Plesk 12.x / Linux :: Alarms From Health Monitor Goes Into SPAM
Dec 12, 2014
I spent a lot of time trying to not have alarm messages into spam folder.
already added address to my contacts
already mark it as important
already changed sender email... but
Plesk where take email for Alarm Message?
Because I changed email (external) with 1 internal, but update alert arrive with administrator email and now is not going to spam, but alarm email arrive with old email (external, that is marked as pishing) ....
I keep receiving emailed alerts with subject like: "<server name> alarm level changed"
with content like:
Server health parameter "Memory > Real memory usage" changed its status from "green" to "yellow". or Server health parameter "Services > Apache CPU usage" changed its status from "red" to "yellow".
(and then a readout of the top command)
1) Where in Plesk can I see live alerts (or a historical log of these alerts)
2) Where can I change the settings (I think it may be too sensitive and the thresholds need to be adjusted)
3) I don't quite understand the alerts in general either, for example, the "Memory > Real memory usage", the TOP command output is for example:
i can't seem to get access to the health monitor in power user mode. As my plesk license was "upgraded" from a usual 11.x 10 Domains-License to new WebAdmin Package, i can't choose service provider view anymore. How can i get access to the health monitor now?
I just installed the Health Monitor add-on in a brand new Plesk 11.5.30 on CentOS 6.4 but all that it's area in Plesk displays is this funky looking error:
{"status":"error","statusMessages":[{"status":"error","class":"","content":"Unable to load configuration file.Click to expand...
I have a one problem in my server . I use in Parallels Plesk v12.0.18_build1200140606.15 os_CentOS 6 I vps in systemOS CentOS6.6 Final Minimal and installing plesk health monitor show error in :
{"status":"error","statusMessages":[{"status":"error","class":"","content":"Unable to load configuration file.
Health Monitor Module is installed and running on server, but not visible under Server Administration Panel > Home > Server Health on Plesk Panel 11.0.9 update #7. Is there a trick to configuring home to show it and/or a direct way to launch view of server health?
Health center shows Total usage 6056039.4% used 2198044.96 nginx CPU usage 156.5 % 3250.89 Mail server CPU usage 203.6 % 4844.61 MySQL CPU usage 12.2 % 10.28 Plesk CPU usage 164.6 % 95111.06 Getting tired of all the notifications plesk sends to my phone....
EDIT:
Happens everytime i reboot the server. After about 15 minutes the stats normalise.
2014-06-24T10:01:15+11:00 INFO (6): Server health parameter "Services > Panel CPU usage" changed its status from "green" to "red". 2014-06-24T10:21:16+11:00 INFO (6): Server health parameter "Services > Apache CPU usage" changed its status from "red" to "green".
I have 5 Linux Plesk 12 servers, and I use Spamassassin, usually at a sensitivity of 2 or 3, I also use the following DNS
Blackhole lists: zen. spamhaus. org;b. barracudacentral.org;abuse.rfc-ignorant.org;cbl.abuseat.org;bl.spamcop.net;nomail.rhsbl.sorbs.net
But all of this seems to have minimal effect. I examine spam that comes through which looks very obviously like spam, but Spamassassin gives it a very low score, usually in the negative numbers.
Is SA just not as effective as I thought? Seems like if Gmail, etc can filter spam so effectively, then why can't SA? If there's something I'm not doing right, or what you all do to combat spam with Plesk 12.
My server is saturated in SPAM e-mails being sent from it, however I am struggling in tracing the root of this problem. I have now exhausted 4 IP addresses and our provider is blocking port 25 automatically on a number of occasions now.
I have used the KB article: [URL] .... to trace the highest senders of e-mail, however this has proved to be unsuccessful in finding "all" of the offending domains.
I have suspended e-mail and domains on a number of subscriptions due to the high number of e-mails being sent from the system. I have also enabled outbound mail control and set limits to 10/hr however there are domains attempting to exceed this on an hourly basis. I have investigated these subscriptions but am not able to find anything offending. Is there any feature within plesk that can show me exactly where the spam is coming from...
