• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue suspicious mass mail sent, Plesk outgoing mail control does not record

Pan_Duke

Pan_Duke

Basic Pleskian
Hi all!
today a server got blaclisted in TRUNCATE. After searching i found that the mail log is for two hours full of such logs:
Code: 
Sep 30 15:32:51 myservername /usr/lib64/plesk-9.0/psa-pc-remote[18756]: handlers_stderr: PASS
Sep 30 15:32:51 myservername /usr/lib64/plesk-9.0/psa-pc-remote[18756]: PASS during call 'drweb' handler
Sep 30 15:32:51 myservername drweb[27341]: Starting the drweb filter...
Sep 30 15:32:52 myservername qmail-queue[27341]: scan: the message(drweb.tmp.2MvoVj) sent by [email protected] to [email protected] is passed
Sep 30 15:32:52 myservername /usr/lib64/plesk-9.0/psa-pc-remote[18756]: handlers_stderr: PASS
Sep 30 15:32:52 myservername /usr/lib64/plesk-9.0/psa-pc-remote[18756]: PASS during call 'drweb' handler
Sep 30 15:32:52 myservername drweb[27342]: Starting the drweb filter...
Sep 30 15:32:52 myservername qmail-queue[27342]: scan: the message(drweb.tmp.V2SLYe) sent by [email protected] to [email protected] is passed
Sep 30 15:32:52 myservername /usr/lib64/plesk-9.0/psa-pc-remote[18756]: handlers_stderr: PASS
Sep 30 15:32:52 myservername /usr/lib64/plesk-9.0/psa-pc-remote[18756]: PASS during call 'drweb' handler
Sep 30 15:32:52 myservername drweb[27343]: Starting the drweb filter...
Sep 30 15:32:52 myservername qmail-queue[27343]: scan: the message(drweb.tmp.MaZddo) sent by [email protected] to [email protected] is passed
Sep 30 15:32:52 myservername /usr/lib64/plesk-9.0/psa-pc-remote[18756]: handlers_stderr: PASS
Sep 30 15:32:52 myservername /usr/lib64/plesk-9.0/psa-pc-remote[18756]: PASS during call 'drweb' handler
Sep 30 15:32:52 myservername drweb[27344]: Starting the drweb filter...
Sep 30 15:32:52 myservername qmail-queue[27344]: scan: the message(drweb.tmp.25pWYu) sent by [email protected] to [email protected] is passed
Sep 30 15:32:52 myservername /usr/lib64/plesk-9.0/psa-pc-remote[18756]: handlers_stderr: PASS
Sep 30 15:32:52 myservername /usr/lib64/plesk-9.0/psa-pc-remote[18756]: PASS during call 'drweb' handler
Sep 30 15:32:52 myservername drweb[27345]: Starting the drweb filter...
Sep 30 15:32:52 myservername qmail-queue[27345]: scan: the message(drweb.tmp.JZA0vz) sent by [email protected] to [email protected] is passed
Sep 30 15:32:52 myservername /usr/lib64/plesk-9.0/psa-pc-remote[18756]: handlers_stderr: PASS
Sep 30 15:32:52 myservername /usr/lib64/plesk-9.0/psa-pc-remote[18756]: PASS during call 'drweb' handler
Sep 30 15:32:52 myservername drweb[27346]: Starting the drweb filter...
Sep 30 15:32:52 myservername qmail-queue[27346]: scan: the message(drweb.tmp.P55quG) sent by [email protected] to [email protected] is passed
In the subscription panel of theaffecteddomain.com, the outgoing mail control has a limit of 40 emails per hour (the mail log has hundreds of emails sent) and the pop up graph in the same page reports that there are 3 nessages sent from this domain.

Also, the "Allow using Sendmail for scripts and users on this subscription" setting is unchecked as well for quite a while now.

Is there a way to find out why all these messages bypassed the plesk outgoing mail control?
How can i prevent such situations in the future?
 
You must log in or register to reply here.

Similar threads

W
Issue Mail forwarded on the server in the target mailbox is delivered to the SPAM folder
Replies
0
Views
464
W4ru
W
EnriqueR
Question Incoming mail is stored in Junk folder
Replies
6
Views
898
EnriqueR
EnriqueR
Bitpalast
Forwarded to devs Spamassassin ignores mails to mailboxes that contain an ampersand, e.g. d&[email protected]
Replies
9
Views
2K
Bitpalast
Bitpalast
D
Issue Spoofed Emails Appearing as Sent from My Own Server Despite Correct SPF/DKIM/DMARC Configuration?
Replies
2
Views
2K
drdna
D
X
Resolved Plesk Extension: Plesk Email Security (Very Slow Delivery)
Replies
8
Views
8K
Kaspar@Plesk
Kaspar@Plesk
Back
Top