Spam to my registered email

So i just started using Virtualmin about a week ago. Testing the features, making virtual server, removing them and just getting my feet wet. I own two domain names that i have been playing around with.

I have set up wordpress sites on them both. but i am getting spam emails to the addresses i set up when making the site…i have set up wordpresss sites before and not had this issue. only change is virtualmin

The main concern is that i just got an email about one of my sites, which i deleted from virtualmin.

Virtualmin doesn’t cause you to get spam. Your domain does. Somewhere along the line, your domain was added to a spammers list. Probably long before you ever got Virtualmin.

But since you’re now on your own mail server, you have to start playing whack-a-mole with the spam settings.

There’s a fellow here named Neil that goes by user name @calport that’s pretty good on all things email and he’s very reasonably priced.

1 Like

Make sense, but one of the domains, i just got two days ago. thanks for the advice

Thanks @Gomez_Adams. There are many possibilities that you must eliminate, @pologoalie8908 , if you wish to pin the blame on Virtualmin for spammers getting to know of your email address, the first of which is this: have you never used that email address before you hosted the domain on Virtualmin?

If you have ever used that email address before then there is every possibility that it made its way into a spammers database at that time and it is a mere coincidence that you are seeing spam on it at the very moment that you have hosted that domain on a Virtualmin system.

Also be informed that Virtualmin and cPanel (and maybe other web hosting panels as well) create the default email address for a virtual server / domain in identical format domain@domain.tld, so if this is your ‘registered’ email address that is receiving spam then it could be a good guess by the spammer / some tool used by the spammer to generate valid email addresses.

There is nothing in Virtualmin that leaks email addresses to spammers, and having said that, I would be happy to take a quick look, as @Gomez_Adams has suggested, to see if everything is setup on your system as it should be.

1 Like

So its not the email that Virtualmin makes…i made a virtual server with the domain name i jsut bought. i installed the wordpress script on it and in the setup of wordpress it asks for an email. i put in a gmail account i use for my web hosting stuff, and then not but two days later, i get an email from some person asking if i need help with my website(the one i just bought and put live for about 2 hours before deleting it

It just occured to me that there are people who sell databases of newly created domain names. Maybe that’s how you were targetted.

See

https://www.whoisds.tld/newly-registered-domains

I don’t want to promote such services or give them link juice so I have changed the dotcom above to dottld. If you want to visit the link you will have to reverse that change.

3 Likes

dang…thats shady , might be the culprit. i wasnt trying to blame virtualmin or anything, i just noticed a possible correlation.

Is it a common name like admin@, office@, sales@, or something like that? Those address start getting spam the day you register the domain.

Richard

1 Like

Spammers can you your info when you register your domain and use the whois lookup to get your info.

any contact forms on wordpress? spam could also be originating from there… bots crawl every ip for websites (eg. ssh attacks start on the 1st day of a new ip/server)…
if spam is coming from your own website, try adding a form antispam plugin (eg. wp armour) and see if that helps.

@pologoalie8908 - what Calport said.

You need to revisit the Postfix configuration and lock it down. Google should be able to help you out with the settings. I run several domains with multiple mailboxes and just about see 1 spam email every few weeks across the lot [I haven’t set it to drop the spam, just put them in the Spam folder, so I can see if it catches one it shouldn’t].

I just want to point out that Virtualmin is Open Source (and the Pro version, while not Open Source from a license perspective, is still entirely unobfuscated and readable source code). You can verify that we aren’t doing anything shady. We don’t even know your email unless you give it to us for your account here, and we never spam…the only mail you’ll ever get from us is forum notifications you have requested or order/renewal notifications if you buy Virtualmin Pro.

There are many ways spammers generate their mailing lists, but Virtualmin has nothing to do with it.

2 Likes