• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Resolved Spammer somehow has access to complete e-mailaccounts list of server?

Bjorn

Bjorn

Basic Pleskian
Your operating system: CentOS Linux release 7.1.1503 (Core)
Your current used Plesk- Product: Plesk 15.5.30, MU #1205160608.10
Your depending installed mail - server software: Postfix

Hi,

We're having problems with what seems to be a single spammer, that somehow bypasses all filters.
We use multiple DNS zones for the DNSBL service, and every mailaccount uses spamassassin.
SPF spam protection is not (yet) activated. With the current setup we almost block all spam, except from that one single spammer.

When i check the mail headers of the spam mail, they always come from different mailservers.

But it also seems our server is infected somehow, because when i create a new (not yet excisting) mailaccount on the server, it will start recieving the same spam within a day..

The spam is always in German language and is exactly the same for every mailaccount. For now, they only send 1 or 2 mails a day.

Any advice how to investigate this problem?

Regards,
Bjorn Joosen
 
In any case you should do the following:

1 - Check the header of the email, if it comes from the same network (not talking about ip, but entire networks), help you doing whois of ip sender's server.

2 - If the content of the email is the same as using the "body_checks" filter postfix, you can follow this guide, is very comprehensive: http://www.akadia.com/services/postfix_uce.html

3 - Use spamassassin to detect the scores assigned to this email, it is very important to understand if put down score, you can fix it, and make a collection of these emails every day by putting them in the spam folder of your webmail, because every night plesk, run the command "spamtrain" which instructs spamassassin.


that's all.

I hope my advice will be useful to you :)
 
Hi Alberto,

I feel ashamed i haven't replied to your answers, i did not see them.
After the update to onyx and with all anti-spam functions enabled, almost all spam gets blocked.

Thanks!
 
You must log in or register to reply here.

Similar threads

D
Issue Plesk Mail Server keeps getting blacklisted
Replies
11
Views
4K
DanielJ
D
M
Question Spam sent by my server
Replies
12
Views
6K
MarkM
MarkM
lvalics
Resolved CBL and PLESK
Replies
3
Views
3K
trialotto
T
S
spamd SIGHUP not working, OPTIONS changed
Replies
17
Views
6K
DanielMo
D
tkalfaoglu
Trouble with CBL Spam prevention - what shall I do?
Replies
2
Views
2K
tkalfaoglu
tkalfaoglu
Back
Top