Find the answer to your Linux question:
Results 1 to 3 of 3
Hello. I have an Ubuntu 9.04 server with postfix/courier installed. Last week I had thousands of spam in mailq and alot of connections on port 25. I got on many ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2009
    Posts
    7

    postfix spam. someone is using my server to send spam and it's not open relay


    Hello. I have an Ubuntu 9.04 server with postfix/courier installed. Last week I had thousands of spam in mailq and alot of connections on port 25. I got on many blacklists and I try to get rid of this problem.
    My configuration is pretty tight and I am not an open relay. Can you tell me please what should I do? Last time happened 5 days ago, I just closed port 25 and cleared the mailq and added some stuff at "smtpd_recipient_restrictions" but now it happened again. If my server isn't an open relay, how could this happen?

    Here's my configuration:

    My logs are attached because I can't post links yet.

    /etc/postfix/main.cf

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version


    # Debian specific: Specifying a file name will cause the first
    # line of that file to be used as the name. The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname

    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no

    # appending .domain is the MUA's job.
    append_dot_mydomain = no

    # Uncomment the next line to generate "delayed mail" warnings
    delay_warning_time = 4h
    unknown_local_recipient_reject_code = 450
    maximal_queue_lifetime = 7d
    minimal_backoff_time = 1000s
    maximal_backoff_time = 8000s
    readme_directory = no

    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/ssl/newssl/1/cert.pem
    smtpd_tls_key_file = /etc/postfix/ssl/newssl/1/key.pem
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    #smtpd_tls_ask_ccert = yes
    #smtpd_tls_req_ccert = no
    smtp_tls_cert_file = /etc/postfix/ssl/newssl/2/cert.pem
    smtp_tls_key_file = /etc/postfix/ssl//newssl/2/key.pem
    smtp_tls_CAfile = /etc/postfix/ssl/newssl/2/cacert.pem

    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.

    mydomain = mail.xxx.ro
    myhostname = mail.xxx.ro
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    #$mydomain
    mydestination = /etc/postfix/local-host-names
    relayhost =
    #$mydomain
    mynetworks = 127.0.0.0/8
    mynetworks_style = host
    mailbox_command = procmail -a "$EXTENSION"
    mailbox_size_limit = 0
    message_size_limit = 50000000
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = ipv4
    smtpd_sasl_local_domain =
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_destination, reject_rbl_client bl.spamcop.net, reject_rbl_client list.dsbl.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client dnsbl.sorbs.net, permit
    smtpd_data_restrictions = reject_unauth_pipelining
    smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
    #smtpd_helo_restrictions = permit_mynetworks, reject_unknown_hostname, permit
    smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, permit
    smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org
    smtpd_helo_required = yes
    smtpd_delay_reject = yes
    disable_vrfy_command = yes
    strict_rfc821_envelopes = yes
    invalid_hostname_reject_code = 554
    multi_recipient_bounce_reject_code = 554
    non_fqdn_reject_code = 554
    relay_domains_reject_code = 554
    unknown_address_reject_code = 554
    unknown_client_reject_code = 554
    unknown_hostname_reject_code = 554
    unknown_local_recipient_reject_code = 554
    unknown_relay_recipient_reject_code = 554
    unknown_sender_reject_code = 554
    unknown_virtual_alias_reject_code = 554
    unknown_virtual_mailbox_reject_code = 554
    unverified_recipient_reject_code = 554
    unverified_sender_reject_code = 554
    soft_bounce = yes
    smtpd_recipient_limit = 100
    smtpd_soft_error_limit = 10
    smtpd_hard_error_limit = 20
    smtpd_tls_auth_only = no
    #smtp_use_tls = yes
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_CAfile = /etc/postfix/ssl/newssl/1/cacert.pem
    smtpd_tls_loglevel = 2
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    #message_size_limit = 52400000
    virtual_maps = hash:/etc/postfix/virtusertable

    /etc/postfix/master.cf


    #
    # Postfix master process configuration file. For details on the format
    # of the file, see the master(5) manual page (command: "man 5 master").
    #
    # Do not forget to execute "postfix reload" after editing this file.
    #
    # ================================================== ========================
    # service type private unpriv chroot wakeup maxproc command + args
    # (yes) (yes) (yes) (never) (100)
    # ================================================== ========================
    smtp inet n - - - - smtpd
    -o message_size_limit=25000000
    submission inet n - - - - smtpd
    -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
    -o milter_macro_daemon_name=ORIGINATING
    -o message_size_limit=25000000
    # -o smtpd_tls_wrappermode=yes
    smtps inet n - - - - smtpd
    -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
    -o milter_macro_daemon_name=ORIGINATING
    -o smtpd_tls_wrappermode=yes
    -o message_size_limit=25000000
    #628 inet n - - - - qmqpd
    pickup fifo n - - 60 1 pickup
    cleanup unix n - - - 0 cleanup
    qmgr fifo n - n 300 1 qmgr
    #qmgr fifo n - - 300 1 oqmgr
    tlsmgr unix - - - 1000? 1 tlsmgr
    rewrite unix - - - - - trivial-rewrite
    bounce unix - - - - 0 bounce
    defer unix - - - - 0 bounce
    trace unix - - - - 0 bounce
    verify unix - - - - 1 verify
    flush unix n - - 1000? 0 flush
    proxymap unix - - n - - proxymap
    proxywrite unix - - n - 1 proxymap
    smtp unix - - - - - smtp
    # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
    relay unix - - - - - smtp
    -o smtp_fallback_relay=
    # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq unix n - - - - showq
    error unix - - - - - error
    retry unix - - - - - error
    discard unix - - - - - discard
    local unix - n n - - local
    virtual unix - n n - - virtual
    lmtp unix - - - - - lmtp
    anvil unix - - - - 1 anvil
    scache unix - - - - 1 scache
    #
    # ================================================== ==================
    # Interfaces to non-Postfix software. Be sure to examine the manual
    # pages of the non-Postfix software to find out what options it wants.
    #
    # Many of the following services use the Postfix pipe( delivery
    # agent. See the pipe( man page for information about ${recipient}
    # and other message envelope options.
    # ================================================== ==================
    #
    # maildrop. See the Postfix MAILDROP_README file for details.
    # Also specify in main.cf: maildrop_destination_recipient_limit=1
    #
    maildrop unix - n n - - pipe
    flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
    #
    # See the Postfix UUCP_README file for configuration details.
    #
    uucp unix - n n - - pipe
    flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    #
    # Other external delivery methods.
    #
    ifmail unix - n n - - pipe
    flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp unix - n n - - pipe
    flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix - n n - 2 pipe
    flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman unix - n n - - pipe
    flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
    ${nexthop} ${user}
    Attached Files Attached Files

  2. #2
    Just Joined!
    Join Date
    May 2005
    Posts
    9
    look at the mail headers to see the true mail origin

  3. #3
    Linux Enthusiast scathefire's Avatar
    Join Date
    Jan 2010
    Location
    Western Kentucky
    Posts
    626
    i'm not seeing any open relay type activity. But if your server receives a message that it cannot deliver, it will attempt to tell whoever sent it that it can't. Now if this happens to be a scrupulous mail sender, or used forged headers, or isn't even a mail server at all then you will see a lot of time outs and such.

    If someone attempts relay through you though, you will see the Relay Denied message, again will generate traffic on your end letting the originator know this.

    Open Relay: doubful
    linux user # 503963

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •