1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Someone is sending spam through an authenticated account on my server. Help.

Discussion in 'Plesk for Linux - 8.x and Older' started by zer0state, Jan 24, 2007.

  1. zer0state

    zer0state Guest


    Someone is sending spam via my SMTP server , they are authenticating and using one of my clients email accounts (this much i have confirmed). Since qmail logging sucks how one earth am i suppose to figure out which account has been compromised? Thankfully i'm running qmail-scanner which quarantined the phishing spam that was being sent out.

    Short of changing all of my customer email account passwords i don't know what to do.

    I'm running plesk 8 RHES 3

    Any suggestions would be greatly appreciated.
  2. jwdick

    jwdick Guest

    check which user account is sending the most mails:

    cat -n /usr/local/psa/var/log/maillog | grep "SMTP user" | less

    That should give you a start.
  3. rs232

    rs232 Guest

    Do you have access to the email files? You should be able to tell where they are coming from by looking at the headers. If you post a couple I can take a look.