I have a Plesk v12.0.18_build1200140606.15 os_CentOS 6 server. using postfix
And Lots of spam is send from my server.
I tried: [URL] .... but with no results.
on the moment the /var/log/maillog file is over 5,5GB
and the /var/log/maillog.processed is over 7,2GB and splitted into multiple .gz files
What can I do to find the source of the problem and stop it ?
Somebody is sending spam from my postfix server.
How can I locate the domain causing the problem?
My postfix is sending huge amounts of e-mail that I was forced to stop postfix.
Even if I set relaying to closed, disable message submission and disable sendmail spam is still being send..
Outgoing mail control reports nothing at all, and if I check my server with online tools to be sure it is not relaying everything is reported fine.
I have a dedicated server with Linux. I have the following problem. Someone has hack my server and is sending illegal newsletters. My hosting sent me an abuse message and in the mailserver logfiles i see that is sending all the time.
View 2 Replies View Relatedactually i want to know is this sending this email by my smtp server?
Feb 23 14:49:36 nsxxxxxx /var/qmail/bin/relaylock[9836]: /var/qmail/bin/relaylock: mail from 187.5.81.179:51251 (187-5-81-179.bsaco701.dsl.brasiltelecom.net.br)
Feb 23 14:49:37 nsxxxxxx qmail-queue-handlers[9838]: Handlers Filter before-queue for qmail started ...
Feb 23 14:49:37 nsxxxxxx qmail-queue-handlers[9838]: from=Frederick59c@brasiltelecom.net.br
Feb 23 14:49:37 nsxxxxxx qmail-queue-handlers[9838]: to=info@xxxxxxxxxx.be
Feb 23 14:49:37 nsxxxxxx qmail-queue-handlers[9838]: handlers_stderr: SKIP
[code]....
When I send files to my through FTP, the server cuts connection and I get this message in messages log file
FAIL: ftp per_source_limit from xxx.xxx.xxx.xxx
xxx.... my IP
And I've observed the connection is closed and opened during the transfer.
I avoid disconnection adding per_source=unlimited in /etc/xinetd.d/ftp_psa
But I see this entry in the same message log
mod_delay/0.7: unable to open DelayTable '/var/proftpd.delay': No such file or directory
I currently have a dedicated server, Linux, with 1 website on it that is sending spam.
At first I thought it was someone spoofing my email address, however when I check my servers Email queue I can see the spam emails in there being sent.
My problem is that I have contacted my server provider and support for the scripts I'm running and everyone is saying its the other persons fault. My server provider is saying everything is up to date and it must be a software exploit on one of my scripts, and the support team from my software is saying its not them that its the server.
got a 2nd notice from my ISP complaining that spams are being sent from my dedicated box. Since the first notice, I had stopped all the mail-related services (sendmail, mailman, courier-imap), which means no emails will be sent out from this box. However, I still received the 2nd notice for spamming.
own dedicated box running CentOS 4.2 with Plesk 8.1. 1 site hosted on it.
concerns are
1. Is my box hacked in and hijacked to send out spam? If yes, how can I check for system integrity?
2. Based on the service status dump, is there something else I need to do in the meantime to stop the box from sending out spam?
3. If there's someone who willing to help out, I'm willing to pay a small amount (~$50, sorry I'm broke!) to fix the server and just kinda help me through the process.
Upon checking the mail logs, I find this
Code:
Jul 12 07:39:35 ns2 postfix/smtp[31739]: certificate verification failed for gmail-smtp-in.l.google.com[173.194.68.26]:25: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
Jul 12 07:39:36 ns2 postfix/smtp[31739]: 2AC1222A0003: to=<aarontd207@gmail.com>, relay=gmail-smtp-in.l.google.com[173.194.68.26]:25, delay=2, delays=0.1/0/1.3/0.64, dsn=2.0.0, status=sent (250 2.0.0 OK 1405143576 q6si6606624qan.104 - gsmtp)
I are running an Plesk 11.5 on a Ubuntu 12.04 machine. Since days i have problems where i see scripts of phishing sites and mailer scripts installed in the httpdocs directory of various domain.
