• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Spam from my server???

J

JuanCar

Regular Pleskian
I've received a report from aol about a spam from my server, and by the same time my Ip appears in CBL.

In the header of the message I read

Return-Path: <[email protected]>
Received: from mydomain.com (mydomain.com [xxx.xxx.xxx.xxx])
by mtain-dd01.r1000.mx.aol.com (Internet Inbound) with SMTP id D0490380000AE
for <[email protected]>; Fri, 1 Nov 2013 11:06:31 -0400 (EDT)
Received: from verlenea by gateoo.mydomain.com with local (Exim 4.51)
id V1ZE1S-Li6MSS-YH
for [email protected]; Fri, 01 Nov 2013 16:21:07 +0100

And, well, my server uses qmail not exim (plesk uses qmail by default)

I checked my mail server looking for relay but it's closed.
I've a wrapper in sendmail so all message pass trough my own email
Of course in my log doen't appear this email address, which is not an user of my server

Any explication?

How set a rule in IPtables to increase the security of SMTP? I saw in CBL:

iptables -A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 25 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mail -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mailman -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner root -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable


But which are gid-owners in Plesk: mail and mailman too?

Is it compatible with horde?


Thanks
 
I need help, please. I hove no idea how is hapening this spam from my IP.
There is no data in mail log, MailerDaemon dosenot return email bounced

I see now in SNDS of Hotmail more tan 5000 mails from my IP.

This is the header of one email (I've got it in SNDS) (xx.xx.xx.xx is my IP)

X-HmXmrOriginalRecipient: [email protected]
X-Reporter-IP: 187.114.66.163
x-store-info:4r51+eLowCe79NzwdU2kR3P+ctWZsO+J
Authentication-Results: hotmail.com; spf=none (sender IP is xx.xx.xx.xx) [email protected]; dkim=none header.d=unewsonline.com; x-hmca=none [email protected]
X-SID-PRA: [email protected]
X-AUTH-Result: NONE
X-SID-Result: NONE
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Message-Info: 3c21WZ1hAltI9DuizMAEE95U0qFS0yhWsfaOUs3RwK6jTNh2oEbqSysRa63Ltd+sTNbu6RKaSQnOcjbBX6sjUAuzYWYWDWmTBvDoYj749ncGugLhVqBrcUwBxXFKlukST2GBBk5G7c8S/1b1VnB2DGL1w26aEq3LyKBqL4VdUFP204kUxso3AqJcm5gQifhknQO7Homxwr5o9B124zNGfGrymYZrLRXx
Received: from mydomain.com ([xx.xx.xx.xx]) by BAY0-MC3-F52.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
Fri, 1 Nov 2013 12:27:26 -0700
Return-path: <[email protected]>
Received: (qmail 44925 invoked by uid 29227); 02 Nov 2013 04:38:35 -0000
Date: 02 Nov 2013 04:38:35 -0000
Message-ID: <[email protected]>
From: "Northrop" <[email protected]>
To: "pit-bulljuly" <[email protected]>
Subject: Someone vicious out there is open to a date with you right now! See my dirty pictures
Mime-Version: 1.0
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
X-OriginalArrivalTime: 01 Nov 2013 19:27:26.0345 (UTC) FILETIME=[65A00790:01CED738]


I can not understand what is happening!!! I need help!!!

I know this mail is not from sendmail (I have a wrapper to catch mails via sendmail). My logs have no mails to Hotmail!!!
I have SPF and DKIM, but I see

Authentication-Results: hotmail.com; spf=none (sender IP is xx.xx.xx.xx) [email protected]; dkim=none header.d=unewsonline.com; x-hmca=none [email protected]

Please any help about this terrible situation!!!

Thanks
 
You must log in or register to reply here.

Similar threads

S
Issue Cant activate the plesk firewall
Replies
5
Views
2K
martinez.marcias@gmai
M
Liwindo
Input New Firewall App 18.0.52
Replies
4
Views
2K
Liwindo
Liwindo
Sailorhost
Question IPv6 unreachable
Replies
4
Views
2K
Sailorhost
Sailorhost
ChrisMonder
Question How to ignore/block POP3/IMAP login attempts for a non existent domain in my server?
Replies
4
Views
3K
ChrisMonder
ChrisMonder
D
Issue Spoofed Emails Appearing as Sent from My Own Server Despite Correct SPF/DKIM/DMARC Configuration?
Replies
2
Views
2K
drdna
D
Back
Top