• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • The ImunifyAV extension is now deprecated and no longer available for installation.
    Existing ImunifyAV installations will continue operating for three months, and after that will automatically be replaced with the new Imunify extension. We recommend that you manually replace any existing ImunifyAV installations with Imunify at your earliest convenience.

Question Spam sent from my server by other hosts ???

Erwin Fiten

Erwin Fiten

Basic Pleskian
Server operating system version
Debian 11.11
Plesk version and microupdate number
Plesk Obsidian 18.0.67 Update #3 Web Pro Edition
I have a webserver 'myserver.com', that hosts a domain 'domain.com'

and now I'm getting blacklisted, and I receive 'undeliverable' emails for my domain, but that domain doesn't sent any mails.
So I checked the maillog :
Code: 
Feb 20 10:46:05 99C23181704: client=myserver.com[127.0.0.1], orig_queue_id=5D8DD180B87, orig_client=out21-17.dm.aliyun.com[115.124.21.17]
Feb 20 10:46:05 99C23181704: from=<[email protected]> to=<[email protected]>
Feb 20 10:46:05 99C23181704: message-id=<28990100552000025020721151799_28990100539006425022045989885_XTransfer@event.chinaedmexchange.com>
Feb 20 10:46:05 99C23181704: py-limit-out: stderr: INFO:__main__:No SMTP AUTH and not running in sendmail context (incoming or unrestricted outgoing mail). SKIP message.
Feb 20 10:46:05 99C23181704: py-limit-out: stderr: SKIP
Feb 20 10:46:05 99C23181704: check-quota: stderr: SKIP
Feb 20 10:46:05 99C23181704: spf: stderr: PASS
Feb 20 10:46:05 99C23181704: drweb: stderr: PASS
Feb 20 10:46:05 99C23181704: from=<[email protected]>, size=4600, nrcpt=1 (queue active)
Feb 20 10:46:05 99C23181704: from=<[email protected]>, to=<[email protected]>, dirname=/var/qmail/mailnames
Feb 20 10:46:06 99C23181704: dk_check: stderr: PASS
Feb 20 10:46:07 99C23181704: dmarc: stderr: PASS
Feb 20 10:46:07 99C23181704: arc-sign: stderr: PASS
Feb 20 10:46:07 99C23181704: to=<[email protected]>, relay=plesk_virtual, delay=1.7, delays=0.22/0/0/1.5, dsn=2.0.0, status=sent (delivered via plesk_virtual service)
Feb 20 10:46:07 99C23181704: removed
and
Code: 
Feb 23 16:10:55 E6E28181DE4: client=myserver.com[127.0.0.1], orig_queue_id=F1A8F180B60, orig_client=bird.pine.relay.mailchannels.net[23.83.219.17]
Feb 23 16:10:55 E6E28181DE4: from=<> to=<[email protected]>
Feb 23 16:10:55 E6E28181DE4: message-id=<[email protected]>
Feb 23 16:10:56 E6E28181DE4: py-limit-out: stderr: INFO:__main__:No SMTP AUTH and not running in sendmail context (incoming or unrestricted outgoing mail). SKIP message.
Feb 23 16:10:56 E6E28181DE4: py-limit-out: stderr: SKIP
Feb 23 16:10:56 E6E28181DE4: check-quota: stderr: SKIP
Feb 23 16:10:56 E6E28181DE4: spf: stderr: PASS
Feb 23 16:10:56 E6E28181DE4: drweb: stderr: PASS
Feb 23 16:10:56 E6E28181DE4: from=<>, size=10073, nrcpt=1 (queue active)
Feb 23 16:10:56 E6E28181DE4: from=<MAILER-DAEMON>, to=<[email protected]>, dirname=/var/qmail/mailnames
Feb 23 16:10:56 E6E28181DE4: DKIM Feed: No signature
Feb 23 16:10:56 E6E28181DE4: dk_check: stderr: PASS
Feb 23 16:10:56 E6E28181DE4: Unable to store SPF result into DMARC library: 'Function called with nothing to parse'
Feb 23 16:10:56 E6E28181DE4: Unable to store SPF/DKIM results into DMARC library
Feb 23 16:10:56 E6E28181DE4: arc-sign: stderr: SKIP
Feb 23 16:10:56 E6E28181DE4: to=<[email protected]>, relay=plesk_virtual, delay=0.58, delays=0.26/0/0/0.31, dsn=2.0.0, status=sent (delivered via plesk_virtual service)
Feb 23 16:10:56 E6E28181DE4: removed

So 'something' is configured wrong, strange, because this hasn't given issues the last years.

Any idea where I have to search ?

Erwin
 
Hello Erik,

In Plesk, you can configure the Policy on mail for non-existent users to ensure that emails sent to non-existent addresses are rejected rather than bounced, preventing Non-Delivery Reports (NDRs).

This setting can be adjusted in the following locations:
- For new domains: Service Plan > [Plan Name] > Mail > Policy on mail for non-existent users
- For existing domains: Domains > [example.com] > Mail Settings > What to do with mail for non-existent users

Additionally, I recommend implementing the following measures:
- Enable and configure Tools & Settings > Mail Server Settings > Switch on spam protection based on DNS blackhole lists.
- Enable and configure Outgoing Mail Control.

Let me know if you need any further assistance.
 
Strange, this is all enabled and set as you describe. And still messages are sent..
1740517063299.png
The 'sender' is the domain that's hosted on this server (and where the settings are as described), receivers are external, BUT not random, all known adresses from the sender....
 
In the thread title you're saying that these email messages are send trough your server via another host. But how do you know exactly these messages are sent from another host? I am asking because whenever a sever gets abused to sent spam messages often, a website hosted in the server got compromised, the server itself got compromised or an email account (mailbox) got compromised.
 
You must log in or register to reply here.

Similar threads

mapodec
Resolved Emails sent from Plesk accounts are not delivering only to Google Workspace
Replies
2
Views
359
mapodec
mapodec
W
Issue Mail forwarded on the server in the target mailbox is delivered to the SPAM folder
Replies
0
Views
255
W4ru
W
Lrnt
Resolved Mail stuck in queue between my 2 servers (Connection timed out)
Replies
3
Views
1K
Lrnt
Lrnt
EnriqueR
Question Incoming mail is stored in Junk folder
Replies
6
Views
493
EnriqueR
EnriqueR
X
Resolved Plesk Extension: Plesk Email Security (Very Slow Delivery)
Replies
8
Views
7K
Kaspar@Plesk
Kaspar@Plesk
Back
Top