How I can prevent that people outsiders install this scripts on the server? Where is the bug that allows this?
I run a large service on 2 machines (we're talking 8x2.66Ghz processing power, 4-6GB ram, etc), however we are thinking about creating a node/clustered setup to help spread the load, bandwidth, mysql (having one server for hundreds of thousands of databases is not wise it seems :p), diskspace etc. Lots of machines just seems to be a cheaper and more powerful option.
Would you advise going with lots of lower end machines, or just a few mid-range machines.
Here is what I propose:
3 of these
Dual Xeon 3GHZ Dual-Core (4x3GHz)
3GB RAM
500GB Sata Drive
4000 GB Bandwidth
100mbit
or
4 of these
XEON X3220 QUAD CORE 2.4GHZ 1066FSB
2GB DDR2 RAM (Upgradeable)
250GB HDD
2000GB Bandwidth
100mbit
or
7 of these
Dual Xeon 3.06 Ghz
2GB DDR2 RAM
250GB SATA
2000GB BW/MONTH
100mbit
All of the above are roughly similar prices in total.
I am using Plesk Panel 11.0.9 (latest updates applied) on CentOS 6.4. at Strato. Unfortunately I can not send email from outside of the server (thunderbird). As I am not familiar wwith mail server configuration at all I would expect that plesk panel does that for me (right?)
* I can send emails via web mail.
* I can receive emails in thunderbird, but sending runs into a timeout.
* The plesk firewall configuration does have a rule for smtp (but I don't see for which port), so I would expect it is not a firewall issue
* I would like to send with some security (starttls and encrypted password), but sending does currently also not work with any combination of (non-)security setting.
My domain has been migrated from another provider, I added it myself via Plesk panel later. The only mail-related change I did without plesk panel was to copy the mailboxes from my old server to /var/qmail/mailnames. But this should not effect sending email...
Since the last update I am having constant troubles with email accounts when sending or replying to email messages.
This is the message I am getting:-
"error sending your message: Service unavailable - try again later"
This is our system and the software is the Parellels with Business Manager and stuff.
OS CentOS 6.5 (Final)
Plesk version 12.0.18 Update #10, last updated at Aug 4, 2014 05:00 AM
The system is up-to-date; last checked at Aug 3, 2014 04:44 AM
This is what the error looks like in the log file located at /usr/local/psa/var/log/maillog
Aug 6 11:54:08 host spamd[28992]: spamd: connection from localhost [127.0.0.1] at port 37548
Aug 6 11:54:08 host spamd[14212]: prefork: child states: II
Aug 6 11:54:08 host courier-imapd: Connection, ip=[::ffff:127.0.0.1]
Aug 6 11:54:08 host courier-imapd: LOGOUT, ip=[::ffff:127.0.0.1], rcvd=12, sent=365
[Code] ....
Suddenly my plesk 11.5.30 #47 stops sending notification mails to Administrator email. What can I check to solve the problem.
View 2 Replies View RelatedI use whmcs to bill my cusotmers. when a account is created, plesk sends mail from admin email and name to customer as below,
A new domain name has been created.
Domain name: xxx.xxx
Domain name owner: xxxx xxxxx
IP address associated with the domain name: xxx.xxx.xxx.xxx
How can I disable it ? it ends up in spam and I just don't want customers to receive it.
I need to sending health notification emails to another email.
I change admin : /usr/local/psa/bin/init_conf --update -email xxx@xxx.xx
Admin change, but health notification email not change.
someone is sending spam using my smtp on qmail. I have authentication on sending messages, but my host company is complaining about spam messages that are sending to numerous emails. is there any solution? or how to fix that...
View 3 Replies View RelatedI have been able to get my server to notify me fast enough so I can delete the account and all he messages sent by that user fast enough. Taking to long might result in getting blacklisted, etc..
So, my question is, how can I prevent something like this? Isn't there a way to completely disable mail for an account (cPanel server) so they can't send mail in the first place? Or, is there a way to somehow silently discard all the eMail sent by a user in a specific group?
