• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Securing Email

G

Greg Sims

Basic Pleskian
We are having problems with email being sent from our server that is considered Spam. I am the only user running on the server which is being used for websites, sending subscription email via mailman and a few other admin emails from Cron and the like. We believe the Spam is a result of a Hack likely via SMTP Auth -- we do not know this for sure.

I am working to secure our server so that only applications running on the server can send email. I have done the following so far:
  • All SMTP Ports are Blocked in the Plesk Firewall -- except Port 25
  • I believe SMTP Port 25 is needed for the server to receive email
  • Relaying is Closed (and I am monitoring changes to /etc/postfix/main.cf to ensure this)
  • Fail2Ban is running with Plesk Postfix Jail at MaxRetry = 2
I believe Plesk-Postfix jail is not doing anything. Relaying is Closed so Authentication Failure is not possible -- it is not possible to try to Authenticate via SMTP. This jail is showing no banned IP Addresses.

I'm not sure there is anything else I can do. Any additional ideas would be helpful.

Thanks, Greg
 
If you look at the message headers then it should tell you which linux account this is coming from. Use the mailq and the postcat commands:

How can I see the contents of the mail whose ID I get from mailq command?

From there you will know if its coming from scripts in your vhost directory or from an actual mail account.

Some other tips:

1. Limit damage and don't be a target by setting outgoing mail limits in Outgoing Mail Control.
2. Make sure to set the security policy to "Strong" or "Very strong" to enforce good passwords.
3. Audit your existing mail passwords using the command: /usr/local/psa/admin/sbin/mail_auth_view
 
You must log in or register to reply here.

Similar threads

P
Resolved Port 25 blocked despite firewalls explicitly open
Replies
13
Views
976
learning_curve
learning_curve
B
Question Plesk email relay incoming emails to another server
Replies
1
Views
301
bit
B
F
Issue SOGo - emails sent from webmail, both manually created and autoresponder/vacation/out-of-office, are rejected. They miss spf, dkim, dmarc, everything
Replies
1
Views
412
Farfalk
F
Jürgen_T
Question Safe to enable postgrey with free Plesk Email Security (Amavis + SpamAssassin + ClamAV)?
Replies
1
Views
272
ChristophRo
ChristophRo
I
Issue Mail delivery deferred (4.4.2 delivery temporarily suspended)
Replies
1
Views
230
iainh
I
Back
Top