• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Spammer somehow has access to complete e-mailaccounts list of server?

Bjorn

Bjorn

Basic Pleskian
Your operating system: CentOS Linux release 7.1.1503 (Core)
Your current used Plesk- Product: Plesk 15.5.30, MU #1205160608.10
Your depending installed mail - server software: Postfix

Hi,

We're having problems with what seems to be a single spammer, that somehow bypasses all filters.
We use multiple DNS zones for the DNSBL service, and every mailaccount uses spamassassin.
SPF spam protection is not (yet) activated. With the current setup we almost block all spam, except from that one single spammer.

When i check the mail headers of the spam mail, they always come from different mailservers.

But it also seems our server is infected somehow, because when i create a new (not yet excisting) mailaccount on the server, it will start recieving the same spam within a day..

The spam is always in German language and is exactly the same for every mailaccount. For now, they only send 1 or 2 mails a day.

Any advice how to investigate this problem?

Regards,
Bjorn Joosen
 
In any case you should do the following:

1 - Check the header of the email, if it comes from the same network (not talking about ip, but entire networks), help you doing whois of ip sender's server.

2 - If the content of the email is the same as using the "body_checks" filter postfix, you can follow this guide, is very comprehensive: http://www.akadia.com/services/postfix_uce.html

3 - Use spamassassin to detect the scores assigned to this email, it is very important to understand if put down score, you can fix it, and make a collection of these emails every day by putting them in the spam folder of your webmail, because every night plesk, run the command "spamtrain" which instructs spamassassin.


that's all.

I hope my advice will be useful to you :)
 
Hi Alberto,

I feel ashamed i haven't replied to your answers, i did not see them.
After the update to onyx and with all anti-spam functions enabled, almost all spam gets blocked.

Thanks!
 
You must log in or register to reply here.

Similar threads

D
Issue Plesk Mail Server keeps getting blacklisted
Replies
11
Views
4K
DanielJ
D
M
Question Spam sent by my server
Replies
12
Views
7K
MarkM
MarkM
lvalics
Resolved CBL and PLESK
Replies
3
Views
3K
trialotto
T
S
spamd SIGHUP not working, OPTIONS changed
Replies
17
Views
6K
DanielMo
D
tkalfaoglu
Trouble with CBL Spam prevention - what shall I do?
Replies
2
Views
2K
tkalfaoglu
tkalfaoglu
Back
Top