I have Plesk 12 on CentOS 7. I have only MSMTP installed not Postfix or Qmail. No matter what settings I use in the external SMTP settings the mail is never sent and I cannot find any error logs.
I have tried gmail smtp, sendgrid smtp and another smtp server that I own.
This is not a firewall issue as far as I can tell since if I install postfix it just works. Also any Wordpress or Joomla installs that use SMTP settings with gmail or sendgrid work just fine.
Screenshot for information only. I used accurate usernames, passwords, etc.
↑
Quick update. I tried the recommended CentOS 7 with the same result. Can installing Plesk 12 without a mail server and using the msmtp relay option actually works?Click to expand...
we are in this situation:
OS: CentOS 6.5 (Final)
Plesk version: 12.0.18 Update #16, last updated at Sept 11, 2014 04:07 AM
PHP: 5.4.32
we created a new mailing list test1@domain.tld and we tried to send a message, as administrator, to the list and to the temporary users subscribed.But Mailman dones't send anything ! And we receive this error:
Sep 11 15:20:00 2014 (30314) All recipients refused: {'admin-mailinglist@domain.tld': (554, '5.7.1 <admin-mailinglist@domain.tld>: Relay access denied')}, msgid: <mailman.0.1410441595.30312.test1@domain.tld>
Sep 11 15:20:00 2014 (30314) delivery to admin-mailinglist@domain.tld failed with code 554: 5.7.1 <admin-mailinglist@domain.tld>: Relay access denied
Sep 11 15:20:00 2014 (30314) SMTP session failure: 550, 5.7.1 Command rejected, msgid: <mailman.2.1410441595.30312.test1@domain.tld>
All other services on this server seems to be ok, normail email sending, receiving, http... all right... but mailman no.
one of our dedicate server which host only one website and use vbulletin.
we are unhappy about sending mail and it goes to spam box.
but we see that some website send many mail. for examle they have 1,000,000 user and send email to them every day.but their email send to inbox
what can we do about it?
i have been receiving lot of spam emails with from and to address being the same email of my domain with content being "click here to see web page" or an image link of viagra shop seen. sometimes it is sent with title "delivery status failure"
i checked the mail headers and it seems that they do not originate with contact form since i used captcha to protect them.
Yesterday my mail logs started showing many a spam email being sent from my server. There isn't anything mission critical running on it, so I took down qmail until I could find the vulnerability and fix it. But try as I might, I haven't found any conclusive vulnerability, so I thought to ask here where someone with more experience might spot something obvious that I've missed (I'm still somewhat new to this).
Anyway, the qmail logs show that the messages came from uid 48, apache. Log excerpt (sending of first spam mail):
Quote:
Aug 28 11:10:51 host qmail-queue[8056]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
Aug 28 11:10:51 host qmail-queue[8056]: scan: the message(drweb.tmp.TNDOi2) sent by anonymous@HOSTNAME to SPAMADDRESS should be passed without checks, because contains uncheckable addresses
Aug 28 11:10:51 host qmail: 1188295851.742521 new msg 51970054
Aug 28 11:10:51 host qmail: 1188295851.742679 info msg 51970054: bytes 445 from <anonymous@HOSTNAME> qp 8057 uid 48
Aug 28 11:10:51 host qmail: 1188295851.752799 starting delivery 460: msg 51970054 to remote SPAMADDRESS
Aug 28 11:10:51 host qmail: 1188295851.752933 status: local 0/10 remote 1/20
Unfortunately, my Apache logs have no entries around the time when these messages were sent. There are some suspect "CONNECT" requests scattered throughout the logs, but all are denied with 405's, and none correspond exactly with the time of the spam. Example (from about 3 hours after the spam):
Quote:
210.17.191.242 - - [28/Aug/2007:14:34:43 +0100] "CONNECT 205.158.62.146:25 HTTP/1.0" 405 235 "-" "-"
210.17.191.242 - - [28/Aug/2007:14:34:43 +0100] "PUT [url]
HTTP/1.0" 405 231 "-" "-"
210.17.191.242 - - [28/Aug/2007:14:34:43 +0100] "POST [url]
HTTP/1.0" 200 2 "-" "-"
(The fact that the final query wasn't denied worries me slightly though. Does anyone have any insight?)
