Results 1 to 5 of 5
Hello, I'm using postfix on a centos server to send emails. But since a few days, some unknown users are using it to send their mails and i would like ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 03-17-2011 #1
- Join Date
- Mar 2011
Postfix : disable unknown domains
I'm using postfix on a centos server to send emails. But since a few days, some unknown users are using it to send their mails and i would like to disable it. They are always using the linux user "spamfilter" to send them.
Is there a way to block the mails from this user, or to check the domain of the sender in order to see if it's a real one.
Thank's a lot for your help.
- 03-17-2011 #2
Hmm, I'm still learning about PostFix/SMTP so I might not be able to supply you with the best answer, but I'll put in my two cents anyways..
Are you receiving a lot of backscatter mail (bounce back messages)? I'm guessing these users, including "spamfilter" doesn't exist on your system? Is your PostFix server configured as an open-relay? You can test if it is by going to this link SpamHelp.org SMTP Open Relay Test.
It's possible you may also have some malicious scripts on your server that are sending out these eMails. Can you post a snippet of code from your mail logs?
The following command will show us any parameter settings in PostFix that are not set to their default value, which may be of use to troubleshooting:
Last edited by Nagarjuna; 03-17-2011 at 09:20 AM.
- 03-17-2011 #3
- Join Date
- Mar 2011
I'm not receiving backscatter mail but sending them according to my logs. That's what i want to block. Normally i should allow only a few defined domains to send email (but i don't know how to do that).
The user spamfilter effectively exists on my system. And that's the one which is used to send these emails.
I have done your test to check if my server is a spamrelay, and the test has been blocked : Error - could not connect to server.
Here is my logwatch :
--------------------- postfix Begin ------------------------ 6398831 bytes transferred 837 messages sent 831 messages removed from queue Top ten senders: 230 messages sent by: root (uid=XX): 96 messages sent by: email@example.com (uid=XX): 88 messages sent by: apache (uid=XX): 73 messages sent by: firstname.lastname@example.org (uid=XX): 47 messages sent by: email@example.com (uid=XX): 17 messages sent by: firstname.lastname@example.org (uid=XX): 10 messages sent by: email@example.com (uid=XX): 5 messages sent by: firstname.lastname@example.org (uid=XX): 3 messages sent by: email@example.com (uid=XX):
Here is the result of postconf -n :
alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 header_checks = regexp:/etc/postfix/myheader_checks home_mailbox = Maildir/ html_directory = no local_recipient_maps = mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = /etc/postfix/mydestination mynetworks = /etc/postfix/mynetworks myorigin = trouvea.fr newaliases_path = /usr/bin/newaliases.postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_sender_restrictions = reject_unknown_sender_domain unknown_local_recipient_reject_code = 550
Last edited by informatiquetrouvea; 03-17-2011 at 01:20 PM.
- 03-17-2011 #4
Hmm, I see.. Maybe this.. Postfix Per-Client/User/etc. Access Control and/or this.. Postfix Restrict Senders or Recipients ?? Linux Mail Server Setup and Howto Guide may help.
To sum it up, it looks like you can add the following to your /etc/postfix/main.cf:
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/restricted_senders
firstname.lastname@example.org REJECT # Or whatever the user is
Last edited by Nagarjuna; 03-17-2011 at 11:08 AM.
- 03-17-2011 #5
- Join Date
- Mar 2011
Thank you for your reply,
but my problem is that the mail adress of the sender is always changing, but with always the same system user, in fact "spamfilter".
So i could use your method to block the mails send by email@example.com, but tomorrow the spammer will use an other email adress that will not be rejected. That's why i'm looking for a way to block all the emails sent by the system user "spamfilter". This user is only used by spamassassin for the incoming mail, and no outgoing mail have to pass through this user.