Results 1 to 4 of 4
  1. #1

    Plesk - Qmail - Thousands of Failure Notice Emails

    I searched this forum with no luck on finding how to stop this!

    I run Plesk 9.3.0 on a GoDaddy Virtual Dedicated Server. I have had this VDS since 2001. Never had a problem with emails limits.

    I only have 4 email accounts setup on this domain. Three of them are simply setup to autoforward to the users normal email. I have mine setup that gmail requests the mail from the server rather than auto forward.

    I have been getting the "You have Reached the SMTP Limit on your Server of 3000" daily for a couple weeks. It happens usually within 8 hours of the daily limit being reset.

    I checked my plesk mail queue and continually find "Failure Notice" emails in the queue. See attched pic.

    ==================================
    The header info on the email when clicking it in plesk is:
    Received: (qmail 3568 invoked by alias); 11 Feb 2010 08:27:49 -0800
    Delivered-To: postmaster@ip-XXX-XX-XXX-X.ip.secureserver.net
    Received: (qmail 3564 invoked for bounce); 11 Feb 2010 08:27:49 -0800
    Date: 11 Feb 2010 08:27:49 -0800
    From: MAILER-DAEMON@ip-XXX-XX-XXX-X.ip.secureserver.net
    To: postmaster@ip-XXX-XX-XXX-X.ip.secureserver.net
    Subject: failure notice
    ==================================

    I then logged in via SSH and ran "find /var/qmail/queue -name XXXX | xargs cat | less " on one of the headers and this is what I get.

    ==================================
    Received: (qmail 3561 invoked by alias); 11 Feb 2010 08:27:49 -0800
    Delivered-To: postmaster@ip-XXX-XX-XXX-X.ip.secureserver.net
    Received: (qmail 3557 invoked for bounce); 11 Feb 2010 08:27:49 -0800
    Date: 11 Feb 2010 08:27:49 -0800
    From: MAILER-DAEMON@ip-XXX-XX-XXX-X.ip.secureserver.net
    To: postmaster@ip-XXX-XX-XXX-X.ip.secureserver.net
    Subject: failure notice

    Hi. This is the qmail-send program at ip-XXX-XX-XXX-X.ip.secureserver.net.
    I'm afraid I wasn't able to deliver your message to the following addresses.
    This is a permanent error; I've given up. Sorry it didn't work out.

    <admin@domain.com>:
    64.202.189.86 failed after I sent the message.
    Remote host said: 554 Message refused.

    --- Below this line is a copy of the message.

    Return-Path: <postmaster@ip-XXX-XX-XXX-X.ip.secureserver.net>
    Received: (qmail 3553 invoked by alias); 11 Feb 2010 08:27:48 -0800
    Delivered-To: postmaster@ip-XXX-XX-XXX-X.ip.secureserver.net
    Received: (qmail 3549 invoked for bounce); 11 Feb 2010 08:27:48 -0800
    Date: 11 Feb 2010 08:27:48 -0800
    From: MAILER-DAEMON@ip-XXX-XX-XXX-X.ip.secureserver.net
    To: postmaster@ip-XXX-XX-XXX-X.ip.secureserver.net
    Subject: failure notice

    Hi. This is the qmail-send program at ip-XXX-XX-XXX-X.ip.secureserver.net.
    I'm afraid I wasn't able to deliver your message to the following addresses.
    This is a permanent error; I've given up. Sorry it didn't work out.

    <admin@domain.com>:
    64.202.189.86 failed after I sent the message.
    Remote host said: 554 Message refused.

    --- Below this line is a copy of the message.

    Return-Path: <postmaster@ip-XXX-XX-XXX-X.ip.secureserver.net>
    Received: (qmail 3510 invoked by alias); 11 Feb 2010 08:27:46 -0800
    Delivered-To: postmaster@ip-XXX-XX-XXX-X.ip.secureserver.net
    ==================================

    I have the following mail settings for my domain in plesk;
    Mail to non-existent user set to "Reject"

    I have the following server wide mail setting set in plesk;
    Relaying set to 'authorization required' with SMTP checked.
    Spam protection based on dns blackhole lists in enabled.
    Use of only full IMAP/POP3 accounts names is allowed.

    I recently last night added a SPF entry at my domain level;
    v=spf1 a mx include: spf.secureserver.net include:aspmx.googlemail.com ~all

    (I intentionally added a space in the "include: spf.sercureserver.net" as it was making a smiley face)

    I would like to be able to reply to mail received on this domain from my Gmail account (iphone) and have it reply from the domain email address not my Gmail address. Hopefully I got the SPF header correct. I understand it will take up to 48 hours for this to become effective. I am hoping this would stop the spoofing if that is what it is.

    PLEASE... what am I missing, how are these emails getting in! Are they beginning on my server or is it originating from somewhere else and they are spoofing my domain in there from section?

    I run an online store, forum and have a web form based contact us that all use the mail server. I can't afford to fight with this any longer.

    HELP!!
    Attached Thumbnails Attached Thumbnails Mail_queue.jpg  

  2. #2
    Join Date
    Sep 2003
    Location
    Earth!
    Posts
    55
    Are all these messages bouncing to the same address, admin@domain.com? It could be a broken application doing that. Or is this a case where its different addresses all over the place? That would indicate to me that its a spammer exploiting a vulnerable web application, or weak SMTP password.
    Secure your server now: Atomic Secured Linux
    Troubleshooting Linux Firewalls in stores today

  3. #3
    Looks like we've just published a micro-update that deals with this problem. Just update your Plesk with the autoinstaller via CLI.
    Drew from Parallels
    Twitter: @ParallelsPanel

  4. #4
    Join Date
    Jun 2005
    Location
    Ohio, USA
    Posts
    208
    I'm experiencing the same issue, did you get yours fixed sirrox?
    NuPixel - Custom Web Design & Graphics
    Extraordinary, Not Ordinary
    Web & Graphic Design, HTML, XHTML, CSS, Script Customization & Integration + More!
    Click Today! --> NuPixelStudios.com

  5. Newsletters

    Subscribe Now & Get The WHT Quick Start Guide!

Similar Threads

  1. Thousands of emails being sent via sendmail to ne.jp emails. Help me find him...
    By astounding in forum Hosting Security and Technology
    Replies: 6
    Last Post: 09-13-2007, 09:09 PM
  2. failure notice:thouzands of emails in a very short period
    By NameSniper in forum Hosting Security and Technology
    Replies: 7
    Last Post: 05-01-2005, 07:47 AM
  3. "failure notice" thouzands of emails
    By NameSniper in forum Hosting Security and Technology
    Replies: 4
    Last Post: 04-30-2005, 04:31 PM
  4. qmail - receiving emails (thousands of spams)
    By zoli in forum Hosting Security and Technology
    Replies: 9
    Last Post: 03-18-2005, 01:20 PM
  5. SMTP: Failure notice [SPAM]
    By HostsRus in forum Hosting Security and Technology
    Replies: 1
    Last Post: 09-07-2004, 08:27 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •