• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Someone is sending spam through an authenticated account on my server. Help.

Z

zer0state

Guest
Hello,

Someone is sending spam via my SMTP server , they are authenticating and using one of my clients email accounts (this much i have confirmed). Since qmail logging sucks how one earth am i suppose to figure out which account has been compromised? Thankfully i'm running qmail-scanner which quarantined the phishing spam that was being sent out.

Short of changing all of my customer email account passwords i don't know what to do.

I'm running plesk 8 RHES 3

Any suggestions would be greatly appreciated.
 
check which user account is sending the most mails:

cat -n /usr/local/psa/var/log/maillog | grep "SMTP user" | less

That should give you a start.
 
Do you have access to the email files? You should be able to tell where they are coming from by looking at the headers. If you post a couple I can take a look.
 
You must log in or register to reply here.

Similar threads

M
Question System account sending email through smpt relay but no configuration present
Replies
3
Views
1K
maratn
M
enerspace
Question Bounce emails end up in spam – DMARC triggered on local deliveries?
Replies
0
Views
713
enerspace
enerspace
A
Question Alternative ways to forward emails
Replies
2
Views
1K
Aslanj
A
C
Question Analysing Sender IP in Mail Headers
Replies
0
Views
2K
Change Maker
C
W
Issue Mail forwarded on the server in the target mailbox is delivered to the SPAM folder
Replies
0
Views
822
W4ru
W
Back
Top