1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Strange mail usage!

Discussion in 'Plesk for Linux - 8.x and Older' started by dragnovich, Jan 21, 2009.

  1. dragnovich

    dragnovich Basic Pleskian

    23
    57%
    Joined:
    Oct 27, 2005
    Messages:
    39
    Likes Received:
    0
    Hello I had noticed that the server Mail Server is been used very often (I have near 80 domains in the server) and it seems that is Normal... but some times and hours the delivery times grow up, loking the logs and analizing the situation it seems the server is used to send spam mails, surendly I got the mail queue full with "Failure notices" the problem becomes that there's no sender! or worst from SENDERS NOT IN THE SERVER!

    I had ALL server locked up, log before smtp, user authentication, full email as mail account, etc.. I try monitoring the SCRIPTS that sends mails (like PHP MAIL routines) and does not seems that the problem comes from there.

    Loking the qmail logs I notice HUNDREDS of lines like this:

    Jan 20 04:10:21 SERVER qmail-remote-handlers[24406]: from=
    Jan 20 04:10:21 SERVER qmail-remote-handlers[24406]: to=forcibly@cdrill.com
    Jan 20 04:10:25 SERVER qmail-remote-handlers[24413]: from=
    Jan 20 04:10:25 SERVER qmail-remote-handlers[24413]: to=3dcsilva@farnell-newarkinone.com

    As you can see the FROM is empty why? if is supossed to disallow any ANONYMOUS usage!
    the TO emails are not in my server.

    Any advice??
     
  2. lucidcarbon

    lucidcarbon Guest

    0
     
    I don't have an answer yet, but I do have the same problem (also on Plesk 8.6).

    Are you also getting lots of relaylock messages? I am, like these...

    Jan 23 15:13:12 SERVER relaylock: /var/qmail/bin/relaylock: mail from 151.50.17.194:3273 (adsl-ull-194-17.50-151.net24.it)
    Jan 23 15:13:34 SERVER relaylock: /var/qmail/bin/relaylock: mail from 65.17.48.208:54450 (host48-208.rancor.birch.net)
    Jan 23 15:14:06 SERVER relaylock: /var/qmail/bin/relaylock: mail from 151.50.17.194:1435 (adsl-ull-194-17.50-151.net24.it)
     
Loading...