Find the answer to your Linux question:
Results 1 to 5 of 5
Hello, I'm using postfix on a centos server to send emails. But since a few days, some unknown users are using it to send their mails and i would like ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2011
    Posts
    3

    Postfix : disable unknown domains


    Hello,

    I'm using postfix on a centos server to send emails. But since a few days, some unknown users are using it to send their mails and i would like to disable it. They are always using the linux user "spamfilter" to send them.

    Is there a way to block the mails from this user, or to check the domain of the sender in order to see if it's a real one.


    Thank's a lot for your help.

  2. #2
    Linux Newbie Nagarjuna's Avatar
    Join Date
    Feb 2011
    Posts
    122
    Hmm, I'm still learning about PostFix/SMTP so I might not be able to supply you with the best answer, but I'll put in my two cents anyways..

    Are you receiving a lot of backscatter mail (bounce back messages)? I'm guessing these users, including "spamfilter" doesn't exist on your system? Is your PostFix server configured as an open-relay? You can test if it is by going to this link SpamHelp.org SMTP Open Relay Test.

    It's possible you may also have some malicious scripts on your server that are sending out these eMails. Can you post a snippet of code from your mail logs?

    The following command will show us any parameter settings in PostFix that are not set to their default value, which may be of use to troubleshooting:

    Code:
    postconf -n
    Last edited by Nagarjuna; 03-17-2011 at 09:20 AM.

  3. #3
    Just Joined!
    Join Date
    Mar 2011
    Posts
    3
    I'm not receiving backscatter mail but sending them according to my logs. That's what i want to block. Normally i should allow only a few defined domains to send email (but i don't know how to do that).

    The user spamfilter effectively exists on my system. And that's the one which is used to send these emails.

    I have done your test to check if my server is a spamrelay, and the test has been blocked : Error - could not connect to server.

    Here is my logwatch :

    Code:
     
    
    --------------------- postfix Begin ------------------------
    
    
    
     6398831 bytes transferred
     837 messages sent
     831 messages removed from queue
    
     Top ten senders:
       230 messages sent by:
          root (uid=XX):
       96 messages sent by:
          commercial@trouvea.fr (uid=XX):
       88 messages sent by:
          apache (uid=XX):
       73 messages sent by:
          demande_devis@trouvea.fr (uid=XX):
       47 messages sent by:
          emploi-domicile@trouvea.fr (uid=XX):
       17 messages sent by:
          wew_245_29471@wewmail.com (uid=XX):
       10 messages sent by:
          informatique@trouvea.fr (uid=XX):
       5 messages sent by:
          commercial@trouvea.fr (uid=XX):
       3 messages sent by:
          info@trouvea.fr (uid=XX):
    and the user id is the one of spamfilter.


    Here is the result of postconf -n :

    Code:
     alias_maps = hash:/etc/aliases
    command_directory = /usr/sbin
    config_directory = /etc/postfix
    daemon_directory = /usr/libexec/postfix
    debug_peer_level = 2
    header_checks = regexp:/etc/postfix/myheader_checks
    home_mailbox = Maildir/
    html_directory = no
    local_recipient_maps = 
    mailq_path = /usr/bin/mailq.postfix
    manpage_directory = /usr/share/man
    mydestination = /etc/postfix/mydestination
    mynetworks = /etc/postfix/mynetworks
    myorigin = trouvea.fr
    newaliases_path = /usr/bin/newaliases.postfix
    readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
    sample_directory = /usr/share/doc/postfix-2.3.3/samples
    sendmail_path = /usr/sbin/sendmail.postfix
    setgid_group = postdrop
    smtpd_sender_restrictions = reject_unknown_sender_domain
    unknown_local_recipient_reject_code = 550
    Last edited by informatiquetrouvea; 03-17-2011 at 01:20 PM.

  4. #4
    Linux Newbie Nagarjuna's Avatar
    Join Date
    Feb 2011
    Posts
    122
    Hmm, I see.. Maybe this.. Postfix Per-Client/User/etc. Access Control and/or this.. Postfix Restrict Senders or Recipients ?? Linux Mail Server Setup and Howto Guide may help.

    To sum it up, it looks like you can add the following to your /etc/postfix/main.cf:

    Code:
    smtpd_sender_restrictions = 
      check_sender_access hash:/etc/postfix/restricted_senders
    Then create /etc/postfix/restricted_senders and edit it to your liking:

    Code:
    spamfilter@trouvea.fr    REJECT    # Or whatever the user is
    Once this is set, you should be able to add the 'restricted_senders' file to PostFix and hopefully it should do the trick:

    Code:
    postmap /etc/postfix/restricted_senders
    Does this accomplish what your trying to do?
    Last edited by Nagarjuna; 03-17-2011 at 11:08 AM.

  5. #5
    Just Joined!
    Join Date
    Mar 2011
    Posts
    3
    Thank you for your reply,

    but my problem is that the mail adress of the sender is always changing, but with always the same system user, in fact "spamfilter".

    So i could use your method to block the mails send by wew_245_29471@wewmail.com, but tomorrow the spammer will use an other email adress that will not be rejected. That's why i'm looking for a way to block all the emails sent by the system user "spamfilter". This user is only used by spamassassin for the incoming mail, and no outgoing mail have to pass through this user.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •