Question Suddenly getting loads of 'Undelivered Mail Returned to Sender' failures from mailer-daemon

[zigojacko]

Server operating system version

CentOS Linux 7.9.2009

Plesk version and microupdate number

18.0.44

So recently, one of our servers is sending loads of 'Undelivered Mail Returned to Sender' emails from the server's mailer-daemon...

They look like the below:-



The thing is though, the mail service on the server is completely disabled because all websites hosted on this server use Gmail's SMTP server for sending email.

The server IP address is indeed blacklisted at Spamhaus but upon investigating this, this is perfectly fine and normal because it is the ISP that has listed it as it should not be sending email directly to the internet (Policy Blocklist (PBL) as below:-



No actual email sending and receiving is affected at all. It's just I am getting loads of those emails like the first screenshot above.

I have no idea exactly what is happening and how to stop them. Why is our server mailer-daemon trying to send email via Google?

Please can anyone point out what is happening and what we can do to prevent this from continuing? TIA

 

[mow]

Have you checked the two attachments for clues to what happened? Cross-reference with the maillog and the webserver logs to find out what could have triggered it.

 

[zigojacko]

Have you checked the two attachments for clues to what happened? Cross-reference with the maillog and the webserver logs to find out what could have triggered it.

I did yes. Before I posted this and there was nothing showing of any relevance - not that I could see...

 

[WebHostingAce]

Most probably, One of your website is compromised and sending spam emails via a PHP script.

Please see the email log. You will find this domain.

 

[zigojacko]

Most probably, One of your website is compromised and sending spam emails via a PHP script.

Please see the email log. You will find this domain.

The emails are legitimate notifications from our third party helpdesk software and these are bounce messages that are being rejected because Google won't accept emails from our server mailer daemon (server IP address) - the entire mail service on our server is disabled as we use Google for sending and receiving email (therefore I am unsure what email log you think I can look at).

 

[WebHostingAce]

In that case, you should configure "Party Helpdesk Software" to use Google Mail. It seems currently this software is sending email via a script. These emails send from your server.

("Tools & Settings" > "Mail Log Browser" - Since you dont have mail services on your server, you might not have this)

 

[zigojacko]

In that case, you should configure "Party Helpdesk Software" to use Google Mail. It seems currently this software is sending email via a script. These emails send from your server.

("Tools & Settings" > "Mail Log Browser" - Since you dont have mail services on your server, you might not have this)

Our helpdesk software already sends and receives mail via Google and is configured like so. And the only entries in that mail log browser are failed attempts to connect to the email server.

 

[WebHostingAce]

If your help-desk software sending email via Google, Google wont rejects its own mails.

To me this look like your help-desk software sending emails from your server. Please check the email configuration of the help-desk software.