Hi, registered just to post this, in hope that it'll be of help for some
other users. This pertains boxes with Plesk + SpamAssassin.
Recently my server has been hit hard with job offer spam, and upon
investigation, I realized that the messages in question (which are
always self-addressed in some form or other) are actually being
delivered without any SA headers after all. However, the logs (the
"maillog file", which is present in /usr/local/psa/var/log) showed that
the messages in question *did* in fact go through SpamAssassin, so
something's up with SA, Postfix, or Plesk's glue scripts. No
whitelisting or similar things are in effect.
After much hair-pulling, I contacted my server ISP and they're aware of
this attack and that it seems to be affecting a lot of people
everywhere, though so far appears to be limited to Plesk boxes. This
seems to point to a Plesk-specific bug or exploit.
All this has likely zero to do with SpamAssassin (esp. since Plesk is
still on 3.2), but I posted this here at the suggestion of a user in
#spamassassin @ Freenode. A temporary very hacky fix is to filter the
messages out at the iptables level (see
http://twitter.com/#!/rackspot/status/96193246165860353), but this can
obviously go wrong in very interesting ways.
-- Bruno Ferreira
- Heads up: Plesk + SpamAssassin, spam at... Bruno Ferreira - Digitalmente Lda.
-
