Question Prevent outbound spam from Plesk

[Mike99]

I am looking for best practices to prevent outbound spam on Plesk other than this article

Protection from Outbound Spam

If your hosting offerings include mail services, keep in mind that your mail server can be used for malicious purpose...

docs.plesk.com

Recently, one [email protected] on my server had a compromised password. About 400 e-mails were sent from this e-mail address, caused problems for all of my users. Big time delivery problems that make Plesk Mail server a vulnerable service.

What happened:

One of my email users got compromised password, someone or some script started sending e-mails from address that Plesk server does not even host to unspecified/random recipient list.

• I got into several RBLs because of one user from single domain
• E-mails of my clients started to be rejected by major providers
• My clients started calling the support number
• I took me few hours to identify the domain as e-mails were sent as from: external domain without specific link to domain/website/...
• After domain was isolated, I was not able to isolate a specific user with the problem, so I killed all 40 e-mail boxes of the problematic domain and made one client very angry.
  Note: Now I know that with some RBLs, killing whole domain saved me from days of delivery problems and reduced it to hours.
• In the meantime ISPs and mail providers blocked my IP even stricter, not just with RBL, emails started to get "Connection refused" in logs, I made all my clients very angry
• No checklist available from Plesk for this kind of stress situation.

What can I do to prevent outbound spam?

1. First of all I would like to forbid my Plesk/Postfix mail server to send e-mail from domains that are not even hosted, this needs to be fixed ASAP as a default measure.
2. I would like to disable e-mails that have 100+ recipients in TO/CC/BCC
3. I want to catch e-mails that are spam before they leave my server
4. What other proven methods do you have?

I would love your opinion on how you solve your outbound spam issues. What kind of tools you use - free/paid, what ever works. One compromised e-mail address makes your hosting services a joke.

 

[hschramm]

Hi Mike99,

plesk offers outbound limiting emails, but i build this my own to have more control and avoid using an expensive extension for this. there are extensions which provide such functionality. To build this you own you need a postfix milter service which you inject into postfix. a way to do this is amavis. have a look at Protect Mail Boxes against Spam and Viruses but you need to configure amavis to scan outgoing mails too.

 

[weltonw]

Mailchannels + Spam Experts are very very popular commercial outbound scanning relays. You could also consider running a separate relay. Postfix has smarthosts support so we just funnel everything to load-balanced external relays that handle filtering for outbound spam. Worst case, an IP gets RBL'ed, we take it offline temporarily and everything else chugs along. You get a lot more resiliency with a separate outbound server.

You can also look at rate limiting the max amount of emails per account.

#1 can be addresssed to some degree with reject_sender_login_mismatch

 

[Kaspar]

We use Spam Experts for most of our outbound email. Saved me quite a bit of headache for not having to manage an outbound server myself. Mind you, Spam Experts is not perfect. The false positieves are on the high side, which is annoying.

 

[brunoxing2004]

Hello,

I would like to know how to forbidden sending emails from domains that are not hosted on my Plesk system.

Someone, or something it's sending large amounts of email from my server from a Gmail domain, and I don't have a Gmail domain, as you could imagine.

It's there a way to do this?

 

[Monty]

You most likely have a compromised account on your system. Check your mail log files to figure out which account it is.
Start by reading here:

Many email messages are sent from PHP scripts on a Plesk server. How to find domains on which these scripts are running if Postfix is used?

Applicable to: Plesk for Linux Question Many email messages are being sent from PHP scripts on a server. How to find domains on which these scripts are running if Postfix is used? Answer Warning...

support.plesk.com

Also:

What are spam outbound protection recommendations on Plesk for Linux?

Applicable to: Plesk for Linux Question What are spam outbound protection general recommendations?How to prevent outbound spam? Answer Use SpamExperts Email Security or Plesk Email Security exte...

support.plesk.com

 

[mow]

You most likely have a compromised account on your system. Check your mail log files to figure out which account it is.

As it is impossible to detect a compromised mail user account a priori, it still would be immensely helpful to allow relaying only for domains assigned to the server or explicitly whitelisted.

 

[Cike76]

Mike99:

The FREE outbound mail limits have been on Plesk for quite some time...

You can set it ip on:
Tools & Settings >> Server-wide mail settings >> Turn on limitations on outgoing email messages
Then you set up limits per Mailbox and domain.

Using this you can limit the damage that a hacked account can do to your server ( and clients )
Got some hacked accounts stopped by this configuration over time on many servers. You just change the password on the offending account for another more robust, send the password to that client... and up you go... no problems again...
Ahhh! Dont forget to disable the php scripts to send mail. ( you may hace to setup smtp on some websites that really need to send mail ) That will avoid spam from that domain.