Protection from Outbound Spam

If your hosting offerings include mail services, keep in mind that your mail server can be used for malicious purposes, such as sending spam. Outgoing spam can cause an increased load on the server and complaints from recipients. What’s more important, your server IP addresses might be added to public black lists, such as Spamhaus or OpenBL lists.

To prevent spam being sent from your server, Plesk offers a tool that controls the sending of email messages. This tool gathers statistics about outgoing messages and prevents mail being sent when specified limits are exceeded. You can specify limits on outgoing mail at the following levels: mail server, service plan, subscription, domain, and mailbox.

Administrators can prevent outgoing spam by using limits on the number of outgoing email messages per hour. In addition, the administrator can easily determine the exact source of possible spam with the help of reports and notifications.

Types of Threats

Plesk introduces different limits for prevention of the following different types of threats:

• Stolen mail accounts.

  SMTP user account credentials can be stolen by malicious users when they hack a mail server by using a system vulnerability (for example, PHP vulnerability) or an application exploit (for example, exploit for an outdated WordPress version). Also, if customers use very weak passwords, their passwords can be obtained by using brute force tools.

  You can prevent this type of threat by limiting the number of outgoing email messages from a mailbox.

• Web scripts for malicious mass mailing.

  A malicious user can use a Plesk customer account in order to create a website with a script that will distribute spam emails. Also, a malicious user can steal the FTP credentials of a customer account and upload a website with a mass mailing script via FTP.

  You can prevent this type of threat by limiting the number of outgoing email messages from a domain.

• Hacked system accounts on Linux.

  Malicious users can gain access to Linux system user accounts by using system or application exploits. After that, they can plant scheduled background tasks in crontab. Such scheduled tasks can run mass mailing scripts that spread spam mail.

  You can prevent this type of threat by limiting the number of outgoing email messages from a subscription.

How to Set Up Protection

To protect against spam by limiting outgoing mail, follow the steps:

1. Switch on limitations on outgoing mail in the mail server settings at Tools & Settings > Mail Server Settings. See Configuring Server-Wide Mail Settings.

   
   

2. Remove all IP addresses and networks from the mail server's white list (located in Plesk for Linux in Tools & Settings > Mail Server Settings > White List tab, in Plesk for Windows in Tools & Settings > Mail Server Settings > Relay options > Use no relay restrictions for the following networks). The limits on outgoing mail will not work for mail senders whose IP addresses are in the white list.

   Note: Starting with Plesk 12, the 127.0.0.0/8 network is no longer added to the whitelist by default. This is necessary for outbound spam protection to function correctly. Not having localhost whitelisted prevents PHP scripts from sending mail on Windows. Other scripting engines may be affected as well. Also, Mailman will not be able to send emails to external email addresses.

3. (Optional) Set the period of time for gathering statistics used for displaying reports. The same period is used for determining the outgoing mail status, which is displayed on the Plesk UI Home page. See Configuring Server-Wide Mail Settings.
4. (Optional) Set the period of time for notifications about outgoing mail. See Notifications About Attempts to Exceed Limits.
5. (Optional) Change the limits that are used by default on Plesk objects. See Custom Limits.
6. Analyze the statistics on attempts to exceed limits at Tools & Settings > Outgoing Mail Control. See Statistics and Reports.

   Note: The Outgoing Mail Control link is displayed only if the limitations are switched on in the mail server settings.

   

Limitations of the Protection

Some kinds of outgoing messages cannot be counted in Outgoing Mail Control due to mail server or mailing lists software restrictions. This might lead to Plesk not blocking excessive outgoing mail. Therefore, be aware of the limitations in the following areas:

• Mailing lists. Messages sent to mailing list subscribers are not counted in Outgoing Mail Control.
• Messages forwarded from non-existent addresses. Messages intended for non-existent recipients and thus forwarded to an external address (that is, outside a domain) are not counted in Outgoing Mail Control. This limitation affects the choice of forwarding address in the mail bounce settings of the domain (in the Customer Panel in Mail > Mail Settings > select a domain > Mail for Non-Existent Users): Customers can specify only the addresses that belong to the selected domain. In addition, customers cannot set one forwarding address for several domains because of that restriction. The Plesk administrator can specify a forwarding address without any restrictions.
• Setting up limits. Mail server capabilities define the levels on which you can specify limits on outgoing mail and determine whether you can prevent malicious mail from being sent by web scripts:

• Messages forwarded from existing addresses. In Plesk for Windows, such forwarded messages might not be counted in Outgoing Mail Control:

• Messages without SMTP authentication. If a message was sent from another computer, and, therefore, SMTP authentication was not established, such message is not counted in Outgoing Mail Control.