• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

SMTP server requires no authentication, huge issue!

F

f6n5i4qweuf

New Pleskian
Hi everybody

Today I found an incredible huge security issue with my Plesk 11.5.30 and postfix installation. I received a bunch of spam messages from my domain today and so I tested my SMTP server:

Code: 
Connected to localhost.
Escape character is '^]'.
220 domain.here ESMTP Postfix (Debian/GNU)
helo domain.here
250 domain.here
mail from: [email protected]
250 2.1.0 Ok
rcpt to: ***@gmail.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
oh my god why does this work?
.
250 2.0.0 Ok: queued as 2F25C18218B3
quit
221 2.0.0 Bye

A couple of seconds later, I received this message in gmail. Completely stunned I checked the settings but they seem to be okay:

mail.png

To me this means, everybody who installs plesk and postfix automatically has a server that will be sending spam as soon as it's discovered. For me it took 8 days before it started sending spam.
Please help me and everybody else with this issue to resolve it. I just can not believe that this is default setting for plesk. UNBELIEVABLE!

Thank you!
 
Just remove loopback (or just all) addresses from the "White List" tab on "Server-Wide Mail Settings" page. It wouldn't save you from spam though (because there's also sendmail), you need to find its source instead.
 
Just to amplify on what Nikolay is saying.....

For your test, you connected locally. 127.0.1 (localhost) is whitelisted by default to allow mail to be sent without authentication. This is normal, expected, and not a security issue. However, if you feel you would prefer this not to be allowed, you can remove the 127. address from the whitelist tab as Nikolay suggests. Be aware that some mail functions are likely to break if you do this.

This leads to the question of what exactly happened in your case. It isn't clear from your post what is actually happening. If could be a malicious script installed on the server or it could be absolutely anything else - can you post more details please? It seems odd that a spammer would send mail from your domain to you at some other email address that he could not possibly know about, so I'm guessing there's more to this than meets the eye.
 
You must log in or register to reply here.

Similar threads

C
Resolved VPS - Mail Server 'Insufficient Space'
Replies
4
Views
904
Peter Debik
P
L
Issue Mailer-Daemon does not send notifications to failed mail sender.
Replies
2
Views
1K
Peter Debik
P
T
Issue SMTPD No Auth from IP Issue
Replies
2
Views
1K
Tessxr
T
H
Forwarded to devs mailhandler ignores small info text in case of REJECT
Replies
4
Views
789
hitd
H
H
Issue BUG: minor bug in mailhandler - not reporting STDOUT message
Replies
2
Views
919
hitd
H
Back
Top