• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Spammer authenticates somehow with email alias!

R

RealAbraCadaver

New Pleskian
Well I made a mistake with the first post because it didn't show up for almost 1/2 hour, and now both are deleted or locked, so apologies for the third one:

A spammer is able to authenticate and send spam using an alias [email protected] which is an alias of a real mailname.

OS: CentOS 6.5 (Final)
Panel version: 11.5.30 Update #32

Installed mail server Postfix

Relaying
authorization is required:
SMTP
Click to expand...

I cleared the queue, but the spam messages were all from [email protected] and had multiple lines like:
X-No-Relay: not in my network
Click to expand...

I see lots of these with differing clients:
Feb 11 16:09:11 u17411632 postfix/smtpd[16157]: 54842322D7: client=unknown[195.7.47.219], sasl_method=LOGIN, [email protected]
Feb 11 16:09:11 u17411632 postfix/smtp[12874]: B830F322CE: to=<[email protected]>, relay=mx2.comcast.net[2001:558:fe2d:70::22]:25, delay=4.1, delays=3.2/0/0.55/0.32, dsn=2.0.0, status=sent (250 2.0.0 R99B1n0070HDTPJ0F99BDH mail accepted for delivery)
Click to expand...

Using grep on the log created from here: http://kb.parallels.com/en/114845 I don't see anything from /var/www/vhosts.

What is going on here?!?!
 
OK, thanks. I read both of those articles but I assumed that the spammer would need my password for the real email and use it with the alias. I guess I thought this unlikely, but it seems to be the only way, they must have brute forced my password? I read another post where the user DID change his password and the spammer was still able to send using the alias.

Thanks!
 
Last edited:
We had to delete and recreate aliases yesterday. But today it seems to work ok.

You can use /usr/local/psa/admin/bin/mail_auth_view
to check password for email address and aliases.
 
You must log in or register to reply here.

Similar threads

P
Issue Notification emails from psaadm when checking for updates are being blocked.
Replies
2
Views
2K
pick3pro
P
J
Issue PHPMailer - X-PPP-Vhost header is changed to subscription-domain and causes DMARC reject
Replies
1
Views
4K
japjay
J
S
Resolved Spamassassin - no scan is performed / x-spam missing in headers
Replies
2
Views
3K
Boris Ortega
B
E
E-mail Accounts: Outbound Spam
Replies
8
Views
3K
IgorG
IgorG
Back
Top