Plesk 12.x / Windows :: Spammers Blocking Inbound SMTP
Sep 19, 2014
I am having some problems with the inbound smtp sockets, we are receiving a constant attack from spammers, and they are taking all the sockets we have open for our users. We have enable SPF, greylisting, inbound control access through authentication, relay access with authentication also. but after some weeks we are on the same situation yet. We have spam assasin also installed as power pack from plesk, and we have add DSN black list from b.barracudacentral.org, bl.mailspike.net and bl.spamcop.net but we still suffer from this problem.
We have also try to increase the socket assigned to 200 and after some minutes they used all again and the CPU change increase up to 25% of the total capacity.
I have deciated windows 2008 server and from last 2 days there is some thing which is using our smtp server to send spam its like we get thousand of spam emails qued in our outbound que, although our security is really high, such as smtp authtenication (open relay) and other options are already enable and we ran anti virus scan too but nothing found.
I wonder if there is anyone else out there who face such problem and how did you stop?
The problem is a bug in one domain (the principal) for which a backup job unfinished blocking the domain. Unable to unlock the domain and indicated (in version 10.4.4) I had a backup job unfinished. Restarting the server did not solve anything.
We upgraded to plesk 11 and this is the error that now comes in all requests for backup, to click on "Admin Backup":
Failed to parse response. Reason: XML error at line 1 column 1. Error message: Not well-formed (invalid token) Process output: The system cannot find the file specified. (Error code 2) at Unable to connect to pipe .pipepsapipe ---------------------- Debug Info ------------------------------- 0: PMMConnector.php:642 PMMConnector->getResponse(object of type StreamXMLReader) 1: PMMConnector.php:74
I just finished to migrate my Plesk 10.5 to 12 and everything is great now.
I just have a little problem with SMTP authorization.
This option, if i'm not doing something wrong, is located on Mail Settings and especially in the section "Relay options". I ticked "authorization is required" and "SMTP".
But when I try to check it on my email client, I can send emails with or without the the SMTP authorization option on the email client.
I tried to configure windows live mail for an email account. Domain is hosted on a windows Plesk server. Incoming mail is working but unable to send outgoing mails.
Subject 'xxxxxxxxxxxxxxx' Server Error: 503 Server Response: 503 This mail server requires authentication when attempting to send to a non-local e-mail address. Please check your mail client settings or contact your administrator to verify that the domain or address is defined for this server. Server: 'xxxxxxxxx.tld' Windows Live Mail Error ID: 0x800CCC79 Protocol: SMTP Port: 25 Secure(SSL): No
Plesk Panel, 11.0.9, #61, Windows 2008 R2 SP1, x64
PROBLEM: With reports configured to send out to an email address local on the Windows server configured through PLESK, if local relay isn't enabled at 127.0.0.1 on the SmarterMail server, the reports are never delivered.
- server is [domainx].com - email to receive reports from PLESK is plesk444@[domainx].com -this email address is able to send and receive internally or externally to and from any client w/ SMTP auth enabled.
If SmarterMail is configured with SMTP Authentication Bypass for 127.0.0.1, we get the scheduled report emails as we should. Without the SMTP Authentication Bypass enabled, none of the clients or administrators get any reports or notifications at all.
QUESTION: How can I configure PLESK Panel 11 itself to use that SMTP Authentication to send those reports out? --is there a configuration file or registry value I can add or modify?
With the standard-DNS-Layout every customer has an MX-entry like MX 10 mail.customerdomainexample.com
The problem is, that inbound mailservers get a TLS warning, because the mailhostname does not match mail.companydomainexample.com, which is the domain with a valid SSL-Certificate pointing to the same server.
Wouldn't it make sense to change the default template to mail.companydomainexample.com since it is the same machine anyway?
I ran the script in KB article 123160 [1] to disable SSLv3 and avoid the POODLE vulnerability, but I recently discovered that this has caused all inbound emails to bounce. The bounce message says, "TLS Negotiation failed."
We are trying to use a configure settings for an external SMTP server within Plesk (Windows 2008 R2 Plesk 12) but are receiving the following error message:
Error: Unable to encode IDN email address 'username': email address is invalid
We are trying to use a username for SMTP authentication as we do not have the option of using an email address with our current SMTP relay provider.
Is there any way around this so that we can use a username rather than an email address?
1/ What is the difference between maillog and maillog.processed? I want to keep a permanent record of all mail inbound and outbound even if delivery is deferred by the gray listing. I'm not sure which one is the best to keep.
2/ I would like to change the way that the mail logs get log rotated. I am struggling to work out exactly what happens at the moment but I would like to rotate the log out every day regardless of size. I think currently that the maillog.processed is rotated daily if it is over a specific size.
I have a client who needs to block IP range on a windows server. However, he is using Cloud hosting from Rackspace. I guess they are not being corporative in doing so. Anyway to do this without root? Perhaps from the control panel?
I have a website on a linux-server working fine with PHP/Apache. The page loads a lot of css/js/image-stuff (total 84 requests, 220k), it takes about 4 secs to load via internet.
Now I'm testing the same page locally on a Win7-64-system (Apache 2.2, PHP 5.4). The system is not very slow (8 GB RAM, SSD, i7-CPU), but loading the same page as above takes about 50 secs.
The Q is: What might be the problem?
- I turned off firewall and anti-virus.
- I used mod_status: 150 threads, max. 11 seems to be used during the loading of the page.
