qmail threads

[swebs]

Is there any way or log to tell why so many "anonymous" emails are being gererated.

I see tons of qmail-remote threads that show [email protected] as the sender.

I do not want to allow this user to send and I want to try and track down how these are getting generated.

thanks in advance

 

[unika]

To protect the server, for example, you can remove 127.0.0.1 address from white list and remove /usr/sbin/sendmail so that
users have to send messages to remote addresses only by smtp and only with authorization and force your clients to customize
their scripts to use SMTP authorization, but it will affect a lot of free applications (which usually send messages through
system sendmail), for example it won't be possible to send messages to remote addresses through webmail.

Also try to use MAPS zones, spamassassin, blacklists, rejecting emails for non-existing users, update Plesk and configure SPF technology, etc.


http://kb.swsoft.com/en/766
http://kb.swsoft.com/article_22_766_en.html
http://kb.swsoft.com/en/1394
http://kb.swsoft.com/en/1038
http://kb.swsoft.com/en/1414

Also read "Setting Up Server-wide Black and White Lists"

ftp://download1.swsoft.com/Plesk/Plesk8.1/Doc/plesk-8.1-unix-administrators-guide/index.htm

 

[jwdick]

Below is a modification that someone posted months back. The only downside is that you need to do this for all of the domains.

In vhost.conf add this:

<Directory /usr/local/psa/home/vhosts/DOMAIN/httpdocs>
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fXXXX"
</Directory>

Change the path if you are not on FreeBSD.

the XXXX is a unique code that should be different for each domain

Once that has been done each mail sent by php will have a unique per domain code in the Return-Path: using a tool such as qmHandle to view the mailqueue you can see this return-path and consequently go straight to the hosting account and disable the relevant script