Spammers sending out from an inactive domain

Posted by YesIWillFixYourEmailSigh on Server Fault See other posts from Server Fault or by YesIWillFixYourEmailSigh
Published on 2013-11-04T19:57:47Z Indexed on 2013/11/04 21:57 UTC
Read the original article Hit count: 129

Filed under:

emailserver

|

plesk

|

shared-hosting

|

qmail

|

spam-prevention

We have a shared hosting service running QMail and Plesk. One of our inactive clients was left active in the system by mistake, and spammers found their very weak passwords and sent out a massive barrage of messages before we caught the problem and shut off the services for that domain.

My question is this: How did they get access to that domain in the first place? The client is long-gone and the domain/DNS is not pointing at our server at all, and neither is the MX record. So how were they able to find that domain and exploit it when nothing on the "outside" was pointing to it?

© Server Fault or respective owner

Related posts about emailserver

using own mail server with external domain and dns. Now have internal dns. dkim test not working

as seen on Server Fault - Search for 'Server Fault'
I am not very knowledgeable in this area, but have been able to make great head way. Now i am stuck I setup my own mail server, e.g mailbox.example.com. I had the domain dns point to my mail server in my office. i was able to set up everything working fine. such as dkim and spf records. Recently… >>> More
What exactly is a X-YMailISG header?

as seen on Server Fault - Search for 'Server Fault'
Finally ... our emails are being seen by Yahoo! not as junk anymore. Hurray! However I notice that the Yahoo! receiving MTA adds in a X-YMailISG header. It's very large ... 2**10 bits? Now that I've invested too large a chunk of my waking life in crafting our email headers I'm curious to know… >>> More
Dovecot: no auth attempts in 0 secs (IMAP protocol)

as seen on Server Fault - Search for 'Server Fault'
I'm having a lot of problems configuring dovecot ony vps. I'm already able to send email using port 110 and to receive email using port 25, but I can't connect using port 993 and 995. I'm using self-signed ssl certificates. When I try to connect to 993 this error is logged: Jun 8 19:06:39 MY_HOSTNAME… >>> More
Transfer all 1&1 web and e-mail services to own Synology NAS using No-IP for DDNS

as seen on Server Fault - Search for 'Server Fault'
I have a domain x-treem.net. The registrar is DomainDiscover and I have a hosting package with 1&1 which includes web and e-mail. I also have an additional package with 1&1 - Microsoft Exchange which centralises all my e-mails, tasks, contacts, notes, etc. and I connect to it with my PC (Outlook)… >>> More
Postfix unable to create lock file, permission denied

as seen on Server Fault - Search for 'Server Fault'
I thought I had my postfix configuration all set up on my Amazon Ubuntu server but I guess not. I'm trying to set up an admin email account for 3 virtually hosted Apache websites. Here's my postfix main.cf file: myhostname = ip-XX-XXX-XX-XXX.us-west-2.compute.internal alias_maps = hash:/etc/aliases alias_database… >>> More

Related posts about plesk

AWStats on Plesk consumes all of CPU and crashes server - how do you disable plesk

as seen on Server Fault - Search for 'Server Fault'
I have Plesk 9.0.1 running on a Red Hat server. Every week or so at about 4:10 AM the server locks up. At this time the server CPU usage shoots from 4% to 90% at the same time as a mass of awstats.pl processes start (I can't see how many as my datat only shows the top 30 processes, but all of these… >>> More
plesk update fails

as seen on Server Fault - Search for 'Server Fault'
I have a dedicated server running CentOS 5.3. I'm trying to update Plesk 9.5.2 to version 10.0.0 but update fails. I do it with yum: yum update psa* --skip-broken -t but it fails and I get the errors at the end: Skip-broken could not solve problems Error: plesk-mail-pc-driver conflicts with psa-qmail Error:… >>> More
Enabling SFTP Access within PLESK

as seen on Server Fault - Search for 'Server Fault'
Hello everyone, I have a client who wants to ensure his upload is secure, so we are trying to enable SFTP for him on our Linux PLESK server. I have enabled SSH access to bin/bash for FTP accounts, and created a new user. When I attempt to SFTP using either the IP address or the domain name, this… >>> More
Problems configuring nameserver in plesk

as seen on Server Fault - Search for 'Server Fault'
Hello, i have some troubles with setting up a nameserver in PLESK for months now. I have tried all possible scenario's but i can not get this to work. I am really in need for some help, and if you can i will really appreciate it. Basically what i want is to just set up a nameserver in PLESK. I have… >>> More
Enabling fastCGI for php in PLESK 9.3 or use ningx

as seen on Server Fault - Search for 'Server Fault'
I have a server that runs PLESK. I can set php to use 3 options: apache module, fastCGI application, cgi application And i have a different option that just says enable fastCGI support. Which option is the best to choose from? I run an php application with mysql and some ajax. Heavy reads and… >>> More