I have a Plesk 8.6 box and every so often I get alerted to the fact its being used to send out huge amounts of SPAM. I currently have to just remove the remaining mail in the queue using a utility qmhandle.
I look at the logs on the server but cant see where its been sent from.
Also I checked to see if its an open relay and all the testing I have done shows its not, so I can only assume its an account thats been compromised.
Thing is I cannot see in the logs how and which account is being used...
Microsoft Windows Server 2008 R2 Service Pack 1 Panel version 11.0.9 Update #59, last updated at Oct 3, 2013 02:06 AM MailEnable version 5
I see in the plesk documentation that the screen to enable SPAM filtering for an individual there is an option to "Move spam to the Spam folder". I don't see that option so I am wondering if it is only available on some versions of Plesk, or in combination with certain mail servers. How to make that option available?
A few months before I updated to Plesk 12 I noticed a huge jump in uncaught spam - I hoped the update to Plesk 12 might solve this but no luck.
I have now changed the spam sensitivity on my account 1, the idea being I would then whitelist the domains I want to get through but literally nothing is getting marked as spam. Users on other domains on the same server are reporting the same.
I have 5 Linux Plesk 12 servers, and I use Spamassassin, usually at a sensitivity of 2 or 3, I also use the following DNS
Blackhole lists: zen. spamhaus. org;b. barracudacentral.org;abuse.rfc-ignorant.org;cbl.abuseat.org;bl.spamcop.net;nomail.rhsbl.sorbs.net
But all of this seems to have minimal effect. I examine spam that comes through which looks very obviously like spam, but Spamassassin gives it a very low score, usually in the negative numbers.
Is SA just not as effective as I thought? Seems like if Gmail, etc can filter spam so effectively, then why can't SA? If there's something I'm not doing right, or what you all do to combat spam with Plesk 12.
My server is saturated in SPAM e-mails being sent from it, however I am struggling in tracing the root of this problem. I have now exhausted 4 IP addresses and our provider is blocking port 25 automatically on a number of occasions now.
I have used the KB article: [URL] .... to trace the highest senders of e-mail, however this has proved to be unsuccessful in finding "all" of the offending domains.
I have suspended e-mail and domains on a number of subscriptions due to the high number of e-mails being sent from the system. I have also enabled outbound mail control and set limits to 10/hr however there are domains attempting to exceed this on an hourly basis. I have investigated these subscriptions but am not able to find anything offending. Is there any feature within plesk that can show me exactly where the spam is coming from...
I am dealing with a situation which i cannot understand. I am running an website for a resort and occasionally i am sending e-mail stop the people who book villas using the website. By occasionally i mean last year i sent 2 e-mail campaigns with a proper spam score.
However, at this moment, even the e-mails that i receive from the website's contact form arrive as Junk into Gmail for example.
Domain abc.com is hosted on our server, it has a hosted e-mail firstname.lastname@example.org. This e-mail adress keeps getting SPAM messages from an address email@example.com (where srv2.xyz.com is our server FQDN). What we understood by reading the headers (posted below) is that someone is sending an e-mail to firstname.lastname@example.org. This e-mail adress, as configured in Plesk, redirects e-mails to email@example.com. But we don't understand how someone managed to send an e-mail from an unexistent firstname.lastname@example.org to it.
Here are the headers:
DomainKey-Status: no signature Return-Path: <Coulter_Faustinoa1@aspli.com> X-Original-To: email@example.com
running Plesk qmail server. My local mail queue is growing rapidly and very slow dlivery m gettings too many spam emails from outbound. I am using DNSBL server sbl.spamhaus.org maped but it is out of control. how to protect my box from SPAM.
switched to ipower.com and not getting any help - really stuck as my customer wanted better spam filtering so I went to them on a recommendation and I do not know how to turn on and what is the best setting for spam filtering with their panel. Also using HORDE where I can set a filter using rules but it only works if I log on and hit apply filter so my customer still gets it in his in box -
I just did the update to 12.0.18 #6 and everything seemed to go pretty well. One feature we were really interested in was the Outgoing Spam Filter. Unfortunately, the error I see when I go to that feature reads, "Protection : Not active. There are some problems that prevent the service from being started."
