Spammer Using my server

[eewd]

Having checked the mail queue on Plesk I found yet another 500 e-mails to thousands of AOL, Yahoo and Hotmail addresses.

I've set the relaying preferences to

Authorization Required for SMTP and given POP a lock of 1min.

I've even disabled Mail on the domain that the spam is originating from...

How can I stop the spammers?

Thanks

 

[atomicturtle]

They're either using a compromised user account, or relaying through a vulnerable web app. You'll need to look through your logs, maillog, and your domains web logs, to try to isolate it.

 

[eewd]

If I delete the domain that the spam is coming from should that sort it??

Also, does plesk have a way of viewing logs or am I going to have to SSH in? (I am a bit of a n00b)

Thanks,

 

[Jericon]

You'll have to access SSH to view the logs. Depending on how the server has been compromised, deleting the domain may resolve the issue, but it very well may not as well.

 

[Traged1]

We would normally remove the MX record for this domain's DNS so that no mail could be sent to or from the server for this domain, while you research what is happening.