• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Email hacked question

J

Jayson

Basic Pleskian
Hello,

Centos 7
postfix
Just had a customer have their email hacked and used to send spam. I was surprised to see maillog shows the sasl_username used for sending was the email alias and not the actual user account.

Is this by design? Or, does it indicate a configuration issue?

Thanks,
 
Last edited:
Hi Jayson,

Jayson said:
Or, does it indicate a configuration issue?
Click to expand...
Hard to "guess", because you don't provide actual configuration files, nor do you provide depending log - entries from your mail - logs, which could be investigated. ;)
 
That's why I only asked if the sasl_username could be the alias. If yet, then I'm not going to do any digging past talking to the mail user.

(changed customer domain to domain.org)
Nov 27 18:27:17 bigserv postfix/smtpd[24475]: A334E90E3B: client=unknown[155.133.82.113], sasl_method=CRAM-MD5, sasl_username=glenn@domain.org

Customer account is actually grodder@domain.org yet maillog is filled with entries like the above. Once I saw the alias I changed the password on the user email account and the spam stopped. I wanted to know if it's possible for someone to use an alias for the sasl_username.

Thank you,
 
Hi Jayson,

an alias - eMail - account is pretty much the same, as a "normal" eMail - account, just with the difference, that the alias - eMail - account has no own mail - directory on the server. Both usernames can be used as authentification and both usernames use the same password.
 
You must log in or register to reply here.

Similar threads

A
Question Spam detection on outgoing mails with Plesk Email Security
Replies
2
Views
693
Kaspar
K
wakabayashi
Question SMTP Firewall - is it possible to block brutforce attacks?
Replies
3
Views
635
Vladimir C.
V
M
Issue Outgoing Mail Control is always 0
Replies
1
Views
375
MarketPC
M
M
Resolved Plesk Email Security Pro: No access to individual Blacklist/Whitelist/Filter sensitivity - Button is Missing since
Replies
2
Views
781
mcac
M
J
Resolved DOMAIN ALIAS - Emails not being forwarded
Replies
1
Views
903
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top