• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Please beaware of a breaking change in the REST API on the next Plesk release (18.0.62).
    Starting from Plesk Obsidian 18.0.62, requests to REST API containing the Content-Type header with a media-type directive other than “application/json” will result in the HTTP “415 Unsupported Media Type” client error response code. Read more here

Sending lots of spam from Plesk server

R

Richard_Markink

New Pleskian
Hello,

I have a Plesk v12.0.18_build1200140606.15 os_CentOS 6 server. using postfix
And Lots of spam is send from my server.
I tried: http://kb.odin.com/en/114845 but with no results.

on the moment the /var/log/maillog file is over 5,5GB
and the /var/log/maillog.processed is over 7,2GB and splitted into multiple .gz files

what can i do to find the source of the problem and stop it ?
 
Is this a daily log file size? Or don't you use logrotate on a daily basis for mail - logs?

What are the results from the suggestions at the KB - article ?
 
If i look in the /var/log/maillog file there are only records(16.000.000) from one day.

In the /var/tmp/mail.send i create in this articel remains empty. when i run
zgrep -c 'sasl_method=LOGIN' /usr/local/psa/var/log/maillog* then "1" is the only thing i see.

running
zgrep 'sasl_method=LOGIN' /usr/local/psa/var/log/maillog* | awk '{print $9}' | sort | uniq -c | sort -nr
results in:
1 sasl_username=[email protected]
this email adres is of a other admin who has sended a testmail.
 
Hello Richard_Markink,

you have a wait a while, before you can actually see results in the /var/tmp/mail.send file. You then should use the command:

grep X-Additional /var/tmp/mail.send | grep `cat /etc/psa/psa.conf | grep HTTPD_VHOSTS_D | sed -e 's/HTTPD_VHOSTS_D//' `

... for results.

If there are still no results in that newly created temp - mail.send - file, you will have to investigate the enormous log - file and paste some suspicious log - entries, in order to get some suggestions, how you might solve your issue.


You should as well investigate the domain - specific apache and nginx logs ( /var/www/vhosts/system/YOURDOMAIN_OR_SUBDOMAIN.COM/logs ) , in order to compair activities, which try to send mails over websites and/or scripts.
 
Last edited by a moderator:
I will try it again,

i have cleand the postfix log (have abackup) en flushed the que. no new mails are comming on the moment so i have to wait i think.
I checked the domain specific logs already. nothing abnormal find in here.

i will wait for the next hours and see what happens
 
You must log in or register to reply here.

Similar threads

Jan Bludau
Resolved Patch: Postfix - 37C3 - SMTP Smuggling – Spoofing E-Mails Worldwide
Replies
5
Views
1K
Peter Debik
P
dash
  • Sticky
Question Try our new tool to upgrade your old MariaDB server from Plesk UI
2 3
Replies
55
Views
7K
nissulya
N
D
Question Sendmail behaviour change after 18.0.55 Update 1
Replies
0
Views
647
davidweb
D
X
Resolved Plesk Extension: Plesk Email Security (Very Slow Delivery)
Replies
8
Views
6K
Kaspar@Plesk
Kaspar@Plesk
L
Resolved Mails marked as Spam
Replies
6
Views
1K
tramvainqueur
tramvainqueur
Back
Top