• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Postfix hacked - sending emails from non-existing accounts

F

Filipe Silva

Basic Pleskian
Hi.

Someone is sending emails from our company postfix using non-existing accounts. Luckly the spam filter is filtering some emails and are being sent only to our employes.

I have added this in /etc/postfix/main.cf :

"
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated, reject_sender_login_mismatch, reject_unauth_pipelining, reject_unknown_reverse_client_hostname, permit_mynetworks, reject_non_fqdn_sender, reject_invalid_hostname
"

But every time I found a solution in the next day the spammers find a workaround.

This is an example seen in the maillog:

"
Dec 21 10:48:09 vpsxxxxxxx postfix/smtpd[2936]: NOQUEUE: reject: RCPT from unknown[177.1.75.239]: 554 5.7.1 Service unavailable; Client host [177.1.75.239] blocked using bl.spamcop.net; Blocked - see SpamCop.net - Blocking List ( bl.spamcop.net ) from=<Quentin@ourdomain.pt> to=<employeex@ourdomain.pt> proto=ESMTP helo=<[177.1.75.239]>
"
NOTE: I censored private information with: "ourdomain", "employeeX" and "vpsxxxxxxx"

I would appreciate any help,
Thanks.

EDIT: Just added "reject_unlisted_sender" to my "smtpd_sender_restrictions". Lets see how that goes. In the meanwhile I accept any feedback to improve the mail security.
 
Where do you derive that the mail is sent from the company postfix server? To me it looks rather as if mail is sent from an external source to recipients on your server.

What does it have to do with Plesk?
 
You must log in or register to reply here.

Similar threads

itexpertnow
Plesk failed to protect from email spoofing
Replies
1
Views
858
Kaspar
K
T
Issue SMTPD No Auth from IP Issue
Replies
2
Views
2K
Tessxr
T
P
Resolved Use PLESK/Postfix mailservice in combination with Office 365 - Problems sending mails to same domain (from local to office)
Replies
3
Views
4K
Jargon
J
F
Issue Amavis (10024: Connection refused) no transport
Replies
7
Views
22K
cambrantskv
C
T
Resolved send mails from non-existing account
Replies
2
Views
2K
Tobias Janzen
T
Back
Top