A maintenance event to our servers or software is in progress. It may not affect you. Select the link on the right for details. Learn more

  Tag Cloud

contact form 7 Email imap letsencrypt nodejs outlook prefix REST API security TLS troubleshooting web applications web server wordpress wp-json

  Support

Support Tickets
Latest News
Knowledge Base
System Status
Create Support Ticket

Port 25 outgoing has been blocked on this server due to spam Print

  • 0

Problem Description

  • You receive an email notification indicating that your server's port 25 has been blocked due to spam
  • When viewing your VPS settings in our Client Centre a warning appears indicating: "Port 25 outgoing has been blocked on this server due to spam as of [date detected]" and an Unblock button appears beside it.

This means that our datacentre's firewalls have detected spam originating from your server and have shut down access to sending messages (outgoing port 25/smtp and 465/smtp-ssl) until you are able to resolve this issue. This is not punative -- the block is in place to help protect your server's reputation.

Warning: Do not click the unblock button until you are sure that the source of the potential spam has been found and resolved. Details on how to do this below. If you unblock it prematurely you could negatively impact the reputation of your server as a mail source for weeks or even months.

Problem Resolution

There are three steps to resolving this:

  1. Use the provided message IDs to help identify the spam messages in your mail log, OR examine your outgoing mail queue in Plesk.
  2. Use the data from the mail log or outgoing mail queue in Plesk to determine the source of the spam
  3. Shut down the source of the spam

Once you've completed these steps, you can unblock port 25 by using the Unblock button described in the Problem Description above.

Examining the Mail Logs

On CentOS the mail log is located at /var/log/maillog and you can search for message IDs using the grep command like this: grep "MESSAGE_ID" /var/log/maillog. Replace MESSAGE_ID with the actual ID provided in our notification email. The mail logs should reveal the domain that is the source of the spam.

Analyzing the Plesk Mail Queue

Log in to Plesk, then go to Tools & Settings > Mail Server Settings > Mail Queue (tab)

From here you can see all messages which have been 'caught' in the queue and which are not sending at this time. Typically when your server is sending mass spam there will be at least a dozen or two messages (more likely hundreds) that are shown in the queue here and you can identify them pretty easily by looking at their subject lines. If you click on any given spam message, you will see the headers of the message which will help identify the source of the spam, like whether it was sent through a compromised email account password, or through a website.

Causes of Spam

There are three typical causes of such spam and rarely any others. They are:

  1. Password Compromised: An attacker has gained control of an email account's password. This happens for a number of reasons including: the password having been guessed because it's too simple (if your Plesk server's security policy is configured to allow anything less than Very Strong passwords, then this is possible), the password having been leaked through insecure connections (if your server is configured to allow insecure connections, this could happen), and finally the most common: if the email user uses the same password on other websites, if any of them have had a data leak, then the attacker used the same password to access their email. You can check this last case by entering the email address on haveibeenpwned.com. If the email account is found there, this is probably how the account was compromised.
  2. Website Spam: Your site is receiving a lot of spam comments or user registrations and your website software is sending out notifications of the comment or registration to non-existent email addresses.
  3. Website Hacked: Your website is hacked and the hacking tool is attempting to send mass spam, frequently as part of a scam, phishing attempt, or an attempt to propagate the hack to other websites.

Resolution for #1: Simply change the password for the email account in Plesk.

Resolution for #2: If the issue is spam comments, you could install a spam protection plugin like Antispam Bee for WordPress. For registrations or form abuse, your best bet is to install a CAPTCHA protection system for your form. Search the plugin database for your web application for the best solution for your Form software.

Resolution for #3: Follow our guide to cleaning up a hacked website.

Once you've resolved the issue, be sure to remove any spam still caught in the mail queue first, then go ahead and unblock the port.

Was this answer helpful?

Related Articles

Cannot connect to mail server even when all the settings are correct Problem Description Assuming all settings are 100% correct, this problem can happen in one of... Testing SMTP from command line/ telnet Sometimes it’s really handy to be able to do a quick mail test direct from a server rather than... Configure DenyHosts to stop sending emails Problem Description DenyHosts defaults to sending an email to root whenever it adds an IP... Moving email messages between accounts In Plesk, emails are stored in the directory... Using iOS's Junk mail folder alongside Spam Problem DescriptionPlesk only scans the folder called "Spam" for its bayesian filtering. In other...
← Back

  Tag Cloud

contact form 7 Email imap letsencrypt nodejs outlook prefix REST API security TLS troubleshooting web applications web server wordpress wp-json

  Support

Support Tickets
Latest News
Knowledge Base
System Status
Create Support Ticket