• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Someone is sending spam through an authenticated account on my server. Help.

Z

zer0state

Guest
Hello,

Someone is sending spam via my SMTP server , they are authenticating and using one of my clients email accounts (this much i have confirmed). Since qmail logging sucks how one earth am i suppose to figure out which account has been compromised? Thankfully i'm running qmail-scanner which quarantined the phishing spam that was being sent out.

Short of changing all of my customer email account passwords i don't know what to do.

I'm running plesk 8 RHES 3

Any suggestions would be greatly appreciated.
 
check which user account is sending the most mails:

cat -n /usr/local/psa/var/log/maillog | grep "SMTP user" | less

That should give you a start.
 
Do you have access to the email files? You should be able to tell where they are coming from by looking at the headers. If you post a couple I can take a look.
 
Back
Top