• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Plesk Firewall Question

M

Mathias

Basic Pleskian
Hello,

I am tired of all these spammers who try to send spam mails over my server or to get access to SSH or FTP. So I configured fail2ban with very strong rules (1 failed attempt per jail, only recidive allows 2) and the list of blocked IPs is growing daily. I also added an apache-404 fail2ban filter, that filters out any IP address for people or bots searching for wordpress installations, which do not exist on my server. For this reason I changed the firewall rule for SSH (disallow all incoming traffic) and I thought of doing the same with SMTP service (sending mail server, disallow all incoming traffic, allow outgoing traffic). Does it make sense to do so? Does the SMTP server send emails then or not? I just would like to make the server unavailable for spammers and hackers.
 
For handling spammers you may want to look at spam filter (spam assasin).
Fail2ban effective to prevent bruteforce login to your server.

You may want to change your SSH port from default port22 to other port, and also use encryption key for verification method.

If your problem is ppl sending spam email to you then pls look at spam assasin. If your email goes into junkmail please setup a proper DKIM, SPF and DMARC record
 
Thanks for your answer. My problem are the people who try to login on port 25 (SMTP) to send spam mails over my server. Now I adjusted the firewall rule for SMTP server (allow incoming from my server's IP address and deny all other incoming traffic).

Yes, when I send emails for example to Googlemail (gmail) or Yahoo, then emails from my server's IP address are treated as spam and go to junk folder. I don't know what a DKIM, SPF and DMARC record is and how to set it up. Any help, please.
 
you may want to check your IP address if it is get blacklisted or not. If your IP is blaclisted then the only way to go is to relay your email through SMTP relay server.
free smtp relay server available but with some limitations.

you are hosting physical server or virtual server? if its virtual server you may want to check the ip before proceed with installation.

I deploy a special email server and separate it from my web server and use SMTP relay to control and prevent outgoing spam (my plesk running without mail server.
 
Mathias said:
Thanks for your answer. My problem are the people who try to login on port 25 (SMTP) to send spam mails over my server. Now I adjusted the firewall rule for SMTP server (allow incoming from my server's IP address and deny all other incoming traffic).
Click to expand...

Unfortunately your server will always be probed for security issues and there will always be random SMTP attempts. There is noting you can do to stop it. But you can prevent 'hackers' to access your server. Fail2ban is a good tool to prevent bruteforce logins. However most importantly is to use strong passwords for your e-mail mailbox. Secondly set a limit for the number of emails each domains is allowed to send daily (and hourly). If an mailbox gets compromised it helps to reduces the impact. Besides setting a limit helps you identify and discover compromised domains. Because you (can) get notified when the limit is reached.

Also make sure you keep your server updated :)

Mathias said:
Yes, when I send emails for example to Googlemail (gmail) or Yahoo, then emails from my server's IP address are treated as spam and go to junk folder. I don't know what a DKIM, SPF and DMARC record is and how to set it up. Any help, please.
Click to expand...

If your email gets marked as spam by Gmail, Yahoo, or Outlook (Hotmail) it does not necessarily mean your server has been compromised. It might just not be configured correctly.

First check if your server IP is blacklisted. For example using Email Blacklist Check - IP Blacklist Check - See if your server is blacklisted. If it is, well, you've got a lot of work ahead of you.

If you server is not blacklisted it is probably not configured right to send email. The most common issue (in my experience) is a missing or wrongly configured rDNS. Make sure your rDNS is pointing to your servers hostname. Also it good practice to setup a SPF record and possibly enable DKIM.
 
Last edited:
Mathias said:
Thanks for your answer. My problem are the people who try to login on port 25 (SMTP) to send spam mails over my server. Now I adjusted the firewall rule for SMTP server (allow incoming from my server's IP address and deny all other incoming traffic).

Yes, when I send emails for example to Googlemail (gmail) or Yahoo, then emails from my server's IP address are treated as spam and go to junk folder. I don't know what a DKIM, SPF and DMARC record is and how to set it up. Any help, please.
Click to expand...

Hi Mathias, happy to help! Just went through the whole thing for a domain. Have my own VPS on Strato and with plesk. Most is actually dns (I do not have my own dns installed, I use the registrars).

Also looking to stop the SMTP telnet or netcat option. Although with all the authentication I have, they can only send to domains on the VPS (localhost) and even then it is marked as Junk/Spam. I will look into the firewall rule you used.
 
You must log in or register to reply here.

Similar threads

R
Question Disable FTP on single ip address
Replies
3
Views
321
Kaspar
K
wakabayashi
Question SMTP Firewall - is it possible to block brutforce attacks?
Replies
3
Views
635
Vladimir C.
V
A
Question Plesk firewall - CrowdSec iptables interaction
Replies
3
Views
485
andg
A
Jürgen_T
Question Safe to enable postgrey with free Plesk Email Security (Amavis + SpamAssassin + ClamAV)?
Replies
1
Views
270
ChristophRo
ChristophRo
TheColin21
Resolved Docker outbound traffic gets blocked after 18.0.67 Update #3
2
Replies
28
Views
12K
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top