• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Too many outgoing Emails

V

vintzblack

New Pleskian
Server operating system version
Debian 11
Plesk version and microupdate number
18.0.57
Can someone explain the meaning the information. I suspect serious hacking

config: Warning: service anvil { client_limit=1000 } is lower than required under max. load (2251). Counted with: service managesieve-login { process_limit=100 } + service pop3-login { process_limit=1024 } + service imap-urlauth-login { process_limit=100 } + service imap-login { process_limit=1024 } + service auth { process_limit=1 }
 
@Maarten. I thought of that one, too, and did a test on a Debian 11 server, but could not verify it against what @vintzblack wrote "service anvil ...". His error message does not mention Dovecot. It will probably be somehow linked to insufficient limit parameter, but I could not find here where to change this specific setting.
 
Thank you for the observation. Below is an email snippet from my hosting company, apparently they think otherwise.

The level of SMTP traffic on port 25/tcp is unusually high and at this pace you will hit the limit soon and all connections on this port will be blocked until the next day.

So if indeed there is malware infestation or some kind a back door that has gained access to my server, how can identify that and possible remedies for a newbie can adopt.

Regards
Vintz
 
I conducted an extensive investigation on the unusual traffic on my server and I noted a large volume of broadband usage of 27Gigs on one my domains. I checked the log and I saw a lot of IP addresses that were accessung the server. One of the IP address had that message below.

GET /HALLOWEEN%20%F0%9F%8E%83Marshmello%20Mask%20-%20WFdBUFRUWEFdFl5B/ HTTP/1.0

That could explain the high traffic usage. Obviously my wordpress installation had been compromised. So I replaced the wordpress files and folders, I did not touch the config file and wp content folder. After that my traffic dropped to zero. Problem solved. Bob is your ancle
 
You must log in or register to reply here.

Similar threads

andreios
Issue Setting the default_client_limit value for dovecot by Plesk as specified by the instructions
Replies
3
Views
2K
Peter Debik
P
ilogus
Resolved Incoming email DKIM issue
Replies
4
Views
488
ilogus
ilogus
K
Issue Dovecot backup/sync to second server fails - Error: auth-master: userdb lookup
Replies
0
Views
2K
kassi
K
I
Issue Emails can not receive
Replies
2
Views
1K
cientiros
C
hschramm
Extension SSLit: Dovecot unable to start due to too many SNI ssl certificate config files
Replies
6
Views
2K
kevinjansen
K
Back
Top