• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

SPAM from internal e-mail

F

FirstPoint

Basic Pleskian
Hello.

We have the following problem:
Domain abc.com is hosted on our server, it has a hosted e-mail 123@abc.com. This e-mail adress keeps getting SPAM messages from an address abc@srv2.xyz.com (where srv2.xyz.com is our server FQDN).
What we understood by reading the headers (posted below) is that someone is sending an e-mail to support@abc.com. This e-mail adress, as configured in Plesk, redirects e-mails to 123@abc.com. But we don't understand how someone managed to send an e-mail from an unexistent abc@srv2.xyz.com to it. Can you help us ?

Here are the headers:

DomainKey-Status: no signature
Return-Path: <Coulter_Faustinoa1@aspli.com>
X-Original-To: 123@abc.com
Delivered-To: 123@abc.com
Received: by srv2.xyz.com (Postfix, from userid 30)
id CD4A2430017F; Tue, 14 Apr 2015 23:50:58 +0200 (CEST)
DomainKey-Status: bad format
X-Original-To: support@abc.com
Delivered-To: support@abc.com
Received: from 188.165.248.5 (unknown [60.169.75.45])
by srv2.xyz.com (Postfix) with SMTP id 7AA5D430017B
for <support@âbc.com>; Tue, 14 Apr 2015 23:50:55 +0200 (CEST)
X-Message-Info: 7wPTdI64Kxmhkf8yMbP7QD3jIkfijS63
Received: from dns5scapular.com ([151.84.110.111]) by nd1-w7.hotmail.com with
Microsoft SMTPSVC(5.0.2195.6824); Wed, 15 Apr 2015 02:42:58 +0400
Received: from archbishopcrinkle.com [127.0.0.1] by dns4exquisite.com
(SMTPD32-7.12 ) id PB071861W2; Tue, 14 Apr 2015 16:49:58 -0600
Subject: I love that I can now fit in to my old clothes!
From: Anibal@srv2.xyz.com, Call@srv2.xyz.com
To: support@abc.com
Message-Id: <959458593674749.GT12700@reversiondebt.com>
Content-Type: multipart/alternative;
boundary="--26043614405046902846"
X-PPP-Message-ID: <20150414215058.962.27958@srv2.xyz.com>
X-PPP-Vhost: abc.com
Date: Tue, 14 Apr 2015 23:50:58 +0200 (CEST)
X-Antivirus: avast! (VPS 150414-0, 14.04.2015), Inbound message
X-Antivirus-Status: Clean
----26043614405046902846
Content-Type: text/plain;
Content-Transfer-Encoding: 7Bit
This is the most effective weight loss treatment! You may need the information!
This is the new way to shape your body.
We are the biggest shop in the net!
http://x.co/8rnAW
----26043614405046902846--
[/qupte]
Click to expand...
 
Hi FirstPoint,

I suppose, that your public key is used to authenticate the smtp - user ( Anonymous ) over TLS and you didn't restrict thsi in postfix ( main.cf ) - in basic, you allow TLS and/or SASL authentification for the user "anonymous", if authentification over the standard public key is used, without using "username" and "password". Please have a look at your eMail - logs and watchout for the user "Anonymous".
 
You must log in or register to reply here.

Similar threads

E
Question Is multiple HELO registration possible?
Replies
2
Views
620
emrekoc
E
D
Issue Spoofed Emails Appearing as Sent from My Own Server Despite Correct SPF/DKIM/DMARC Configuration?
Replies
2
Views
2K
drdna
D
M
Question Hackers are sending tons of mails
Replies
4
Views
1K
MrPleskLearner
M
carini
Issue System message can't be delivered to wrong address
Replies
1
Views
652
Kaspar@Plesk
Kaspar@Plesk
M
Question Plesk E-Mail Security | Failed to start clamd scanner (amavisd) daemon
Replies
7
Views
2K
Raul A.
R
Back
Top