection based on DNS blackhole lists and enter zen.spamhaus.org -> this should could down the incoming spam considerably.
  3. it appears that the server is acting a bit like an open relay. When I telnet to the SMTP port, it allows me to attempt to deliver a message to a domain that does not exist on the server. For example:

    HELO tsrv
    250 plesk1
    MAIL FROM:<something@example.com>
    250 2.1.0 Ok
    RCPT TO:<Something-else@example.net>
    250 2.1.5 Ok
    354 End data with <CR><LF>.<CR><LF>
    test message
    250 2.0.0 Ok: queued as 4108F1E065B

    it then appears to put the message into the deferred queue.
  4. ramuva

    ramuva Guest

    well, I suppose the problem is this your smtp_recipients_restrictions.
    Post your postconf -n output
  5. Never mind. The problem turned out to be that, in testing some load balancing software, one of my colleagues had set up a load balancer between this plesk box and another SMTP server on the same subnet. Postfix saw the connections as coming from the same subnet, which was set by plesk in the mynetworks field. Presto, instant open relay! It didn't even take 24 hours for the size of the deferred queue from undeliverable mail completely overwhelmed the server.