- I tried php5apache2_2.dll with TS-PHP 5.4 and mod_fcgid.so with NTS-PHP 5.4, but the loading-time kept almost the same.
Looking at the "network-tab" in FF or Chrome, I found that a lot of subqueries get a timing like this:
Blocking: 11.96 s Sending: 0 Waiting: 1 ms Receiving: 6ms
So the loss of time seem to be in the "blocking"-section. I first thought of something like "limited number of TCP-Connections", but as said above, on the same system the page is remotly loaded fast enough almost without these "blocking"-parts.
I need a quicker way to find spammers. I've found a decent way to find the scripts, but I want to find heavy offenders by a simple command line or something to identify all scripts sending e-mail in let's say a text document or something.
i'm running 12.0.18#34 on PCS dedicated server. i recently discovered that some of the default jails on fail2ban that is shipped with Plesk 12 were not working correctly. Let me explain what i mean. For instance, the plesk-panel jail. The logs were parsed correctly, the command was successfully appended in iptables list, the fail2ban log was updated. Still, the intruder was not blocked. I kept reading "already banned" on the fail2ban.log but actually there was no blocking.
After some checks, i found out that fail2ban default configuration states SSH as default blocking port. that means, the block was working but only for ssh hits. thus the plesk-panel admin page hits were passing through.
since i added port=http,https on jail.local > plesk-panel and did it a restart on fail2ban service, only then did it start to actually block incoming hits.
I think this should be verified by programmers group and maybe include a fix in some future minor update.
These few days I keep having error logs for form delivery
Message delivery to the remote domain 'xxx.xxx' failed for the following reason: Unable to deliver the message because the destination address was misconfigured as a mail loop.
Perviously everything was fine , wonder anyone know what could have suddenly cause this issue.
From some reasons, plesk is blocking incoming 25 port (in plesk shows opened, but it's not)My emails are delivered trough port 25, after doing some tests ( i've sent some emails to an email account hosted in the server) there was no email in the roundcube inbox! All emails were blocked...
a) Firewall was blocking the port 25 on server restart. b) I have succesfully unblocked it from plesk manager -> tools -> edit/change -> even if i didn't change anything, i saved the "changes" and in my roundcube inbox i recived all the test emails. c) In /var/log/maillog there is no error.
2. Passive FTP gets blocked in the same way, to successfully connect FireFTP on passive mode i need to repeat 1.b steps even if i've created a special rule to prevent the blocking, opening 49152-65534 ports and set PassivePorts 49152 65534 in /etc/proftpd.conf
The issue appears randomly, because in the last 5 days i didnĀ“t restart the server, the last time i checked it worked. Today, without touching anything, firewall blocked my passive FTP and I had probmels reciving emails from gmail, yahoo etc...
Code: Hi. This is the qmail-send program at m1370.contabo. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. It didn't work out.
<emailhere@gmail.com>: 2a00:1450:4013:0c00:0000:0000:0000:001b failed after I sent the message.
[Code] .....
Centos 6.6 + Plesk 12 Web Pro Edition
My server certainly did not spam Gmail servers, (my old server works fine sending email t gmail) I fear this has something to do with my "Postfix" configuration.
I am running two separate SMTP virtual servers (with different access rules) -- with two separate drop folders.
default SMTP Virtual Server [assigned to 160] second SMTP VS [assigned to 161]
I want test1.com added to the default SMTP server and test2.com added to the second SMTP server. I have read that I must add these domains via the POP3 service. The problem is that adding domains via POP3 service will always add the domains to the DEFAULT SMTP server. I want test2.com added to the second SMTP server.
Is there a solution to this problem, or am I doing something wrong? Can xmail handle this scenario?
I am not using none of roles and features in windows 2008 but if i wish to use Its SMTP server I have to install IIS. is there any SMTP server or ondemad solution for sending email from J2EE application running on win 2008
I keep having tons of spams in the Drop folder of my Windows SMTP which I enable only for sending out forms. How do you normally stop this? I cant stop the SMTP as it is for forms usage. Relays are already set to my local IPs
I have the web pro edition panel 12 on centos 6.5 64bit, and i have made some custom firewall rules in order to be able to run a teamspeak server. The problem is that the firewall randomly blocks the teamspeak port and keeps it blocked unless i restart the firewall.
Imagine you want a set of servers (VPSs would be a cheaper choice, that is why I am posting here) that do not have much outbound traffic but download from other servers (more or less as spiders, but I am not trying to create a web index). Disk space or memory size are not important, but port speed and monthly transfer should be as high as possible. As inbound traffic is less frequently used, I wonder if any provider offer cheaper rates if traffic is like this.
I have been searching the forums and have not found too much about this topic (a quite related post named "I want to download the Internet" or something similar did not get a conclusion).
I have 2 IPs bounded on a Windows 2003 server. These 2 IPs have different network routes (one uses network A, one uses network B). Obviously for outbound traffic I can freely choose which IP to use (I simply choose to use [url]or [url]), however I wonder if it's possible to tell the server which IP it should use for inbound traffic when I need to download something from the internet to the server?
Am using Windows 2003 server with IIS6.0 and SMTP.I tried to send mail using ASP.net C# code through SMTP service.But my mails are getting queued in C:InetpubmailrootQueue.
What could be the problem??I've done many trouble shooting steps but no luck.I changed the Relay settings.Since I am in a LAN connection, i've tested the relay setting using both the 'localhost'and 'MyDomainIP'but everything in vain.
