• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Spam sent from webmail

SalvadorS

Regular Pleskian
Hello,

First of all thank you for reading this topic.

I have a spammer in one of our servers, sending spam from webmail. So I can find this in mail.info from the info on spamhaus (spamhaus don't show me the full headers yet...)

Oct 11 08:12:37 xxx postfix/smtpd[11109]: connect from localhost[127.0.0.1]

Oct 11 08:12:37 xxx postfix/smtpd[11109]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<kontakt-ch.net>

Oct 11 08:12:37 xxx postfix/smtpd[11109]: disconnect from localhost[127.0.0.1]

How can I know which email account is using the spammer?

Thank you
 
It seems the spammer send a few spam emails and then disappear, so that method is not good for me at this time. Thank you very much for the reply.
 
Hi SalvadorS,

if you can't elimate the script, pls. consider to switch of sendmail usage at your server, untill you are able to eliminate the script on your server.

Second, pls. post your corresponding postfix - configuration, so that people willing to help you have the chance to investigate possible misconfigurations together with you.
 
Hi!

Thanks again for replying.

I am not sure if there is an script or a spammer sending mail from webmail. I check all the POST from de domains logs with the hour of the spam mails and there aren´t POST in the access_log of the domains on the server. But also I don´t see in the logs which email account log in at that time to send spam. Also mail is limited in the server so the spammer send a few mails.

Spamhaus don´t send me full headers so I am lost...
 
Back
Top