The EU server is down right now due to an abuse request. We are investigating the request and should have service restored shortly.
Update:
We had the server enabled again but it was disabled before we could suspend the client spamming.
If we are given the opportunity to clean the queue out before getting cut off again, we will do so.
Update:
We have managed to get this client suspended and all of the mail removed.
All should be back to normal as well as another spam outbreak does not happen.
We also found similar mail queued up on the lax server. The user those messages had originated from has also been suspended and all queued mail removed before that provider unplugs us.
EU down again, they unplugged it again.
I am waiting for a response from their abuse department to see what the problem is now.
I guess we will have to find another provider for the EU region, but the better solution may be to just not offer services in that region or move everyone to another server. Unfortunately, with the server shut down, I do not have access to any of your files until they decide to bring it back online.
They haven't provided further abuse reports, so I am assuming they are getting reports from the large number of emails that were sent today.
If this type of abuse continues we may be forced to not offer email accounts (or allow sending mail for that matter). This latest outbreak was sent using SMTP by using someone's mail account information.
It is unfortunate that not everyone has changed their passwords from a year ago when Plesk had the vulnerability, but that seems to be the case.
The EU server is currently shut off by the provider due to abuse. We are awaiting a reply from the provider to see about getting this machine brought back online.
Sorry, still no response 30 minutes later.
Still no response.
Still no response. We are starting the process of finding another provider to serve this region.
For those that use the EU server, please ping the following address and respond to plesk at lvcs dot net with the times you get.
If all goes well, this will be the replacement. The only other key will be to get the other provider to turn us on long enough to copy all sites and content over. We still haven't received any response on any of our tickets.
It may not come to having to move to this new machine if they get us up and running again, but we will be leery of using this in the future.
It's back up right now. Not sure for how long as I still haven't received a reply to my tickets yet.
The response was finally received. They said >1000 SMTP connections were going from the server again.
We have closed the relay ability on EU. (Previously you could relay if you authenticated, that is no longer available.)
#This has been enabled again.
Emails for the disabled user are now properly being denied.
EU is down again. This time we will keep the SMTP relay service disabled.
(Hopefully they don't take 5.5 hours to respond to the ticket again like they did yesterday.)
##Update
I also see similar messages from the other servers, so this is likely a hole in either OS or Plesk packages.
I have a way that might prevent this, so I am putting that in place as soon as EU returns.
Still no response. This is expected with this provider.
We are back up again. Additional measures are being taken to attempt to combat this spam problem.
EDIT:
Authenticated mail relay will remain closed for a good portion of the day
For the time being, we have enabled the relay (via authentication) options to see if the problem returns.
Everything is still going good with the server, so we will be removing the whitelist shortly. Still no large numbers of outbound messages.
Whitelist request sent. It has been 9 hours w/o an incident, so we should be good.
It has been 14 hours without incident, so hopefully this issue is solved.
It was taken offline a few minutes from the post again. When it is brought back online, we will be going through all crontabs and checking them to see if there is still a cron entry lying around that is triggering this. (It would seem so since this happens at around the same time each day.)
Also, be sure if you are a user on this machine, that you don't send 1000's of messages per day (or at once in any single transaction/short duration).
We were able to get this turned back on about 20 minutes ago. I see one users file in queue at around the time of the suspension, so we will disable that users script.