I have payed for premium install debian server but nothing work

Discussion in 'Installation/Configuration' started by jivko790, Nov 8, 2015.

  1. jivko790

    jivko790 New Member

    I have payed for premium install debian server but nothing work there i get a lot of spam emails mail deilvery system plaes forum users let me know how can can resolve. there ist debian jessi ispconfig

    thancks to all
    best regards
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    I've talked with the person that made your installation, the setup that was made on your server is correct and the spam sending happens trough poorly coded websites that you moved onto this new server. If a website has security holes and these holes were used to send spam, then that's not an issue with the installation of the control panel, it's an issue in the website and you have to resolve that in the website.

    There are several steps that you should do to secure your websites:

    1) When the website uses a cms system like wordpress or joomla, then ensure that you have the latest version of the cms installed and update all plugins to their latest versions.
    2) If the website are custom coded, then ask the developer of that site or web agency that maintains the site to review the access.log to find and fix the security holes.
    3) Scan your server with maldetect regularily for malware: https://www.howtoforge.com/communit...-debian-6-with-ispconfig-3.58440/#post-284508
    4) If you can't fix the code of your websites for whatever reason then you can try to add some additional security layer by installing an application firewall like mod_security for apache.
  3. jivko790

    jivko790 New Member

    Sir Till i am sure with my web sites codes .. i dont want tell which devoloper do that installing ... i have install myself isconfig on amazon server work just fine .. some times get mysql stop it ..after i restart mysql work just fine .. For that i pay service installing for dont get error by server .. intill now 5000 spam emails my server get it end also send it not good for me , google msn end other email providers stop accept my emails/domains....
    if you dont belive me let me know send you root passwords
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, we'll see. Amazon blocks the spam trough external filters, so that you dont see the spam at amazon is no indication that your websites are safe. Send me the root login details by email. I will then tell you if the spam emails are send by one of your websites or if they are caused by a bad server installation.
  5. florian030

    florian030 Well-Known Member HowtoForge Supporter

    Your problem is not related to the server for premium install. You have at least another server and this server is used for spam.

    From your mailqueue (** is your server and * seems to be an amazon-server):
    Received: from mail.*.com (unknown [46.*.*.*])
    (Authenticated sender: info@*.com)
    by mail.**.com (Postfix) with ESMTPSA id F28D8120192;
    Mon, 9 Nov 2015 11:10:45 +0100 (CET)

    Received: from mail.*.com (unknown [114.*.*.*])
    (Authenticated sender: info@*.com)
    by mail.**.com (Postfix) with ESMTPSA id 13FBC120120;
    Mon, 9 Nov 2015 11:01:59 +0100 (CET)

    As you can see, the mail is send through and authenticated account from a remote server.

    Don´t blame your current install. Better fix your existing installations.
  6. jivko790

    jivko790 New Member

    I dont have other server us spam nothing to do with that server
  7. till

    till Super Moderator Staff Member ISPConfig Developer


    I checked your setup. The spam is send by one of the email
    accounts on your server and the user is authenticated, so
    he has a valid password for this email account.

    Received: from mail.e...........h.com (unknown [39...........])
    (Authenticated sender: [email protected])
    by mail.b.......com (Postfix) with ESMTPSA id 351BA1205F1;
    Mon, 9 Nov 2015 12:35:15 +0100 (CET)

    So the account that sends the spam is: [email protected]

    This means that there is no issue with your ISPConfig setup,
    you have just a problem that either one of your customers
    is sending spam or that someone got the password of his
    account (e.g. when he used it over a insecure wlan connection,
    in a internet cafe or his computer has a virus / malware that stole
    the password).

    To stop the spam sending, set a new and secure password for
    the email account [email protected] in ISPConfig.

    Then talk with the user that owns this account and ask him if he had
    sent this spam intentionally, if not, then he should install a recent
    antivirus solution on his desktop and scan it for viruses and tell him
    to use smtps / imaps / pop3s to connect to the server so that
    all connections are secured with ssl / tls. Thats a client side setting,
    your server supports the secure connections out of the box.

    Then you should delete all those spam mails from the mailqueue,
    e.g. with this command:

    mailq | tail -n +2 | awk 'BEGIN { RS = "" }
    # $7=sender, $8=recipient1, $9=recipient2
    { if ($7 == "[email protected]")
    print $1 }
    ' | tr -d '*!' | postsuper -d -

    This is just one command and it deletes all email with sender address
    [email protected] from the mailqueue.

    I've send you the real email address name of the affected account be email.

    So you see, you barked at the wrong tree by complaining that this is a problem of the installation service. If a password of an email account that you created after the server was installed is handed out to the wrong person or gets lost and is then used by someone to send spam, then this is is not an installation issue.

Share This Page