1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Q-Mail & SPAM

Discussion in 'Plesk for Linux - 8.x and Older' started by kevincam, Jul 22, 2005.

  1. kevincam

    kevincam Guest

    Hey... I've been dealing with a major problem concearning spam being sent from my server. Relaying has always been disabled and the logs don't really give you much information on where the e-mail originated..

    I supposed that the spam me be a php scripts or something that someone is using or is being exploited.

    the problem is I have over 75 domains in my system.. most of my clients aren't knowledgeable enough to write their own mailing routines....

    I figured that since outgoing mail is only enabled for the server.... why not have qmail check to make sure that there is a valid user in the FROM part of the header....

    I found a qmail patch called SPAMCONTROL at http://www.fehcom.de/qmail/spamcontrol.html

    this patch has a feature called LOCALMFCHECK where it checks the FROM header in the outgoing email and makes sure that the host is a domain that it hosts.... they call it a Reverse Split-Horizon Check....

    this qmail patch requires that you build qmail from the source to apply this patch....

    my question is does anyone know if you can apply patches and rebuild qmail from its source and it still work with Plesk?

    and to the plesk engineers I would kindly ask that you include this patch in the future version of plesk....

    and does anyone know another way to stop outgoing spam. I recently purchased spamassassin for plesk and it does not look like spamassassin is even checking outgoing email....

    Thank You...
  2. serial-thrilla

    serial-thrilla Guest

    to me, this isn't making much sense because you'd have to set up some kind of form/script that allows you to specify where you want the email to go to and the body of the message..

    are you sure it's a script being exploited or that your server is bouncing messages being sent to invalid accounts?

    if the latter is the case, then there's a "reject" option instead of bouncing.

    but then again, i'm only a novice. <shrugs>
  3. kevincam

    kevincam Guest

    you kind of missed the point.... I have a server with over 70 clients hosting on it.... I have no idea what they host on my server. its very trivial to sit there and go through every php file that someone uploads..... so my solution would be for the server not to send any mail out unless a domain that is hosted locally is in the header of the e-mail in the FROM field... anyone can modify the header of an e-mail in php code..... so with that kind of patch it would make sure that it is valid... I'd even like to see a valid local user patch...... this would stop spam e-mail from being sent from the server...
  4. superbock

    superbock Guest

    You can't use custom qmail with PSA. You can however use qmail-scanner, since even localhost sent messages (with php calling qmail's "sendmail") get queued for remote delivery. You can then implement a routine in qmail-scanner that does what you need. A bit of a hack though..
  5. kevincam

    kevincam Guest

    ok is there a special build of qmail-scanner that I need to work with PSA...

    and with qmail scanner is it possible to have it look in the HEADER of the E-Mail... not the origin but the Header and compare the FROM field to the rcpthosts file?
  6. superbock

    superbock Guest

    Use ART's qmail-scanner rpm (http://www.atomicrocketturtle.com).

    At some point you'll have the variable $returnpath, and then you can call custom routine.

    You can do a lot with qmail-scanner, it strips every e-mail completely.

    Beware, any slight mistake might break valid e-mail delivery!! Use non-production server for testing first.

    Also, make sure only mail originated from localhost is submitted to that check.. otherwise you can imagine the result..