Somebody is sending SPAM from my server

[clinton4]

Hi,

When i look in the Mail Queue, i see that somebody is sending SPAM from my server. How can i figure out which account is sending it?

 

[Andrey Kucherov]

Hello,


We can give you common recommendations which can help you to eliminate spam attack like using MAPS zones, spamassassin, blacklists, rejecting emails for non-existing users, update Plesk to the latest version and configure SPF technology, etc. The following articles are devoted to troubleshooting spam and known issues with spamassassin:

Spam tracking:
http://kb.odin.com/en/6010
http://kb.odin.com/en/766

Known issues and questions about spamassassin functionality:
http://kb.odin.com/en/1428
http://kb.odin.com/en/3017
http://kb.odin.com/en/5538
http://kb.odin.com/en/1334
http://kb.odin.com/en/1393

 

[anytimemoney]

Windows Plesk: Outbound Spam

Somebody is sending SPAM from my server. This results in the main server IP getting blacklisted.

1. How to identify the spammer on my server .. or the compromised account?

Can the sender be identified from: C9EEDB720A4B4A5CA487B4AB3CD7BF3A.MAI
or
ME-I0018: [F8E9D6D22AC34047B86D7CB83E3C75FA.MAI] Outbound message from ([SMTP:[email protected]]) requeued as [300E2AA30B7F4A40974C3973FC9F47D4.MAI] to the target domain [some_domain.com]

2. How to further secure the server to prevent sending such spam messages?
Emails are sent using the 'From' field containing email IDs of Yahoo, AOL, Gmail, etc.

3. Is there any way to limit the number of messages that can be sent in an hour from a particular hosting account?

 

[clinton4]

I figured out that the problem was related to the Wordpress plugin Contact Form 7. If you have WP with this plugin, you better stop using it.

 

[RaymondB]

Those suggestion links talk about qmail.

What about postfix?