• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Help w/ Possible Spam Issue

C

C4talyst

Guest
Hello,

I've inherited a plesk 8.6 server recently and in the past week it's been exhibiting slowness. It has around 300 websites on it and "top" has been showing me a lot of mail related activity (qmail, spamd, etc).

Today I noticed there were 9000 mails in the queue. Usually a busy day sees around 100-200 mails in the queue at any given time. I started doing some digging on the forums here and have some questions about my findings.

I ran /var/qmail/bin/qmail-qread and am seeing a lot of activity for non-existent email accounts that seem to follow a uniform naming convention. Here's a snippet:

9 Jun 2009 17:43:52 GMT #13245516 10235 <>
local 54-thampl@example.com
9 Jun 2009 17:43:52 GMT #13245355 19450 <>
local 54-gujaratisc2@example.com
9 Jun 2009 17:54:06 GMT #13242388 7323 <>
local 54-buffstt5@example.com
9 Jun 2009 17:33:09 GMT #13240801 9590 <>
local 54-possumsfpp1@example.com
9 Jun 2009 17:43:52 GMT #13245999 8097 <>
local 54-thampl@example.com
9 Jun 2009 18:04:06 GMT #13238455 7619 <>
local 54-thampl@example.com
9 Jun 2009 17:43:52 GMT #13245332 10201 <>
local 54-thampl@example.com
9 Jun 2009 17:33:09 GMT #13240686 2215 <>
local 54-imperativelyrg68@example.com
9 Jun 2009 17:43:52 GMT #13245309 7673 <>
local 54-technicolorf78@example.com
9 Jun 2009 17:43:52 GMT #13245401 11489 <>
local 54-pointshimu34@example.com
9 Jun 2009 17:54:06 GMT #13247563 2224 <>
remote drweb-daemon@lp3.irides.com
9 Jun 2009 17:54:06 GMT #13247471 8598 <>
local 54-thampl@example.com
9 Jun 2009 17:33:09 GMT #13241698 6744 <>
local 54-oarsmenyd92@example.com
9 Jun 2009 18:04:06 GMT #13244412 5751 <>
local 54-thampl@example.com
Click to expand...

What's going on here? The 54-thampl user does not exist, neither do the other odd named users listed here.
 
Hello,

First check that all domains have the option 'Mail to non-existing user' set to 'reject' but not to 'forward'. You can change this setting to all domains using "Group Operations" in the "Domains" tab in Parallels Plesk Control Panel. The option "Reject mail to nonexistent user" is available since Parallels Plesk Panel 7.5.3.

Also, please, check that all the IPs and networks in the white lists are reliable and familiar to you.

If the queue has too many messages, try to discover the source of SPAM. To do it, please, perform the steps provided at the following article:

http://kb.odin.com/en/766
 
You must log in or register to reply here.

Similar threads

A
Question Upgrade Almalinux 8 to 9 with Plesk installed
Replies
6
Views
4K
Sebahat.hadzhi
Sebahat.hadzhi
L
Resolved WordPress Permalink's stopped working
Replies
5
Views
2K
smithcreate
S
D
Issue Server is sending spam
Replies
5
Views
5K
Bitpalast
Bitpalast
websavers
Forwarded to devs PHP libcurl fails to populate certinfo array
Replies
2
Views
4K
websavers
websavers
M
Issue psa_service[675]: Trying to start service mysql... /usr/sbin/mysqld (pid 926) is running...
Replies
0
Views
2K
Michael Huber
M
Back
Top