Hello, from my virtual server, have been sent many (more than 1 mio) emails from [email protected] to one exact destination email address. Our IP got blocked temporarily, due to this spam emails. Now, for the website, I have created neither email domains, nor email addresses. I presume, the website has been attacked, but how can I stop sending emails from non existing emails. Does it help disabling temporarily the website or do I have to delete it? How to disable this webmaster@[domain] sender? Thanks
If you know which website sends the mails, disable that website while fixing issue. Look for malware in the website files or in the database. ISPProtect for example scans for suspicious files and database contents. https://www.ispconfig.org/add-ons/ Then prevent the malware getting back. If you suspect password has leaked, change password. Check settings and consider making them more secure. I forgot: Check the applications running on that website are updated. Check also plugins, themes etc..
Hello, thank you for your prompt reply. So, if I understood right, by disabling a website, you disable also all email addresses related to that domain, right? And I would like to know, if I create a website without any email domain and addresses, how it is possible that somebody can send emails from that domain (in my case webmaster@[domain])? Is there any possibility in ispconfig 3 to disable email for specific website?
No. By disabling a hacked website, you stop spam sending that occurs through a script in that site. Email domain and email addresses are not required for mail sending. Keep your sites updated and install Linux updates regularly and fix security holes in your site when it got hacked.
