• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Spamming from localhost in plesk

S

Suhesh

New Pleskian
We have noticed spamming form the server ( from localhost ) following is the log for the same. [replaced domain name and some other modification]

Jun 25 19:34:41 server1 postfix/smtpd[7198]: 34B9A38049C: client=localhost[127.0.0.1]
Jun 25 19:34:41 server1 postfix/cleanup[9895]: 34B9A38049C: message-id=<[email protected]>
Jun 25 19:34:42 server1 postfix/qmgr[20618]: 34B9A38049C: from=<[email protected]>, size=1316, nrcpt=1 (queue active)​

Googling shows that, it is something like sending spam using ssh tunneling. Is there any way to identify the culprit account, which is sending the spam mails.

ssh log and postfix logs are not giving any idea about the source.
 
Following are the os,plesk version details.

CentOS release 6.8 (Final)
Plesk Version : 12.5.30 CentOS 6 1205160608.10
Micro Update installed : #37

Postfix logs are not that much user friendly, so we cannot get more information from it. Googling showing the symptoms are like "sending spam using ssh tunneling." But I cannot find the exact account causing the issue. Is this any vulnerability in plesk ?

Mails are sending from localhost using the accounts in the server, something like "[email protected]". Anyone facing this type of situation and how can we fix this permanently.
 
Hi Suhesh,

( again a guessing, because of missing informations about your configuration files ): Be sure to disallow anonymous SASL connections and forbid unauthorized connections in your configuration.
 
You can disallow in firewall SSH and open it only for your IP. Then you can try to disallow sending emails from script 9in PLESK, but dunno if will work). Also you can check /var/log/messages and/var/log/secure to have any clue. Then you can try to see access_logs which one is stressed more, where you can find some POST things which is not OK. This is some things what I usually do, but we do not have enough information (as @UFHH01 mentioned) so hard to help you more.
 
You must log in or register to reply here.

Similar threads

M
Question Unable to send mail (postfix)
Replies
0
Views
1K
Manuxy
M
I
Question mails that get lost
Replies
7
Views
4K
Inma
I
X
Resolved Plesk Extension: Plesk Email Security (Very Slow Delivery)
Replies
8
Views
6K
Kaspar@Plesk
Kaspar@Plesk
B
Resolved Mail get lost with wrong Dmarc
Replies
1
Views
3K
Martin Dias
Martin Dias
S
Question error trying to configure amazon ses in lightsail plesk
Replies
0
Views
2K
salvazuleta
S
Back
Top