• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Spamming from localhost in plesk

S

Suhesh

New Pleskian
We have noticed spamming form the server ( from localhost ) following is the log for the same. [replaced domain name and some other modification]

Jun 25 19:34:41 server1 postfix/smtpd[7198]: 34B9A38049C: client=localhost[127.0.0.1]
Jun 25 19:34:41 server1 postfix/cleanup[9895]: 34B9A38049C: message-id=<[email protected]>
Jun 25 19:34:42 server1 postfix/qmgr[20618]: 34B9A38049C: from=<[email protected]>, size=1316, nrcpt=1 (queue active)​

Googling shows that, it is something like sending spam using ssh tunneling. Is there any way to identify the culprit account, which is sending the spam mails.

ssh log and postfix logs are not giving any idea about the source.
 
Following are the os,plesk version details.

CentOS release 6.8 (Final)
Plesk Version : 12.5.30 CentOS 6 1205160608.10
Micro Update installed : #37

Postfix logs are not that much user friendly, so we cannot get more information from it. Googling showing the symptoms are like "sending spam using ssh tunneling." But I cannot find the exact account causing the issue. Is this any vulnerability in plesk ?

Mails are sending from localhost using the accounts in the server, something like "[email protected]". Anyone facing this type of situation and how can we fix this permanently.
 
Hi Suhesh,

( again a guessing, because of missing informations about your configuration files ): Be sure to disallow anonymous SASL connections and forbid unauthorized connections in your configuration.
 
You can disallow in firewall SSH and open it only for your IP. Then you can try to disallow sending emails from script 9in PLESK, but dunno if will work). Also you can check /var/log/messages and/var/log/secure to have any clue. Then you can try to see access_logs which one is stressed more, where you can find some POST things which is not OK. This is some things what I usually do, but we do not have enough information (as @UFHH01 mentioned) so hard to help you more.
 
You must log in or register to reply here.

Similar threads

EnriqueR
Question Incoming mail is stored in Junk folder
Replies
6
Views
904
EnriqueR
EnriqueR
W
Issue Mail forwarded on the server in the target mailbox is delivered to the SPAM folder
Replies
0
Views
469
W4ru
W
EnriqueR
Issue Postfix malfunctioning
Replies
2
Views
702
mow
M
G
Issue [email protected] keeps sending e-mail notification even if i've edited panel.ini file.
Replies
2
Views
1K
IT Ufficio Key-One
I
Bitpalast
Forwarded to devs Spamassassin ignores mails to mailboxes that contain an ampersand, e.g. d&[email protected]
Replies
9
Views
2K
Bitpalast
Bitpalast
Back
Top