• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Too many outgoing Emails

V

vintzblack

New Pleskian
Server operating system version
Debian 11
Plesk version and microupdate number
18.0.57
Can someone explain the meaning the information. I suspect serious hacking

config: Warning: service anvil { client_limit=1000 } is lower than required under max. load (2251). Counted with: service managesieve-login { process_limit=100 } + service pop3-login { process_limit=1024 } + service imap-urlauth-login { process_limit=100 } + service imap-login { process_limit=1024 } + service auth { process_limit=1 }
 
@Maarten. I thought of that one, too, and did a test on a Debian 11 server, but could not verify it against what @vintzblack wrote "service anvil ...". His error message does not mention Dovecot. It will probably be somehow linked to insufficient limit parameter, but I could not find here where to change this specific setting.
 
Thank you for the observation. Below is an email snippet from my hosting company, apparently they think otherwise.

The level of SMTP traffic on port 25/tcp is unusually high and at this pace you will hit the limit soon and all connections on this port will be blocked until the next day.

So if indeed there is malware infestation or some kind a back door that has gained access to my server, how can identify that and possible remedies for a newbie can adopt.

Regards
Vintz
 
I conducted an extensive investigation on the unusual traffic on my server and I noted a large volume of broadband usage of 27Gigs on one my domains. I checked the log and I saw a lot of IP addresses that were accessung the server. One of the IP address had that message below.

GET /HALLOWEEN%20%F0%9F%8E%83Marshmello%20Mask%20-%20WFdBUFRUWEFdFl5B/ HTTP/1.0

That could explain the high traffic usage. Obviously my wordpress installation had been compromised. So I replaced the wordpress files and folders, I did not touch the config file and wp content folder. After that my traffic dropped to zero. Problem solved. Bob is your ancle
 
You must log in or register to reply here.

Similar threads

andreios
Issue Setting the default_client_limit value for dovecot by Plesk as specified by the instructions
Replies
3
Views
1K
Peter Debik
P
K
Issue Dovecot backup/sync to second server fails - Error: auth-master: userdb lookup
Replies
0
Views
2K
kassi
K
I
Issue Emails can not receive
Replies
2
Views
1K
cientiros
C
hschramm
Extension SSLit: Dovecot unable to start due to too many SNI ssl certificate config files
Replies
6
Views
2K
kevinjansen
K
K
Resolved Plesk 17.5, Dovecot, error "process_limit (100) reached", but why?
Replies
4
Views
4K
King555
K
Back
Top