• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

SMTP: How do I protect my local domains from spammers?

L

LeandroG

Guest
Hi everyone,

I recently upgraded to Plesk 9.3 (though it was the solution) but now I'm facing an escalating spam problem...

As long the spammer knows an internal email account he can send emails to all internal email accounts without knowing any password (and I have the SMTP Authentication option activated)

Here is an example...
Code: 
telnet mail.domain.com 25
Trying aaa.bbb.ccc.ddd...
Connected to mail.domain.com.
Escape character is '^]'.
220 mail.domain.com ESMTP
HELO
250 mail.domain.com
MAIL FROM:<[email protected]>    
250 ok
RCPT TO:<[email protected]>
250 ok
DATA
354 go ahead
From:<[email protected]>
To:<[email protected]>
Subject: SPAMMER ATTACK!

SPAM TEXT

.
250 ok 1274302485 qp 21736

502 unimplemented (#5.5.1)
QUIT
221 mail.domain.com
Connection closed by foreign host.

And an email was received by the user2 account...

How can I protect my local domains from these attacks? Should I upgrade to 9.5 ?

Any help would be appreciated

TIA
Leandro
 
Hi IgorG,

Thanks for your quick answer.

I have the DomainKeys spam protection activated (both 'Allow signing outgoing mail' and 'Verify incoming mail')
But the SPF I didnt set, specially because I need to send emails when I'm on the road (thru smtps)... is there a good rule I can use for these cases?

But is this a qmail issue ? Or I have something wrong with my smtp authentication ?
I though is was enough to activate the smtp authentication...

Thanks
Leandro
 
Last edited by a moderator:
Hi,
I discovered the same problem as LeandroG some time ago and did play with SPF already.
But I must say SPF is not working correctly.
I have Plesk 9.2.3 on Linux Debian and have activated SPF spam protection.
SPF checking mode is set to 4 (Reject if resolves to softfail)
When I connect via telnet from my home computer and try to pretend sending email from address, whose domain name has SPF record with ~all at the end (so it should produce softfail), I still do receive an email and the header states Neutral for SPF check.
There are even more funny things...
Some domains don't have SPF. When I receive emails from such domains I have the following header in emails:
Received-SPF: none (no valid SPF record)
Spammers can easily use such domains to pass SPF check, so I added a SPF guess rule:
v=spf1 +a +mx -all
As you see it should hardfail if IP is not corresponding to A record in DNS or to MX record, but I still get emails. The only thing, which changed by adding this guess rule is that emails have Neutral header for SPF now.

Is there a fix/patch to change incorrect behavior of SPF in Plesk?
 
You must log in or register to reply here.

Similar threads

C
All emails i send are scoring high for spam.
Replies
1
Views
4K
CHD
C
H
Relay Problem!
Replies
0
Views
2K
[email protected]
H
T
backscatter problem..
Replies
1
Views
2K
Theodor
T
U
Spam sent by our server using SMTP AUTH
Replies
8
Views
5K
uweiss
U
Q
How do I make plesk deliver emails to the MX host for a domain if it is local.
Replies
12
Views
6K
btking
B
Back
Top