• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Server being used as Spam-Server?

C

Cepe

Guest
Hi,

since a few days now I get many emails with "Delivery Status Notification (Failure)" or "Mail delivery failed" and so - the sort of emails you get back, when you send emails to an non existing address.

Here is an example email:
Hi. This is the qmail-send program at members.cjhunter.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<[email protected]>:
Sorry, no mailbox here by that name. (#5.1.1)

--- Below this line is a copy of the message.

Return-Path: <[email protected]>
Received: (qmail 1650 invoked from network); 30 Apr 2008 21:05:56 -0000
Received: from unknown (HELO dsl-189-175-222-164.prod-infinitum.com.mx) (unknown)
by unknown with SMTP; 30 Apr 2008 21:05:56 -0000
Message-ID: <000601c8ab0e$02a58acd$72c37684@oghmqm>
From: "viarga cilais " <[email protected]>
To: <[email protected]>
Subject: 75% off for ofuthoreauezi
Date: Wed, 30 Apr 2008 20:19:38 +0000
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198

Hello, make a wise decision, purchase your drugs from the most reliable provider.
http://www.google.co.uk/pagead/iclk?sa=l&ai=ACQwec&num=98326&adurl=http://195.11.70.43/redir.html
Code #Q6kA
giuseppe endah
Click to expand...

I suspect someone is using my server to send spam.

SMTP authentication for relaying is set.

more /usr/local/psa/var/log/maillog | grep to=
more /usr/local/psa/var/log/maillog.bak | grep to=
does not contain any suspicious email adresses, only those I really sent emails to.

locate formmail.cgi, formmail.pl, FormMail.cgi, FormMail.pl does not return any results (in an other thread was said, that there was an exploit for these scripts).

I am using CentOS 5, Kernel version 2.6.18, and Plesk 8.3.
 
See if some one on your server is actually sending the spam, or using some one elses php form mail scripts to send email through your server.

http://kb.odin.com/en/1711

You can also make sure that relaying is disabled.
 
You must log in or register to reply here.

Similar threads

D
Issue Spoofed Emails Appearing as Sent from My Own Server Despite Correct SPF/DKIM/DMARC Configuration?
Replies
2
Views
615
drdna
D
R
Issue Problem Delivering Emails to Outlook/Hotmail Inbox (Ends up in Spam)
Replies
1
Views
5K
mow
M
petrosvw
Resolved Receiving spam from localhost
Replies
4
Views
4K
petrosvw
petrosvw
U
Question spam not checked by spamassassin
Replies
6
Views
2K
UweO
U
V
Issue E-mail - User IP being verified in RBL
Replies
2
Views
2K
ViaHosting
V
Back
Top