When I Google that error, I'm brought to some KB articles but they are all for the older Outgoing Spam Filter that you need a license key for. I don't believe that is the case any more - if it is, I don't know where to get the key. I will say point out I'm a bit of a Linux novice (we are running CentOS 6.5 on this server), so I'm not really sure where to look....
From 1 week until now I got 4 spam attacks. The attacker is the same, because the emails sent are iqual.
The technique is also the same, they use an email account (compromissed password) and send emails through smtp server.
When I detect the attack, i do:
1. identify the compromised account 2. Change password from the compromised account 3. Stop qmail 4. Clear queue with qmail-remove 5. Start qmail
The problem is that they already used 4 diferent domains since the first attack. So, here is my problem, how do they discover the passwords?! How can I solve this problem? I have hundreds of emails accounts and can't change it all.
I have a hard problem with my VPS. I have postfix as mail server on plesk 12 under ubuntu 12.
I dont know why the outgoing mails of all my domains in my servers are getting spam in servers like gmail, yahoo, hotmail...
I'm using mxtoolbox to fix errors and warnings and finally fixed all of them, but my mails are still outgoing to spam.
In mxtoolbox actually I have no mail server errors / warning, u can see it with, for example, this one of my domains: [URL] ....
This message is an automatic response from Port25's authentication verifier service at verifier.port25.com. The service allows email senders to perform a simple check of various sender authentication mechanisms. It is provided free of charge, in the hope that it is useful to the email community.
I facing a serious problem with my qmail and plesk 11.0.9.I found the way spammer did with my server by listening everything on port 25. Maybe he know the RCPT hosts of mine, and they send emails with random username but with domain hosted on my Plesk. (firstname.lastname@example.org, user2@ my domain.com, ... email@example.com).
qmail only check domain in RCPT if spammer input:"mail from firstname.lastname@example.org" - (with out ":") - no email address on my server.then server reply: 550, no mailbox here by that name. (#5.7.17)
But qmail check username and domain if spammer input:""mail from: email@example.com" - (with ":") - no email address on my server. Then server reply: 250 OK..This is really weird! I tried with all my plesk server, this bug still effected.Click to expand...
So, I have been searching everywhere online and have not come to a fully working conclusion with the issue regarding outgoing emails going to spam via gmail, hotmail, etc.Domain keys are activated, but it seems that domain keys is deprecated, making it useless when it comes to spam detection for email servers such as google, aol, etc.
The only alternative found was here: URL.....But that means that every customers DKIM will have to be created manually via command line. This would be a mission when having over 500+ ongoing customers signing up.Will you guys be implementing DKIM automation for Plesk? I am pretty much against trying to use c(p)anel + Centos and just love Plesk. So I prefer Plesk any day..
I have different adresses configured with several domains on the same server. All the emails send to gmail/hotmail adresses are marked spam.
Looking in the headers everything seems fine, including SPF:
Delivered-To: firstname.lastname@example.org Received: by 10.202.174.138 with SMTP id x132csp563903oie; Wed, 20 May 2015 04:53:19 -0700 (PDT) X-Received: by 10.180.109.136 with SMTP id hs8mr40446245wib.73.1432122799197; Wed, 20 May 2015 04:53:19 -0700 (PDT) Return-Path: <email@example.com> Received: from x.net (x.net. [xx])
I spent a lot of time trying to not have alarm messages into spam folder.
already added address to my contacts already mark it as important already changed sender email... but
Plesk where take email for Alarm Message?
Because I changed email (external) with 1 internal, but update alert arrive with administrator email and now is not going to spam, but alarm email arrive with old email (external, that is marked as pishing) ....
I have some error when the new outgoing spam protection (limitation for outgoing mail) is enabled. Mail clients are unable to use SMTP for sending mails. "My mail client says: The message could not be sent. You are not allowed to use sendmail utility."
