• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Server being used as Spam-Server?

C

Cepe

Guest
Hi,

since a few days now I get many emails with "Delivery Status Notification (Failure)" or "Mail delivery failed" and so - the sort of emails you get back, when you send emails to an non existing address.

Here is an example email:
Hi. This is the qmail-send program at members.cjhunter.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<[email protected]>:
Sorry, no mailbox here by that name. (#5.1.1)

--- Below this line is a copy of the message.

Return-Path: <[email protected]>
Received: (qmail 1650 invoked from network); 30 Apr 2008 21:05:56 -0000
Received: from unknown (HELO dsl-189-175-222-164.prod-infinitum.com.mx) (unknown)
by unknown with SMTP; 30 Apr 2008 21:05:56 -0000
Message-ID: <000601c8ab0e$02a58acd$72c37684@oghmqm>
From: "viarga cilais " <[email protected]>
To: <[email protected]>
Subject: 75% off for ofuthoreauezi
Date: Wed, 30 Apr 2008 20:19:38 +0000
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198

Hello, make a wise decision, purchase your drugs from the most reliable provider.
http://www.google.co.uk/pagead/iclk?sa=l&ai=ACQwec&num=98326&adurl=http://195.11.70.43/redir.html
Code #Q6kA
giuseppe endah
Click to expand...

I suspect someone is using my server to send spam.

SMTP authentication for relaying is set.

more /usr/local/psa/var/log/maillog | grep to=
more /usr/local/psa/var/log/maillog.bak | grep to=
does not contain any suspicious email adresses, only those I really sent emails to.

locate formmail.cgi, formmail.pl, FormMail.cgi, FormMail.pl does not return any results (in an other thread was said, that there was an exploit for these scripts).

I am using CentOS 5, Kernel version 2.6.18, and Plesk 8.3.
 
See if some one on your server is actually sending the spam, or using some one elses php form mail scripts to send email through your server.

http://kb.odin.com/en/1711

You can also make sure that relaying is disabled.
 
You must log in or register to reply here.

Similar threads

W
Issue Mail forwarded on the server in the target mailbox is delivered to the SPAM folder
Replies
0
Views
659
W4ru
W
D
Issue Spoofed Emails Appearing as Sent from My Own Server Despite Correct SPF/DKIM/DMARC Configuration?
Replies
2
Views
2K
drdna
D
M
Question Hackers are sending tons of mails
Replies
4
Views
1K
MrPleskLearner
M
L
Issue Spam-/Mailproblems
Replies
1
Views
1K
Peter Debik
P
L
Resolved Mails marked as Spam
Replies
6
Views
2K
tramvainqueur
tramvainqueur
Back
Top