PLESK loop back vulnerability and qmail queues

My friend Dan told me one day, "Eric, you have more computer problems than anyone I know."

Well, no shit! I use computers more than anyone else he knows. I lose hard disks all the time because I have 20 of spinning at any given moment. I also host something like 18 domains for various people, and computers basically all suck -- especially when you aren't an educated sysadmin (I am not). Also, Windows XP sucks on notebooks. My desktops are all rock solid, but my notebooks all tend to have driver problems.

But this entry is about PLESK, qmail, and spammers.

In July, one of my servers was hacked by Brazilians, which sucked. The one ISP in Brazil wouldn't do anything about it, so we had to block out the entire country. Luckily, Chris managed to bring it back online while I was in Bonaire for the Digital Shootout, which saved all of the domains on the box.

A couple of weeks ago, the server stopped sending mail. Chris suggested that we reinstall everything because something might have been screwed up when the hackers got in last time. And so, we did (took a few days to get it right, and I had to migrate gigabytes of data to and from another server -- several times), but a week after the reinstall, the problem started happening again. At this point, I started poking around the PLESK forums and found a few links, which Chris used to find a thread detailing a PLESK vulnerability that leads to a qmail queue of hundreds of thousands -- or millions -- of messages. Bastard spammers were sending mail from my box, and understandably, this prevents all mail from being sent out for hours, days, or weeks. (this is why my mail was failing)

The fix, of course, was to do this, in PLESK:

Go to CP >> Server >> Mail
... and change the whitelist IP from to

Stupid PLESK. But it still didn't fix the problem. My box and domains are now getting nailed by dictionary-style spam attacks (where they take every possible name at a domain and send spam to it), and the bounce-back messages are clogging up the queue.

I poked around and read the following links, which helped me to devise a partial solution:

[PLESK forum talking about the vulnerability]
[Queue Management for Qmail (]
[Qmail-Remove 0.95]
[qmHandle - a tool for the qmail queue]

What I've done is set up a daily cron job that runs:

qmHandle -S'failure notice'

... and e-mails me the output. The command deletes everything in the queue with the subject, 'failure notice', which is what my server sends back when it receives an e-mail to an illegal address. qmHandle is great; it automatically stops and starts the qmail service during its selective purging of messages.

Another solution would have been to prevent bounce-backs when mail to an illegal address is received, but that isn't great for people sending legitimate messages. I'll have to resort to that, if the queue fills up even with constant purging.