Issue VPS with plesk Hacked

[Carloz]

Hello, some hackers hacked one of the mail accounts hosted on my Windows vps with plesk Onyx (Version 17.8.11 Aggiorna #85 )

They of course used the mail account to send spam, they put some thousands emails in outgoing queue, and they are trying again to hack using bruteforce attack (they are trying to login using a lot of different passwords).

How can i delete the outgoing mail queue and to automatically ban an ip that try to login with different password? (for example after 3 or 5 or more attempts, the ip will be banned for some hours).

Thank you!
Carlo

 

[Izaim]

Make use of fail2ban and limit outgoing emails.

But most importantly, un-hack your VPS, in order to eliminate the future attacks completely. Since this is not an issue to discuss here on this forum, it falls under your responsibility of security. I can help you with all those privately, DM me.

 

[Carloz]

Thank you for your suggestions, i solved the situation. If i can, i will set up the fail2ban plugin.

I set also the outgoing emails limit (1000 for each account for every hour max). But I can't understand this message:

The following domains use external email addresses for mail forwarding of messages sent to non-existent addresses. Messages sent to these addresses will not be accounted for in Outgoing Mail Control:

and then there is a big list of all the domains hosted.... what does it means?!?! these domains actually don't use external email addresses for mail forwareding of messages sent to non-existent address... it's a single catch-all address that is of the main domain, hosted on the same vps (for esample [email protected], where domain.com is also hosted on my vps).