• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Spammer somehow has access to complete e-mailaccounts list of server?

Bjorn

Basic Pleskian
Your operating system: CentOS Linux release 7.1.1503 (Core)
Your current used Plesk- Product: Plesk 15.5.30, MU #1205160608.10
Your depending installed mail - server software: Postfix

Hi,

We're having problems with what seems to be a single spammer, that somehow bypasses all filters.
We use multiple DNS zones for the DNSBL service, and every mailaccount uses spamassassin.
SPF spam protection is not (yet) activated. With the current setup we almost block all spam, except from that one single spammer.

When i check the mail headers of the spam mail, they always come from different mailservers.

But it also seems our server is infected somehow, because when i create a new (not yet excisting) mailaccount on the server, it will start recieving the same spam within a day..

The spam is always in German language and is exactly the same for every mailaccount. For now, they only send 1 or 2 mails a day.

Any advice how to investigate this problem?

Regards,
Bjorn Joosen
 
In any case you should do the following:

1 - Check the header of the email, if it comes from the same network (not talking about ip, but entire networks), help you doing whois of ip sender's server.

2 - If the content of the email is the same as using the "body_checks" filter postfix, you can follow this guide, is very comprehensive: http://www.akadia.com/services/postfix_uce.html

3 - Use spamassassin to detect the scores assigned to this email, it is very important to understand if put down score, you can fix it, and make a collection of these emails every day by putting them in the spam folder of your webmail, because every night plesk, run the command "spamtrain" which instructs spamassassin.


that's all.

I hope my advice will be useful to you :)
 
Hi Alberto,

I feel ashamed i haven't replied to your answers, i did not see them.
After the update to onyx and with all anti-spam functions enabled, almost all spam gets blocked.

Thanks!
 
Back
Top