• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Q-Mail & SPAM

K

kevincam

Guest
Hey... I've been dealing with a major problem concearning spam being sent from my server. Relaying has always been disabled and the logs don't really give you much information on where the e-mail originated..

I supposed that the spam me be a php scripts or something that someone is using or is being exploited.

the problem is I have over 75 domains in my system.. most of my clients aren't knowledgeable enough to write their own mailing routines....


I figured that since outgoing mail is only enabled for the server.... why not have qmail check to make sure that there is a valid user in the FROM part of the header....

I found a qmail patch called SPAMCONTROL at http://www.fehcom.de/qmail/spamcontrol.html

this patch has a feature called LOCALMFCHECK where it checks the FROM header in the outgoing email and makes sure that the host is a domain that it hosts.... they call it a Reverse Split-Horizon Check....

this qmail patch requires that you build qmail from the source to apply this patch....

my question is does anyone know if you can apply patches and rebuild qmail from its source and it still work with Plesk?

and to the plesk engineers I would kindly ask that you include this patch in the future version of plesk....

and does anyone know another way to stop outgoing spam. I recently purchased spamassassin for plesk and it does not look like spamassassin is even checking outgoing email....

Thank You...
 
to me, this isn't making much sense because you'd have to set up some kind of form/script that allows you to specify where you want the email to go to and the body of the message..

are you sure it's a script being exploited or that your server is bouncing messages being sent to invalid accounts?

if the latter is the case, then there's a "reject" option instead of bouncing.

but then again, i'm only a novice. <shrugs>
 
Originally posted by serial-thrilla
to me, this isn't making much sense because you'd have to set up some kind of form/script that allows you to specify where you want the email to go to and the body of the message..

are you sure it's a script being exploited or that your server is bouncing messages being sent to invalid accounts?

if the latter is the case, then there's a "reject" option instead of bouncing.

but then again, i'm only a novice. <shrugs>
Click to expand...

you kind of missed the point.... I have a server with over 70 clients hosting on it.... I have no idea what they host on my server. its very trivial to sit there and go through every php file that someone uploads..... so my solution would be for the server not to send any mail out unless a domain that is hosted locally is in the header of the e-mail in the FROM field... anyone can modify the header of an e-mail in php code..... so with that kind of patch it would make sure that it is valid... I'd even like to see a valid local user patch...... this would stop spam e-mail from being sent from the server...
 
You can't use custom qmail with PSA. You can however use qmail-scanner, since even localhost sent messages (with php calling qmail's "sendmail") get queued for remote delivery. You can then implement a routine in qmail-scanner that does what you need. A bit of a hack though..
 
Originally posted by superbock
You can't use custom qmail with PSA. You can however use qmail-scanner, since even localhost sent messages (with php calling qmail's "sendmail") get queued for remote delivery. You can then implement a routine in qmail-scanner that does what you need. A bit of a hack though..
Click to expand...

ok is there a special build of qmail-scanner that I need to work with PSA...

and with qmail scanner is it possible to have it look in the HEADER of the E-Mail... not the origin but the Header and compare the FROM field to the rcpthosts file?
 
Use ART's qmail-scanner rpm (http://www.atomicrocketturtle.com).

At some point you'll have the variable $returnpath, and then you can call custom routine.

You can do a lot with qmail-scanner, it strips every e-mail completely.

Beware, any slight mistake might break valid e-mail delivery!! Use non-production server for testing first.

Also, make sure only mail originated from localhost is submitted to that check.. otherwise you can imagine the result..
 
You must log in or register to reply here.

Similar threads

Jan Bludau
Resolved Patch: Postfix - 37C3 - SMTP Smuggling – Spoofing E-Mails Worldwide
Replies
5
Views
1K
Peter Debik
P
DataPacket
Resolved Spamassassin - No DNS Functions
Replies
2
Views
603
DataPacket
DataPacket
K
Issue Message is regarded as spam (but isn't spam) and then the spam report is regarded as spam
Replies
3
Views
866
Kaspar
K
propz
Resolved Email Domain Blacklisting not working 100%
Replies
7
Views
919
Kaspar
K
datea.services
Question Attempts to exceed outgoing limits: log of mails not sent
Replies
4
Views
528
Peter Debik
P
Back
Top