• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

PLESK 8.1.0 & QMail .. the OpenRelay Disaster

S

semthetic

Guest
Well, it is really the way uncool to egt waked up at 6 pm in the morning by your boss calling that one of our machines is sending massspam over nigth. Exactly this is what happned to me today and well yes it did not made me to have a lucky daystart.

I read a bit up on the net and as it seems the QMail going wild and becoming a OpenRelay problem seems to be not as uncommon as I thougth. After some checkups with Plesk I found out I can sqithc of relaying in the Plesk Backend but if I set it on with Auth options, these are ignore completly.

None of the solutions suggested in the common internet forums helped for me yet, most of them refered to xinet.d which I don't have. The machine I am refering to is a Debian Sarge box with Plesk 8.1.0 installed.

I hope I can find someone here to enligthen me with a solution for my problem.

The server is holding 50+ Customers and I can't even switch the qmail of without getting threwn to death with anoyed customers calling so ... I have no idea what is better, beeing spamlisted or beeing stoned by customers.
If you need any information I will happly provide you with it.

Thanks.
 
Nobody has any idea for me? I am still sitting in office and don't know any further...
 
I dont know if my problem is related or now, but just 2 weeks ago my datacenter said i was spamming, i logged into my plesk 8.01 and yes the box was spamming. I show down the qmail for 6 hours until it stopped, until now i could not find how the spammer did it. I looked every where, and the box is not cracked at all, someohow he used my server, i guess this was the same issue then. Glad that i found out now how he did it.
 
Originally posted by nibb
I dont know if my problem is related or now, but just 2 weeks ago my datacenter said i was spamming, i logged into my plesk 8.01 and yes the box was spamming. I show down the qmail for 6 hours until it stopped, until now i could not find how the spammer did it. I looked every where, and the box is not cracked at all, someohow he used my server, i guess this was the same issue then. Glad that i found out now how he did it.
Click to expand...

Maybe there's an unsafe mail form on one of the sites on the box?
 
PHP has a history of not being able to track which users are sending out mail through the PHP mail function from the nobody user causing leaks in formmail scripts and malicious users to spam from your server without you knowing who or where. Please PM me for a link to a script to see who is doing it :) It works on the servers I have tested on it is actually not an issue caused by the control panel but php this answer is based on what information you have provided in this thread.

Thanks
 
You must log in or register to reply here.
Back
Top