Facebook
Twitter
- Server operating system version
- Centos 7.9
- Plesk version and microupdate number
- 18.0.43 Update #1
Hello
Our users are complaining about receiving spam email saying their PC has been compromised and bitcoin has to be paid. I have received these emails myself.
The irony of this is that all email coming into the network is scanned by another server and then passed onto the Plesk mail server.
It seems that the culprits have a script that connects directly to the server hosting users email accounts, sets their from address to be the same domain as the user and then send email to them. The emails are delivered even if they do not authenticate.
SPF is set to hard fail but the emails still arrive.
Does anybody know how this can be resolved?
Our users are complaining about receiving spam email saying their PC has been compromised and bitcoin has to be paid. I have received these emails myself.
The irony of this is that all email coming into the network is scanned by another server and then passed onto the Plesk mail server.
It seems that the culprits have a script that connects directly to the server hosting users email accounts, sets their from address to be the same domain as the user and then send email to them. The emails are delivered even if they do not authenticate.
SPF is set to hard fail but the emails still arrive.
Does anybody know how this can be resolved?
