• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Send spam from localhost

Creativados

Basic Pleskian
Sorry my English.

My server, execute Debian 7. Since few days my server send spam from unexiting account. Around few minuts its connect from localhost and send five or six emails and disconnect.

Block sender by postfix but follow try send emails
 

Attachments

  • 2017-10-11.png
    2017-10-11.png
    268.2 KB · Views: 13
Hi Creativados,

first, pls. have a look at:


Second, if you can't elimate the script, pls. consider to switch of sendmail usage at your server, untill you are able to eliminate the script on your server.

Third, pls. post your corresponding postfix - configuration, so that people willing to help you have the chance to investigate possible misconfigurations together with you.
 
Thanks.

No php script execute Postfix sender.

My config postfix is


# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/postfix_default.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = XXXXXXX
alias_maps = hash:/etc/aliases, hash:/var/spool/postfix/plesk/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost.XXXXXX, localhost
relayhost =
mynetworks = , 127.0.0.0/8, [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
virtual_mailbox_domains = $virtual_mailbox_maps, hash:/var/spool/postfix/plesk/virtual_domains
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual
virtual_mailbox_maps = , hash:/var/spool/postfix/plesk/vmailbox
transport_maps = , hash:/var/spool/postfix/plesk/transport
smtpd_tls_security_level = may
smtp_tls_security_level = may
smtp_use_tls = no
smtpd_timeout = 3600s
smtpd_proxy_timeout = 3600s
disable_vrfy_command = yes
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_rbl_client dnsbl.example.net, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org
smtp_send_xforward_command = yes
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
virtual_mailbox_base = /var/qmail/mailnames
virtual_uid_maps = static:30
virtual_gid_maps = static:31
smtpd_milters = inet:127.0.0.1:12768 inet:127.0.0.1:12345
sender_dependent_default_transport_maps = hash:/var/spool/postfix/plesk/sdd_transport_maps
virtual_transport = plesk_virtual
plesk_virtual_destination_recipient_limit = 1
mailman_destination_recipient_limit = 1
virtual_mailbox_limit = 0
smtpd_tls_protocols = TLSv1 TLSv1.1 TLSv1.2
smtpd_tls_ciphers = medium
smtpd_tls_exclude_ciphers = aNULL
smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = no
smtpd_tls_mandatory_protocols = TLSv1 TLSv1.1 TLSv1.2
message_size_limit = 26214400
smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_dh1024_param_file = /usr/local/psa/etc/dhkey.pem
non_smtpd_milters =
smtpd_tls_mandatory_ciphers = medium
tls_medium_cipherlist = HIGH:!aNULL:!MD5
milter_connect_macros = j {daemon_name} {client_connections} {client_addr} {client_ptr} v
milter_default_action = accept
 
Hi Creativados,

it is highly recommended to use:
Code:
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
... and pls. don't forget to use Fail2Ban, to be able to ban scripts/bots/... on your server.
 
Hi Creativados,

it is highly recommended to use:
Code:
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
... and pls. don't forget to use Fail2Ban, to be able to ban scripts/bots/... on your server.


Thanks add this options. Use Fail2Ban but conexion is localhost not ban this ip
 
Hi Creativados,

actually, the recipient "[email protected]" exists on your server, which leads to the fact, that you either created this eMail - address, or that you use additional configurations at "/etc/aliases" for example.
Code:
MAIL FROM:<[email protected]>
250 2.1.0 Ok
Sender is OK
RCPT TO:<[email protected]>
250 2.1.5 Ok
Recipient OK, email address proofed
QUIT
221 2.0.0 Bye

If you desire further help for an investigation of your eMail - sender on your server, pls. consider to ask for "Administrative Services" ( => Plesk Admin Services ) over a new Plesk Support ticket, as deeper investigations have to done, directly on your server.
 
Hi Creativados,

actually, the recipient "[email protected]" exists on your server, which leads to the fact, that you either created this eMail - address, or that you use additional configurations at "/etc/aliases" for example.
Code:
MAIL FROM:<[email protected]>
250 2.1.0 Ok
Sender is OK
RCPT TO:<[email protected]>
250 2.1.5 Ok
Recipient OK, email address proofed
QUIT
221 2.0.0 Bye

If you desire further help for an investigation of your eMail - sender on your server, pls. consider to ask for "Administrative Services" ( => Plesk Admin Services ) over a new Plesk Support ticket, as deeper investigations have to done, directly on your server.


Thanks, I create ticket
 
Back
Top