• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

SMTP server requires no authentication, huge issue!

F

f6n5i4qweuf

New Pleskian
Hi everybody

Today I found an incredible huge security issue with my Plesk 11.5.30 and postfix installation. I received a bunch of spam messages from my domain today and so I tested my SMTP server:

Code: 
Connected to localhost.
Escape character is '^]'.
220 domain.here ESMTP Postfix (Debian/GNU)
helo domain.here
250 domain.here
mail from: [email protected]
250 2.1.0 Ok
rcpt to: ***@gmail.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
oh my god why does this work?
.
250 2.0.0 Ok: queued as 2F25C18218B3
quit
221 2.0.0 Bye

A couple of seconds later, I received this message in gmail. Completely stunned I checked the settings but they seem to be okay:

mail.png

To me this means, everybody who installs plesk and postfix automatically has a server that will be sending spam as soon as it's discovered. For me it took 8 days before it started sending spam.
Please help me and everybody else with this issue to resolve it. I just can not believe that this is default setting for plesk. UNBELIEVABLE!

Thank you!
 
Just remove loopback (or just all) addresses from the "White List" tab on "Server-Wide Mail Settings" page. It wouldn't save you from spam though (because there's also sendmail), you need to find its source instead.
 
Just to amplify on what Nikolay is saying.....

For your test, you connected locally. 127.0.1 (localhost) is whitelisted by default to allow mail to be sent without authentication. This is normal, expected, and not a security issue. However, if you feel you would prefer this not to be allowed, you can remove the 127. address from the whitelist tab as Nikolay suggests. Be aware that some mail functions are likely to break if you do this.

This leads to the question of what exactly happened in your case. It isn't clear from your post what is actually happening. If could be a malicious script installed on the server or it could be absolutely anything else - can you post more details please? It seems odd that a spammer would send mail from your domain to you at some other email address that he could not possibly know about, so I'm guessing there's more to this than meets the eye.
 
You must log in or register to reply here.

Similar threads

M
Resolved Help request: SSL certificate seems to have trust issues. How to resolve?
Replies
4
Views
866
MHC_1
M
X
Resolved Plesk Extension: Plesk Email Security (Very Slow Delivery)
Replies
8
Views
6K
Kaspar@Plesk
Kaspar@Plesk
C
Resolved VPS - Mail Server 'Insufficient Space'
Replies
4
Views
1K
Peter Debik
P
L
Issue Mailer-Daemon does not send notifications to failed mail sender.
Replies
2
Views
2K
Peter Debik
P
T
Issue SMTPD No Auth from IP Issue
Replies
2
Views
2K
Tessxr
T
Back
Top