hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Plesk - Qmail - Thousands of Failure Notice Emails
Reply

Forum Jump

Plesk - Qmail - Thousands of Failure Notice Emails

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 02-11-2010, 01:09 PM
sirrox sirrox is offline
New Member
 
Join Date: Jan 2008
Posts: 3

Plesk - Qmail - Thousands of Failure Notice Emails


I searched this forum with no luck on finding how to stop this!

I run Plesk 9.3.0 on a GoDaddy Virtual Dedicated Server. I have had this VDS since 2001. Never had a problem with emails limits.

I only have 4 email accounts setup on this domain. Three of them are simply setup to autoforward to the users normal email. I have mine setup that gmail requests the mail from the server rather than auto forward.

I have been getting the "You have Reached the SMTP Limit on your Server of 3000" daily for a couple weeks. It happens usually within 8 hours of the daily limit being reset.

I checked my plesk mail queue and continually find "Failure Notice" emails in the queue. See attched pic.

==================================
The header info on the email when clicking it in plesk is:
Received: (qmail 3568 invoked by alias); 11 Feb 2010 08:27:49 -0800
Delivered-To: postmaster@ip-XXX-XX-XXX-X.ip.secureserver.net
Received: (qmail 3564 invoked for bounce); 11 Feb 2010 08:27:49 -0800
Date: 11 Feb 2010 08:27:49 -0800
From: MAILER-DAEMON@ip-XXX-XX-XXX-X.ip.secureserver.net
To: postmaster@ip-XXX-XX-XXX-X.ip.secureserver.net
Subject: failure notice
==================================

I then logged in via SSH and ran "find /var/qmail/queue -name XXXX | xargs cat | less " on one of the headers and this is what I get.

==================================
Received: (qmail 3561 invoked by alias); 11 Feb 2010 08:27:49 -0800
Delivered-To: postmaster@ip-XXX-XX-XXX-X.ip.secureserver.net
Received: (qmail 3557 invoked for bounce); 11 Feb 2010 08:27:49 -0800
Date: 11 Feb 2010 08:27:49 -0800
From: MAILER-DAEMON@ip-XXX-XX-XXX-X.ip.secureserver.net
To: postmaster@ip-XXX-XX-XXX-X.ip.secureserver.net
Subject: failure notice

Hi. This is the qmail-send program at ip-XXX-XX-XXX-X.ip.secureserver.net.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<admin@domain.com>:
64.202.189.86 failed after I sent the message.
Remote host said: 554 Message refused.

--- Below this line is a copy of the message.

Return-Path: <postmaster@ip-XXX-XX-XXX-X.ip.secureserver.net>
Received: (qmail 3553 invoked by alias); 11 Feb 2010 08:27:48 -0800
Delivered-To: postmaster@ip-XXX-XX-XXX-X.ip.secureserver.net
Received: (qmail 3549 invoked for bounce); 11 Feb 2010 08:27:48 -0800
Date: 11 Feb 2010 08:27:48 -0800
From: MAILER-DAEMON@ip-XXX-XX-XXX-X.ip.secureserver.net
To: postmaster@ip-XXX-XX-XXX-X.ip.secureserver.net
Subject: failure notice

Hi. This is the qmail-send program at ip-XXX-XX-XXX-X.ip.secureserver.net.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<admin@domain.com>:
64.202.189.86 failed after I sent the message.
Remote host said: 554 Message refused.

--- Below this line is a copy of the message.

Return-Path: <postmaster@ip-XXX-XX-XXX-X.ip.secureserver.net>
Received: (qmail 3510 invoked by alias); 11 Feb 2010 08:27:46 -0800
Delivered-To: postmaster@ip-XXX-XX-XXX-X.ip.secureserver.net
==================================

I have the following mail settings for my domain in plesk;
Mail to non-existent user set to "Reject"

I have the following server wide mail setting set in plesk;
Relaying set to 'authorization required' with SMTP checked.
Spam protection based on dns blackhole lists in enabled.
Use of only full IMAP/POP3 accounts names is allowed.

I recently last night added a SPF entry at my domain level;
v=spf1 a mx include: spf.secureserver.net include:aspmx.googlemail.com ~all

(I intentionally added a space in the "include: spf.sercureserver.net" as it was making a smiley face)

I would like to be able to reply to mail received on this domain from my Gmail account (iphone) and have it reply from the domain email address not my Gmail address. Hopefully I got the SPF header correct. I understand it will take up to 48 hours for this to become effective. I am hoping this would stop the spoofing if that is what it is.

PLEASE... what am I missing, how are these emails getting in! Are they beginning on my server or is it originating from somewhere else and they are spoofing my domain in there from section?

I run an online store, forum and have a web form based contact us that all use the mail server. I can't afford to fight with this any longer.

HELP!!
Attached Thumbnails
Click image for larger version

Name:	Mail_queue.jpg
Views:	482
Size:	56.0 KB
ID:	16377  



Sponsored Links
  #2  
Old 02-13-2010, 03:56 PM
atomicturtle atomicturtle is offline
Junior Guru Wannabe
 
Join Date: Sep 2003
Location: Earth!
Posts: 55
Are all these messages bouncing to the same address, admin@domain.com? It could be a broken application doing that. Or is this a case where its different addresses all over the place? That would indicate to me that its a spammer exploiting a vulnerable web application, or weak SMTP password.

__________________
Secure your server now: Atomic Secured Linux
Troubleshooting Linux Firewalls in stores today

  #3  
Old 02-19-2010, 08:11 PM
Drew_Parallels Drew_Parallels is offline
Junior Guru Wannabe
 
Join Date: Oct 2009
Posts: 56
Looks like we've just published a micro-update that deals with this problem. Just update your Plesk with the autoinstaller via CLI.

__________________
Drew from Parallels
Twitter: @ParallelsPanel

Sponsored Links
  #4  
Old 02-24-2010, 02:23 PM
NuPixel NuPixel is offline
Junior Guru
 
Join Date: Jun 2005
Location: Ohio, USA
Posts: 208
I'm experiencing the same issue, did you get yours fixed sirrox?

__________________
NuPixel - Custom Web Design & Graphics
Extraordinary, Not Ordinary
Web & Graphic Design, HTML, XHTML, CSS, Script Customization & Integration + More!
Click Today! --> NuPixelStudios.com

Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
Thousands of emails being sent via sendmail to ne.jp emails. Help me find him... astounding Hosting Security and Technology 6 09-13-2007 09:09 PM
failure notice:thouzands of emails in a very short period NameSniper Hosting Security and Technology 7 05-01-2005 07:47 AM
"failure notice" thouzands of emails NameSniper Hosting Security and Technology 4 04-30-2005 04:31 PM
qmail - receiving emails (thousands of spams) zoli Hosting Security and Technology 9 03-18-2005 01:20 PM
SMTP: Failure notice [SPAM] HostsRus Hosting Security and Technology 1 09-07-2004 08:27 PM

Related posts from TheWhir.com
Title Type Date Posted
IT Monitoring Solution Anturis Adds Parallels Plesk Integration Web Hosting News 2014-02-26 09:58:52
Cisco Researcher Discovers Possible Exploit Vector for DarkLeech Attacks Web Hosting News 2013-04-26 10:19:35
Cirrus Tech Improves Plesk Integration, Expands OS Offerings with VPS Services Web Hosting News 2012-09-28 14:21:20
CIRA Warns .CA Registrants of Fake Domain Renewal Email Phishing Scam Web Hosting News 2012-08-10 11:02:44
Parallels Plesk Panel Vulnerability Revealed by Hacker Selling Exploit Web Hosting News 2012-07-11 10:34:13


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?