- Plesk for Linux
Spam is sent from a domain hosted on Plesk server.
Mail user is able to log in to SMTP without domain in username:
# telnet example.com 25
Trying 203.0.113.2 ...
Connected to example.com.
Escape character is '^]'.
220 example.com ESMTP Postfix (Ubuntu)
250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
AUTH LOGIN *********** (username in base64)
************ (password in base64)
235 2.7.0 Authentication successful
221 2.0.0 Bye
Mail account was compromised.
Note: if you don't have root access to Plesk server via SSH, contact your hosting provider regarding the issue