I'm not sure where to go from here. I'm concerned about the lack of logs by Apache. There's a nine hour period without any entries; not unusual for my server given that its not very active, but the time when the spam was sent falls in this time period. I've checked for common security issues, but qmail is configured only to relay from localhost, and Apache isn't configured as an open proxy. Are there any other common issues I should check for? Is there any other information I should post here to help identify the problem?
I'm running Apache version 2.0.52, and qmail 1.03.
I'd be very grateful for any help or links to relevant HOWTOs.
My server is being used for sending out spam email using SMTP auth on server. I am failed to recognize it using phpnobody spam.
The email headers are as below:
[root@serverl ~]# /root/qmHandle -m38168420
--------------
MESSAGE NUMBER 38168420
--------------
Received: (qmail 19615 invoked from network); 21 Dec 2007 11:14:02 -0500
Received: from 124-8-103-212.dynamic.tfn.net.tw (HELO lzbldm) (124.8.103.212)
by ip-xx-xx-xxx-229.static.priatdns.com with SMTP; 21 Dec 2007 11:14:02 -0500
Message-ID: <003761451621$48031823$28802762@lzbldm>
From: =?big5?B?uPKmaL5sqs6m17uh2VTZVA==?= <twzcgj@ip-72-55-159-229.static.pedns.com>
To: <ahyu327@yahoo.com.tw>,
<r820309@yahoo.com.tw>,
<janejanexxx@yahoo.com.tw>,
<mirror8210@yahoo.com.tw>,
<angr34@yahoo.com.tw>,
<sungerhuang@yahoo.com.tw>,
<andy422927@yahoo.com.tw>,
<a155882@yahoo.com.tw>,
<tsai1926@yahoo.com.tw>,
<87878787@yahoo.com.tw>,
<joe-5409@yahoo.com.tw>
Subject: =?big5?B?s2+xTqxPp0GzzKvhpECmuLTuqs4=?=
Date: Sat, 22 Dec 2007 00:14:39 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0748_01590CDE.19AA17B0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3198
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
This is a multi-part message in MIME format.
The qmail logs are as below
Dec 23 04:22:02 serverl qmail: 1198401722.886024 end msg 38163426
Dec 23 04:22:02 serverl qmail: 1198401722.886435 new msg 38163440
Dec 23 04:22:02 serverl qmail: 1198401722.886630 info msg 38163440: bytes 5274 from <> qp 21043 uid 2522
Dec 23 04:22:02 serverl qmail: 1198401722.897484 starting delivery 247946: msg 38163440 to remote jr1979@freenet.de
Dec 23 04:22:02 serverl qmail: 1198401722.897706 status: local 0/10 remote 9/20
Dec 23 04:22:03 serverl qmail: 1198401723.035092 delivery 247944: failure: 195.4.92.17_does_not_like_recipient./Remote$
Dec 23 04:22:03 serverl qmail: 1198401723.035296 status: local 0/10 remote 8/20
Dec 23 04:22:03 serverl qmail-queue[21076]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
Dec 23 04:22:03 serverl qmail-queue[21076]: scan: the message(drweb.tmp.fkOXLe) sent by #@[] to postmaster@cl-t061-160$
Dec 23 04:22:03 serverl qmail: 1198401723.192176 bounce msg 38163423 qp 21076
Dec 23 04:22:03 serverl qmail: 1198401723.192241 end msg 38163423
Dec 23 04:22:03 serverl qmail: 1198401723.193683 new msg 38163429
Dec 23 04:22:03 serverl qmail: 1198401723.193930 info msg 38163429: bytes 5878 from <#@[]> qp 21092 uid 2522
Dec 23 04:22:03 serverl qmail: 1198401723.220191 starting delivery 247947: msg 38163429 to local 9-postmaster@cl-t061-$