I don't undestand the blocking behaviour since the checkbox "Allow scripts and users to use Sendmail" is checked and no limit is exeeded.This is the relevant log part of maillog:
Jul 3 00:44:36 srv01 postfix/smtpd: C0E5182A20: client=46.128.x.x.dynamic.cablesurf.de[46.128.x.x], sasl_method=CRAM-MD5, firstname.lastname@example.org Jul 3 00:44:36 srv01 postfix/cleanup: C0E5182A20: message-id=<0A380CA8-AAE3-4FA8-BA7A-A3FDF7CD16E2@domain.de> Jul 3 00:44:37 srv01 /usr/lib/plesk-9.0/psa-pc-remote: handlers_stderr: DATA REPLY:554:[B]5.7.0 The message could not be sent. You are not allowed to use sendmail utility.[/B] REJECT Jul 3 00:44:37 srv01 /usr/lib/plesk-9.0/psa-pc-remote: REJECT during call 'limit-out' handler Jul 3 00:44:37 srv01 postfix/cleanup: C0E5182A20: milter-reject: END-OF-MESSAGE from 22.214.171.124.dynamic.cablesurf.de[46.128.x.x]: 5.7.0 The message could not be sent. You are not allowed to use sendmail utility.; from=<email@example.com> to=<firstname.lastname@example.org> proto=ESMTP helo=<[192.168.1.20]> Jul 3 00:44:37 srv01 postfix/smtpd: disconnect from 46.128.x.x.dynamic.cablesurf.de[46.128.x.x]
Moreover I disabled the line "non_smtpd_milters" in postfix main.conf since my server has same issues discribed in the following thread: Postfix: mails sent through sendmail binary are blocked because of wrong HELO
I have tried to send emails to gmail from horde and form php but the are mark as spam even if the gmail headers are ok:
Delivered-To: email@example.com Received: by 10.112.205.233 with SMTP id lj9csp202933lbc; Wed, 7 Aug 2013 05:58:22 -0700 (PDT) X-Received: by 10.15.31.9 with SMTP id x9mr2966600eeu.103.1375880301851; Wed, 07 Aug 2013 05:58:21 -0700 (PDT) Return-Path: <info@my_domain.com>
I am trying to install Spam assassin on Plesk 12.0.18 on windows server 2012 r2 . I am getting error:
Error: Unable to set Plesk SpamAssassin 3.3.2 as the default Spam Filter: defpackagemng failed: Execute spammng.exe --check failed with error code 1: Unable generate the unique file name by template D:Program Files (x86)ParallelsPleskAdditionalPerlsiteetcmailspamassassinlocal.cf[*].bak: directory D:Program Files (x86)ParallelsPleskAdditionalPerlsiteetcmailspamassassin does not exist
I have tried re-installing and installing spam assassin from command and as per the solution given in below KB: URL....But I an still not able to install in on the server. I have checked all directory paths are correctly located.
We have a variety of clients that we just put on various providers/platforms that we use for various reason. I've given up on HSphere though. I can see the versatility in this but I just don't have the time to invest learning the interface. What is a +++ though is HSphere platforms bundle in urchin--so for certain sites, we can turn urchin up on the fly.
Is there any hosts you guys recommend that have Enterprise grade email filtering. Part of the problem we have seen is just the level of spam filtering. Even with Pair, stuff was just coming through. For those with email in house -- great , as we just run the MX through Postini 1st and lock down SMTP on the FW side.
For some of our clients *with some minor hiccups* at times, we moved them to Google Apps. The spam filtering is just a +++ as much as I would like to get away from Google on the email. And yes, I am aware they own Postini now...
Back on to Webhosting.
I think we have found a couple of new guys to try For nix based hosting, I'm planning to move some sites to Medialayer. Support or just various emails between them is very good !
For windows, we are debating. I have to reach out to Karl over at Steadfast and or Wiretree to inquire...but I'm leaning on a Plesk Windows Shared or VPS.
Usability is key on the CP and Cpanel/Plesk is just so much easier than Hsphere.
For the *email aspects* that's tied into any hosting provider, Mosso was interesting - BUT just looking at status.mosso.com was frighting.