• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

SMTP server requires no authentication, huge issue!

F

f6n5i4qweuf

New Pleskian
Hi everybody

Today I found an incredible huge security issue with my Plesk 11.5.30 and postfix installation. I received a bunch of spam messages from my domain today and so I tested my SMTP server:

Code: 
Connected to localhost.
Escape character is '^]'.
220 domain.here ESMTP Postfix (Debian/GNU)
helo domain.here
250 domain.here
mail from: [email protected]
250 2.1.0 Ok
rcpt to: ***@gmail.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
oh my god why does this work?
.
250 2.0.0 Ok: queued as 2F25C18218B3
quit
221 2.0.0 Bye

A couple of seconds later, I received this message in gmail. Completely stunned I checked the settings but they seem to be okay:

mail.png

To me this means, everybody who installs plesk and postfix automatically has a server that will be sending spam as soon as it's discovered. For me it took 8 days before it started sending spam.
Please help me and everybody else with this issue to resolve it. I just can not believe that this is default setting for plesk. UNBELIEVABLE!

Thank you!
 
Just remove loopback (or just all) addresses from the "White List" tab on "Server-Wide Mail Settings" page. It wouldn't save you from spam though (because there's also sendmail), you need to find its source instead.
 
Just to amplify on what Nikolay is saying.....

For your test, you connected locally. 127.0.1 (localhost) is whitelisted by default to allow mail to be sent without authentication. This is normal, expected, and not a security issue. However, if you feel you would prefer this not to be allowed, you can remove the 127. address from the whitelist tab as Nikolay suggests. Be aware that some mail functions are likely to break if you do this.

This leads to the question of what exactly happened in your case. It isn't clear from your post what is actually happening. If could be a malicious script installed on the server or it could be absolutely anything else - can you post more details please? It seems odd that a spammer would send mail from your domain to you at some other email address that he could not possibly know about, so I'm guessing there's more to this than meets the eye.
 
You must log in or register to reply here.

Similar threads

mapodec
Resolved Emails sent from Plesk accounts are not delivering only to Google Workspace
Replies
2
Views
637
mapodec
mapodec
M
Resolved Help request: SSL certificate seems to have trust issues. How to resolve?
Replies
4
Views
2K
MHC_1
M
C
Resolved VPS - Mail Server 'Insufficient Space'
Replies
4
Views
2K
Peter Debik
P
X
Resolved Plesk Extension: Plesk Email Security (Very Slow Delivery)
Replies
8
Views
8K
Kaspar@Plesk
Kaspar@Plesk
W
Issue Mail forwarded on the server in the target mailbox is delivered to the SPAM folder
Replies
0
Views
465
W4ru
W
Back
Top