I am dealing with a situation which i cannot understand. I am running an website for a resort and occasionally i am sending e-mail stop the people who book villas using the website. By occasionally i mean last year i sent 2 e-mail campaigns with a proper spam score.
However, at this moment, even the e-mails that i receive from the website's contact form arrive as Junk into Gmail for example.
Domain abc.com is hosted on our server, it has a hosted e-mail 123@abc.com. This e-mail adress keeps getting SPAM messages from an address abc@srv2.xyz.com (where srv2.xyz.com is our server FQDN). What we understood by reading the headers (posted below) is that someone is sending an e-mail to support@abc.com. This e-mail adress, as configured in Plesk, redirects e-mails to 123@abc.com. But we don't understand how someone managed to send an e-mail from an unexistent abc@srv2.xyz.com to it.
Here are the headers:
DomainKey-Status: no signature Return-Path: <Coulter_Faustinoa1@aspli.com> X-Original-To: 123@abc.com
I just did the update to 12.0.18 #6 and everything seemed to go pretty well. One feature we were really interested in was the Outgoing Spam Filter. Unfortunately, the error I see when I go to that feature reads, "Protection : Not active. There are some problems that prevent the service from being started."
When I Google that error, I'm brought to some KB articles but they are all for the older Outgoing Spam Filter that you need a license key for. I don't believe that is the case any more - if it is, I don't know where to get the key. I will say point out I'm a bit of a Linux novice (we are running CentOS 6.5 on this server), so I'm not really sure where to look....
From 1 week until now I got 4 spam attacks. The attacker is the same, because the emails sent are iqual.
The technique is also the same, they use an email account (compromissed password) and send emails through smtp server.
When I detect the attack, i do:
1. identify the compromised account 2. Change password from the compromised account 3. Stop qmail 4. Clear queue with qmail-remove 5. Start qmail
The problem is that they already used 4 diferent domains since the first attack. So, here is my problem, how do they discover the passwords?! How can I solve this problem? I have hundreds of emails accounts and can't change it all.
I have a hard problem with my VPS. I have postfix as mail server on plesk 12 under ubuntu 12.
I dont know why the outgoing mails of all my domains in my servers are getting spam in servers like gmail, yahoo, hotmail...
I'm using mxtoolbox to fix errors and warnings and finally fixed all of them, but my mails are still outgoing to spam.
In mxtoolbox actually I have no mail server errors / warning, u can see it with, for example, this one of my domains: [URL] ....
Headers:
This message is an automatic response from Port25's authentication verifier service at verifier.port25.com. The service allows email senders to perform a simple check of various sender authentication mechanisms. It is provided free of charge, in the hope that it is useful to the email community.
I facing a serious problem with my qmail and plesk 11.0.9.I found the way spammer did with my server by listening everything on port 25. Maybe he know the RCPT hosts of mine, and they send emails with random username but with domain hosted on my Plesk. (user1@mydomain.com, user2@ my domain.com, ... userxxx@mydomain.com).
qmail only check domain in RCPT if spammer input:"mail from user1@mydomain.com" - (with out ":") - no email address on my server.then server reply: 550, no mailbox here by that name. (#5.7.17)
But qmail check username and domain if spammer input:""mail from: user1@mydomain.com" - (with ":") - no email address on my server. Then server reply: 250 OK..This is really weird! I tried with all my plesk server, this bug still effected.Click to expand...
So, I have been searching everywhere online and have not come to a fully working conclusion with the issue regarding outgoing emails going to spam via gmail, hotmail, etc.Domain keys are activated, but it seems that domain keys is deprecated, making it useless when it comes to spam detection for email servers such as google, aol, etc.
The only alternative found was here: URL.....But that means that every customers DKIM will have to be created manually via command line. This would be a mission when having over 500+ ongoing customers signing up.Will you guys be implementing DKIM automation for Plesk? I am pretty much against trying to use c(p)anel + Centos and just love Plesk. So I prefer Plesk any day..
