• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Spam in Mail Queue

Plesk has many spam protection solutions. Have you tried to use them, read Plesk documentation about these solutions?
 
Yes. I read and learned a lot, but befor I decide for any action, I want to understand where it come from.

As I understood, a Mailbox from any owner must be hacked by Virus or anything else.
So I want to find out witch one it is, to contact the owner of the mailbox.

Following also confuse me:
When I grep for the IP of the Spamer in /usr/local/psa/var/log/maillog
I find an e-Mailadress, that is only an e-mail alias and not a mailbox.

So it seems, that Spamer can authenticates on e-mail alias ?
 
yes, you can authenticate on an alias. I was surprised when I found this out a year or two ago! But it does make sense.
If you use qmail, then qmhandle.pl (available from the Atomic repo or you can compile from source) is a good tool to deal with queues full of spam.

It sounds like you have found the mailbox that has been compromised. Otherwise you need to look at one of the spam emails, find the source IP, search for that IP in the maillog, and locate the compromised mailbox that way.

Please note that changing the password does not ALWAYS stop the spam sending. Some spam systems connect and keep sending, so there's no re-authentication. Changing the password does not stop these types. Restarting qmail does not resolve the problem. Adding the IP to a direwall does not help. In all these cases it is because the spammer is already connected. You have to kill the actual process the spammer is connected to (or just reboot). Using netstat -avnp can help.
 
You must log in or register to reply here.

Similar threads

C
Question Strange Mail-Spam issue
Replies
3
Views
322
hschramm
hschramm
A
Question Spam detection on outgoing mails with Plesk Email Security
Replies
2
Views
655
Kaspar
K
A
Issue Mail queue very slow with 10 min delay
2
Replies
22
Views
1K
apis
A
C
Issue Plesk Email Security seems not to learn spam properly
Replies
8
Views
2K
Kaspar
K
D
Issue Mail queue undelivered - how to find originating domain
Replies
0
Views
458
Daphne
D
Back
Top