Dec 23 04:22:03 serverl qmail: 1198401723.220247 status: local 1/10 remote 8/20
Dec 23 04:22:03 serverl qmail-local-handlers[21111]: starter: submitter[21118] with error code 100
Dec 23 04:22:03 serverl qmail-local-handlers[21111]: mailsend: wait for submitter failed
Dec 23 04:22:03 serverl qmail-local-handlers[21111]: cannot reinject message to mail system
Dec 23 04:22:03 serverl qmail: 1198401723.270544 delivery 247947: failure: This_address_no_longer_accepts_mail./
Dec 23 04:22:03 serverl qmail: 1198401723.270720 status: local 0/10 remote 8/20
Dec 23 04:22:03 serverl qmail: 1198401723.270863 triple bounce: discarding bounce/38163429
Dec 23 04:22:03 serverl qmail: 1198401723.270906 end msg 38163429
Dec 23 04:22:03 serverl pop3d:
Dec 23 04:22:03 serverl qmail: 1198401723.821852 delivery 247946: failure: 195.4.92.17_does_not_like_recipient./Remote$
Dec 23 04:22:03 serverl qmail: 1198401723.821918 status: local 0/10 remote 7/20
Dec 23 04:22:03 serverl pop3d: IMAP connect from @ [71.107.192.162]INFO: LOGIN, user=support, ip=[71.107.192.162]
Dec 23 04:22:03 serverl qmail-queue[21226]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
Dec 23 04:22:03 serverl qmail-queue[21226]: scan: the message(drweb.tmp.Ge7OVb) sent by #@[] to postmaster@cl-t061-160$
Dec 23 04:22:04 serverl qmail: 1198401724.007097 bounce msg 38163440 qp 21226
Dec 23 04:22:04 serverl qmail: 1198401724.007177 end msg 38163440
Dec 23 04:22:04 serverl qmail: 1198401724.008599 new msg 38163295
Dec 23 04:22:04 serverl qmail: 1198401724.008829 info msg 38163295: bytes 5837 from <#@[]> qp 21240 uid 2522
Dec 23 04:22:04 serverl qmail: 1198401724.042842 starting delivery 247948: msg 38163295 to local 9-postmaster@cl-t061-$
Dec 23 04:22:04 serverl qmail: 1198401724.042898 status: local 1/10 remote 7/20
Dec 23 04:22:04 serverl qmail-local-handlers[21255]: starter: submitter[21262] with error code 100
Dec 23 04:22:04 serverl qmail-local-handlers[21255]: mailsend: wait for submitter failed
Dec 23 04:22:04 serverl qmail-local-handlers[21255]: cannot reinject message to mail system
Dec 23 04:22:04 serverl qmail: 1198401724.089046 delivery 247948: failure: This_address_no_longer_accepts_mail./
Dec 23 04:22:04 serverl qmail: 1198401724.089108 status: local 0/10 remote 7/20
I tried to grep some more information agains UID but failed:
[root@serverl ~]# grep 2020 /etc/passwd
alias:x:2021:2020:Qmail User:/var/qmail/alias:/bin/false
qmaild:x:2020:2020:Qmail User:/var/qmail/:/bin/false
qmaill:x:2022:2020:Qmail User:/var/qmail/:/bin/false
qmailp:x:2023:2020:Qmail User:/var/qmail/:/bin/false
[root@serverl ~]# grep 2522/etc/passwd
[root@serverl ~]# grep 2522 /etc/passwd
qmails:x:2522:2520:Qmail User:/var/qmail/:/bin/false
psaftp:x:2524:2522:anonftp psa user:/:/bin/false
how can i catch this spammer domain name hosted on my server. Its CentOS Plesk 8 Server.
When a PHP script is sending a mail, there is added an return path in mail header. How to change that mail address in return path?
We are using Postfix and CentOS 6.5
Plesk is setting the mail address of the owner of the hosting account. When changing the owners mail address in Plesk, the return path is still the same and is not updated...