• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue Problem with SPAM send from my server

G

G J K

New Pleskian
Hi

I have a Plesk 11.5 server running with Postfix. Somehow someone is managing to use my server to send spam. We have now been digging for day to see how we can stop this and how it is done.

The problem is that the headers of these mail do not reveal a lot of info.

Code: 
X-No-Auth: unauthenticated sender
X-No-Relay: not in my network
Received: from localdomain.com (host.server.net [127.0.0.1])
   by host.server.net (Postfix) with ESMTP id E93FF78185D
    for <[email protected]>; Sat, 24 Sep 2016 07:32:03 +0200 (WAST)
Date: Sat, 24 Sep 2016 05:32:03 +0000 (UTC)
From: localdomain <[email protected]>
To: [email protected]
Message-ID: <[email protected]>
Subject: FW:  howre you?
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="----=_Part_6022060_1414746959.1474695123552"
X-mailer: Mailer v1.0


The email is sent without authentication, the server is set to do authentication.
We are unable to tie these message to any specific domain or user account.

Can someone please assist to stop this spam attack?

Thanks
 
Looks like it could be a local PHP script that is being exploited. I would log all email requests coming from httpd or nginx.
 
You must log in or register to reply here.

Similar threads

W
Question Backup task notification email from PMMCli-Daemon always in Junk folder
Replies
14
Views
2K
Wolfgang Reidlinger
W
K
Question Mail not sended.
Replies
2
Views
822
klamort
K
L
Resolved Mails marked as Spam
Replies
6
Views
1K
tramvainqueur
tramvainqueur
D
Question Sendmail behaviour change after 18.0.55 Update 1
Replies
0
Views
579
davidweb
D
JogoVogo
Issue E-Mail Problem (Spam)
Replies
5
Views
988
JogoVogo
JogoVogo
Back
Top