Facebook
Twitter
M
madcat
Guest
Plesk developers, please help us users of your product to stop our servers from being abused for sending spam. What I think we really need is:
1. Log all SMTP authentication logins, whether they pass or fail. Record the IP and username on the same line. I have setup a test box running Plesk 8.3 and it appears only failures are being logged.
2. Provide the ability to define parameters for how complex user passwords must be. I know you have a "check passwords in the dictionary" checkbox in the "Mail" configuration, but it is not enough. We need the ability to force users to include special characters (ie: !@#$%^&*), use capital letters other than the first character, and that sort of thing.
3. For mail sent from authenticated STMP sessions, the message should be rejected at RCPT if the domain part of the "From:" address (the part after the '@' symbol) is not the same as the domain part of the username they used to authenticate. This should help stop spammers from sending with a fake "From:" address.
4. The Qmail log file should be at /var/log/maillog, not /usr/local/psa/var/log/maillog . This won't necessarily help stop outgoing SPAM, but it is a much better place for the log.
5. Provide the ability to completely stop bouncing as much as possible, and reject at RCPT instead. Currently I can stop bounces for mailboxes that don't exist, but I still see bounces for overquota accounts. Bouncing for overquota accounts is used by spammers who forge their "From:" or "Reply-To:" address to be the address of the person they want to receive the spam, and then send their spam to the bouncing overquota mailbox. Bounces should only occur for a rare system failure that might occur after the message has been accepted for delivery.
Thanks. If you are able to implement any of these features, please update this forum posting and let us know, and I will upgrade to the version that has these features as soon as possible.
1. Log all SMTP authentication logins, whether they pass or fail. Record the IP and username on the same line. I have setup a test box running Plesk 8.3 and it appears only failures are being logged.
2. Provide the ability to define parameters for how complex user passwords must be. I know you have a "check passwords in the dictionary" checkbox in the "Mail" configuration, but it is not enough. We need the ability to force users to include special characters (ie: !@#$%^&*), use capital letters other than the first character, and that sort of thing.
3. For mail sent from authenticated STMP sessions, the message should be rejected at RCPT if the domain part of the "From:" address (the part after the '@' symbol) is not the same as the domain part of the username they used to authenticate. This should help stop spammers from sending with a fake "From:" address.
4. The Qmail log file should be at /var/log/maillog, not /usr/local/psa/var/log/maillog . This won't necessarily help stop outgoing SPAM, but it is a much better place for the log.
5. Provide the ability to completely stop bouncing as much as possible, and reject at RCPT instead. Currently I can stop bounces for mailboxes that don't exist, but I still see bounces for overquota accounts. Bouncing for overquota accounts is used by spammers who forge their "From:" or "Reply-To:" address to be the address of the person they want to receive the spam, and then send their spam to the bouncing overquota mailbox. Bounces should only occur for a rare system failure that might occur after the message has been accepted for delivery.
Thanks. If you are able to implement any of these features, please update this forum posting and let us know, and I will upgrade to the version that has these features as soon as possible.
