Plesk 12.x / Linux :: View Detailed Maillog To Find Spam Scripts
Apr 15, 2015
We have just had reports of SPAM being sent from our CentOS 6.x server running Plesk 12.
Services like Plesk Premium antivirus, SpamAssasin, watchdog(rkhunter) and mod_security are enabled on the server to enhance security and none of these seemed to stop the scripts.
The issue is that multiple domains are sending out mail from this server, so it is difficult to find the script sending out SPAM.
When we were running Plesk 11.0 we had a seperate log-file where we could see the file sending any mail going out from the postfix mailserver. I have check both /var/log/maillog and /usr/local/psa/var/log/maillog, but there is nothing in those files to tell me the file that sent the mail.
How would I go about finding this file from either the Plesk Control Panel or through SSH (using log-files)?
Code: root@server [~]# service exim restart Shutting down clamd: [ OK ] Shutting down exim: [ OK ] Shutting down antirelayd: [FAILED] Shutting down spamd: [ OK ] Starting clamd: [ OK ] Starting exim-26: [ OK ] Starting exim: [ OK ] Starting exim-smtps: [ OK ] Starting antirelayd: Cannot find the maillog at /usr/sbin/antirelayd line 26. [FAILED] Starting spamd: [ OK ]
I facing a serious problem with my qmail and plesk 11.0.9.I found the way spammer did with my server by listening everything on port 25. Maybe he know the RCPT hosts of mine, and they send emails with random username but with domain hosted on my Plesk. (email@example.com, user2@ my domain.com, ... firstname.lastname@example.org).
qmail only check domain in RCPT if spammer input:"mail from email@example.com" - (with out ":") - no email address on my server.then server reply: 550, no mailbox here by that name. (#5.7.17)
But qmail check username and domain if spammer input:""mail from: firstname.lastname@example.org" - (with ":") - no email address on my server. Then server reply: 250 OK..This is really weird! I tried with all my plesk server, this bug still effected.Click to expand...
Mar 31 14:56:52 hosting plesk sendmail: _mh_fork(): Error occured during waiting the child process with pid: 1178: No child processes Mar 31 14:56:52 hosting plesk sendmail: Error during 'check-quota' handler Mar 31 14:56:52 hosting plesk sendmail: Unable to get sender domain by sender mailname
I have a Cloud VPS with 1and1 and Plesk is installed on it. I happen to have a VPS view that doesn't include DNS functionality for the domains.
So, i have added domain to the system, create an email address... because i dont see on how i can manage DNS settings I have set up cloudflare and pointed domain to the cloudflare and cloudflare is pointing to server.
so I have email: email@example.com
on cloudflare i have: A domain @ IP A www @ IP CNAME mail @ domain MX 10 mail.domain
In plesk i have set up an alias, mail.domain for domain, that has access to email.
I go to the network-tools.com to look up firstname.lastname@example.org: [Resolving mail.domain...] [Contacting mail.domain [IP]...] [Timed out]
I just installed Plesk 12 Web Admin Edition, installed and activated all licence keys and everything works fine.The only thing, I can't find the "Service Provider View" in the Interface Settings, there is only a "Power-User" view provided, even I've selected the Service Provider View during Plesk Setup, I was moved to the Power User view and now I can't switch the interface.I am really missing the server health monitoring from this Service Provider View like got it on all other servers I have.
I have a Plesk 11.5 server that someone made changes to in IIS to allow web site users to turn the sending of detailed error messages on and off from a web.config file. Unfortunately now none of the sites will send detailed error messages to the browser no matter what is done. The person that made the changes to IIS did not document them properly and cannot tell me what exactly they changed. None of the obvious settings have made an effect on the problem.
to repair the databases. Worked, but give me the error
"Table 'aps_resource' doesn't exist"
One more time, i recover this table from the newest backup existing. But now, give the error " Can not find registry resource for Application ID" for one domain - I have 3 domains, 2 are working, one not.
I'm migrating from Plesk 9.5 (Centos 5) to Plesk 12 (Centos 6).I found this in the migration.log file: : 2014-06-25 14:27:20 DEBUG Unable to find 'pigz', trying 'gzip'
I've installed pigz from Plesk repository and I can execute pigz in the shell, but definitely Plesk Panel doesn't use pigz.I tried with pigz from EPEL repo and the log showed the same error. I also tried to move the binary from /usr/bin/pigz to /bin/pigz and It didn't work.I'm interested in using Pigz to improve the speed of migration and backup.
I have completed email set up on my server and have checked that email ports are open, but for some reason outlook keeps returning : "Outlook cannot find the server. Verify the server information is entered correctly in the Account Settings, and that you DNS settings in the Network pane of System Preferences are correct."
The odd thing is that outlook still picks up emails if I receive any, but keeps returning above error every minute.
I just migrated a bunch of domains from plesk 11.5. Everything appears to be working well however when examining the maillog, I am seeing some strange errors... In this example, the message was delivered and had the spamassassin stuff in the header.
spamd: handle_user unable to find user: 'email@example.com'
When you perform a migration, Plesk gives me this error. For more I search, I find what may be the cause.
Error: Unable to find domain with name 'e-domain.com'[2014-11-18 19:41:31] ERR [panel] exception 'PleskObjectNotFoundException' with message 'Unable to find domain with name 'e-domain.com'' in /usr/local/psa/admin/plib/Domain.php:950 Stack trace: #0 /usr/local/psa/admin/plib/backup/Conflicts/PleskDataManager.php(1278): Domain::getByName('e-domain.c...') #1 /usr/local/psa/admin/plib/backup/Conflicts/Resolver/UnfitSettingsResolver.php(500):
I have a web blog that shows promise of growing pretty big soon! This is a vbulletin whith chatbox and arcade games. The forum is for gamers and game modification talk. I want to keep my features such as in forum mp3 player for streaming music. I host no files everything is linked from outside sources. Even photos are linked from photo hosts. I forsee about 20-30 members on at all time browsing and chatting in chatbox. Playing in the online arcade!
I have no idea how much bandwidth all this will use up. I do know that 20-40 gig of space should be quite enough but as always I want all I can get. As far as bandwidth I have no idea what all those features will eat up.
I have looked at fatcow.com and talked to them they said their unlimited is this 300gig space 3000 gig bandwidth and they do not keep up with msql databases. I looked on BBB and they have an A+ record if compared to hostgator they have unsatifatory! The only problem is they are yearly contract only. I do not trust this! I also have to let them re-bill me at end of year and this gives them access to my account. The payment options are check,paybal, or credit.
I have a dedicated server, the server itself is secure (as far as I know) and I run lots of my sites from it. I offered a friend hosting for his flash based chat application he built.
Today I was contacted by someone; "Are you the owner of xxxx.net?" so I informed that yes, it was my server and they then showed me an email they'd received from my server. I did a search and apparently someone uploaded mail.php and a couple of files it was using to send out spam based upon a variety of conditions that the other files met. The files contained forenames and surnames, it'd use a forename and a surname then send it to popular free mail services. The email contained ramblings about new world order and promoted a website.
How can I find out how they got the files uploaded to the account and what action can I take? I checked the whois for the domain and have their contact information, however it's a large site so I'm doubtful that the owner did it. I don't want my servers IPs being blacklisted for spam :|
Not far ago somebody hacked our customer account through the vulnerability in phpBB Album module and uploaded some scripts. Then it started to send nigerian spam using exim and apache. These scripts were found and deleted and the Album module was fully deleted too. But when I look at the processes now I see that exim and httpd still start very often so the system resources are probably overused by them ......