I have different adresses configured with several domains on the same server. All the emails send to gmail/hotmail adresses are marked spam.
Looking in the headers everything seems fine, including SPF:
Delivered-To: xxx@gmail.com Received: by 10.202.174.138 with SMTP id x132csp563903oie; Wed, 20 May 2015 04:53:19 -0700 (PDT) X-Received: by 10.180.109.136 with SMTP id hs8mr40446245wib.73.1432122799197; Wed, 20 May 2015 04:53:19 -0700 (PDT) Return-Path: <x@x.nl> Received: from x.net (x.net. [xx])
I have some error when the new outgoing spam protection (limitation for outgoing mail) is enabled. Mail clients are unable to use SMTP for sending mails. "My mail client says: The message could not be sent. You are not allowed to use sendmail utility."
I don't undestand the blocking behaviour since the checkbox "Allow scripts and users to use Sendmail" is checked and no limit is exeeded.This is the relevant log part of maillog:
Code:
Jul 3 00:44:36 srv01 postfix/smtpd[3326]: C0E5182A20: client=46.128.x.x.dynamic.cablesurf.de[46.128.x.x], sasl_method=CRAM-MD5, sasl_username=info@domain.de Jul 3 00:44:36 srv01 postfix/cleanup[3331]: C0E5182A20: message-id=<0A380CA8-AAE3-4FA8-BA7A-A3FDF7CD16E2@domain.de> Jul 3 00:44:37 srv01 /usr/lib/plesk-9.0/psa-pc-remote[3280]: handlers_stderr: DATA REPLY:554:[B]5.7.0 The message could not be sent. You are not allowed to use sendmail utility.[/B] REJECT Jul 3 00:44:37 srv01 /usr/lib/plesk-9.0/psa-pc-remote[3280]: REJECT during call 'limit-out' handler Jul 3 00:44:37 srv01 postfix/cleanup[3331]: C0E5182A20: milter-reject: END-OF-MESSAGE from 46.128.213.43.dynamic.cablesurf.de[46.128.x.x]: 5.7.0 The message could not be sent. You are not allowed to use sendmail utility.; from=<info@domain.de> to=<mail@domain2.de> proto=ESMTP helo=<[192.168.1.20]> Jul 3 00:44:37 srv01 postfix/smtpd[3326]: disconnect from 46.128.x.x.dynamic.cablesurf.de[46.128.x.x]
Moreover I disabled the line "non_smtpd_milters" in postfix main.conf since my server has same issues discribed in the following thread: Postfix: mails sent through sendmail binary are blocked because of wrong HELO
I have tried to send emails to gmail from horde and form php but the are mark as spam even if the gmail headers are ok:
Delivered-To: my_gmail_account@gmail.com Received: by 10.112.205.233 with SMTP id lj9csp202933lbc; Wed, 7 Aug 2013 05:58:22 -0700 (PDT) X-Received: by 10.15.31.9 with SMTP id x9mr2966600eeu.103.1375880301851; Wed, 07 Aug 2013 05:58:21 -0700 (PDT) Return-Path: <info@my_domain.com>
I am happily running Plesk 11.5; with just one small but annoying persistent problem:
I have Clients with large mailinglistes - SpamAssassin - Server-wide greylisting - DNSBL is running.
But apparently many of the lists mail addresses have been harvested over the years. And as there is no easy way to use SA in mailman, I am down to greylisting only for list addresses.
This results in insanely large amounts of SPAM (-> moderation requests) on the client's lists. Is this behavior improved in Plesk 12?
Or can probably SIEVE filters work here - are those available to mailman? (probably not as they work in Dovecot?)
I need reinstall qmail after spam atack and follows the post.URL....It says:
rpm -Uvh --force psa-qmail
but my system return an error message..error: opening psa-qmail failed: it does not existe file or directory (error: la apertura de psa-qmail falló: No existe el fichero o el directorio)
