Mail sent to Postfix default accounts @localhost.localdomain is routed to Plesk Administrator's email

Follow

Comments

6 comments

  • Avatar
    Shawn Ort

    Seems to be no valid reason for Plesk to be creating these other than postmaster and even then you could argue it should be created so a customer would see there is a postmaster mailbox and forward it or check it for email as they see fit.

    1
    Comment actions Permalink
  • Avatar
    Frank Palaia

    Recently, it seems that "the bad guys" are now exploiting these alias domain names, and this has become a liability / vulnerability.   I am now getting bombarded with junk sent to drweb, root, and anonymous.  Thank you for offering this solution, but perhaps these aliases need to be eliminated.  I am concerned that adding the line "root: /dev/null " could prevent something important from being sent.  What was it originally intended for?

    3
    Comment actions Permalink
  • Avatar
    Eric

    I agree with Franck Palaia. This is an non-sense that this behavior is expected by design. If domain's owner want to receive mails on postmaster or root, it must be his choice.

    1
    Comment actions Permalink
  • Avatar
    Eric

    I agree with thecomments. To summarize my point of view:

    1) There are apparently idiots who have recently been using this behavior to spam.

    2) This behavior by design seems to date from another time and has been largely abandoned since (because of spam precisely).

    3) Creating a postmaster mailbox or other should be a choice of the domain user or their provider, not be a default behavior of the server that shows spammers a target on their backs to all hosted domains.

    4) This default setting is all the more strange since we have had some Plesk servers for more than 10 years (under CentOS 6 (!), Debian 10, Almalinux 8 and 9) under Qmail AND Postfix and that this behavior has only been observed on an Almalinux9/postfix server and does not seem to concern Almalinux8/Postif.

    1
    Comment actions Permalink
  • Avatar
    Frank Palaia

    I'm afraid that this is not just happening on AlmaLinux.  I do have an AlmaLinux server where this is happening, but one of my servers that is also getting this kind of nuisance "attack" is still running CentOS Linux 7.9.2009, but it has the TuxCare end-of-life extension installed (with the monthly subscription).   I am in the process of migrating it and a number of servers to AlmaLinux.  Another work-around, that may only work until "the bad guys" try a new subject line, is to set up filters that delete mail sent with the subject lines "miss you..." and "Your bonus".  I have only noticed those two (so far...).   

    I am now noticing these messages coming in to individual accounts on some subscriptions, not just the Plesk aliases, but from many, many e-mail addresses..

    1
    Comment actions Permalink
  • Avatar
    Peter Debik

    Just to add a confirmation here that the "miss you..." mails are an annoying new wave of spam to the aliases :-( However, it seems that most of them are originating from the same source so that IP banning the source may help to mitigate it temporarily. We also found that changing SPF handling from "hard fail" to "soft fail" decreased the number of this type of spam that comes through.

    1
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request