• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Understanding Mail Log

N

nand

Guest
Hi to all!

I'm using Parallells Plesk 9.0.1 under CentOS with Postfix.

In my Plesk Admin Web Panel (mail queue page), I see some spam mails with origin and destination addressess without relation of any of my domains. Let's focus on a particular...

mail-queue-defered.gif Order_975917. "Support" <[email protected]> [email protected] Mar 16, 2011 09:51 AM 00:17:29 102,66 KB

If I click for look the mail details...

Received: from mymail.box.plesk (localhost.localdomain [127.0.0.1])
by mymailbox.plesk (Postfix) with ESMTP id 8A487A0A9625;
Wed, 16 Mar 2011 09:49:10 +0100 (CET)
Received: from rm-1106-02.serve.com (unknown [65.23.154.131])
by mymailbox.plesk (Postfix) with ESMTP;
Wed, 16 Mar 2011 08:49:10 +0000 (UTC)
Received: from [192.168.0.100] (EHLO Win7) by rm-1106-02.serve.com id 3wCvJBuWIGch (mp002) with SMTP; Wed, 16 Mar 2011 04:51:56 -0400
From: "Support" <[email protected]>
To: <[email protected]>
Subject: Order_975917.
Date: Wed, 16 Mar 2011 04:51:56 -0400
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----------0B34032603FD536"


Now I grep for a "from ip address" in mail.log...

# grep 65.23.154.131 maillog/maillog
Mar 16 04:39:03 s15402231 postfix/smtpd[30009]: connect from unknown[65.23.154.131]
Mar 16 03:39:04 s15402231 postfix/smtpd[30009]: NOQUEUE: client=unknown[65.23.154.131], sasl_method=login, [email protected]
Mar 16 04:39:04 s15402231 postfix/smtpd[30017]: E05E8A0C769D: client=unknown[65.23.154.131]
Mar 16 03:39:10 s15402231 postfix/smtpd[30009]: disconnect from unknown[65.23.154.131]
Mar 16 04:42:56 s15402231 postfix/anvil[30011]: statistics: max connection rate 1/60s for (smtp:65.23.154.131) at Mar 16 04:39:03
Mar 16 04:42:56 s15402231 postfix/anvil[30011]: statistics: max connection count 1 for (smtp:65.23.154.131) at Mar 16 04:39:03
Mar 16 04:59:41 s15402231 postfix/smtpd[30249]: connect from unknown[65.23.154.131]
Mar 16 03:59:43 s15402231 postfix/smtpd[30249]: NOQUEUE: client=unknown[65.23.154.131], sasl_method=login, [email protected]
Mar 16 04:59:43 s15402231 postfix/smtpd[30252]: 2F9B1A0CBBBA: client=unknown[65.23.154.131]
Mar 16 03:59:50 s15402231 postfix/smtpd[30249]: disconnect from unknown[65.23.154.131]
Mar 16 05:05:14 s15402231 postfix/smtpd[30287]: connect from unknown[65.23.154.131]
Mar 16 04:05:15 s15402231 postfix/smtpd[30287]: NOQUEUE: client=unknown[65.23.154.131], sasl_method=login, [email protected]
Mar 16 05:05:15 s15402231 postfix/smtpd[30295]: DAD8DA0CBBBA: client=unknown[65.23.154.131]
Mar 16 04:05:24 s15402231 postfix/smtpd[30287]: disconnect from unknown[65.23.154.131]
Mar 16 05:08:44 s15402231 postfix/anvil[30289]: statistics: max connection rate 1/60s for (smtp:65.23.154.131) at Mar 16 05:05:14
Mar 16 05:08:44 s15402231 postfix/anvil[30289]: statistics: max connection count 1 for (smtp:65.23.154.131) at Mar 16 05:05:14
Mar 16 05:15:26 s15402231 postfix/smtpd[30353]: connect from unknown[65.23.154.131]


Ok it seems alloweddomain.com (a domain allowed and hosted in my server) it's generating spam. Probably this of my customers got a trojan or other type of virus in it client.

I'm ok? If yes, can I stop it?

Thank's in advance
 
Back
Top