Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 11
Hello I have a sendmail server that can't be seen outside the network. I have imported mail accounts from another sendmail server in it. Now i see that it keeps ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2012
    Posts
    6

    my sendmail server keeps sending spam


    Hello
    I have a sendmail server that can't be seen outside the network.
    I have imported mail accounts from another sendmail server in it.
    Now i see that it keeps trying to send spam.
    I am a newbie to sendmail.
    What can I control first?

  2. #2
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,849
    Sendmail doesn't send spam, people send spam. One (or more) of those accounts you've enabled must be open to a bot or a user with a desire to send crap via email.

    If it were my system I'd remove all the accounts again, then talk to the owners of each account, only enabling the ones who you can verify, and monitor outgoing email closely to find out anyone starts sending junk after you enable their account. If you can't talk to the account holders, then you might want to try disabling the accounts in batches until the spam stops and you narrow down who is generating it. It is possible that the spam is generated by an infected computer somewhere inside your network - you need to squish this as quickly as you can.
    Linux user #126863 - see http://linuxcounter.net/

  3. #3
    Just Joined!
    Join Date
    Sep 2007
    Location
    Silver Spring, MD
    Posts
    95

    Running cmds like chkrootkit

    Please download, install and run the following executables from the command prompt. They should catch anything that is running on your machine that is running spyware. Then I would install an antivirus solution for linux like AVG or whatever you chose.

    Code:
    chkrootkit
    
    rkhunter
    Chkrootkit - chkrootkit - Wikipedia, the free encyclopedia

    Rkhunter - http://en.wikipedia.org/wiki/Rkhunter

  4. #4
    Just Joined!
    Join Date
    Aug 2012
    Posts
    2
    I use to filter out:
    - spamasssasin
    - clamav

    And i configured postfix with the following (partial config of main.cf):
    Code:
    disable_vrfy_command = yes
    smtpd_delay_reject = yes
    smtpd_helo_required = yes
    
    smtpd_helo_restrictions =
            permit_mynetworks,
            check_client_access proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf,
            reject_unlisted_recipient,
            reject_invalid_helo_hostname,
            reject_non_fqdn_helo_hostname,
            reject_unknown_helo_hostname,
            permit
    
    smtpd_sender_restrictions =
            reject_non_fqdn_sender,
            reject_unknown_sender_domain,
            reject_unlisted_sender,
    
    smtpd_recipient_restrictions =
            permit_sasl_authenticated,
            permit_mynetworks,
            reject_invalid_hostname,
            reject_non_fqdn_hostname,
            reject_non_fqdn_sender,
            reject_non_fqdn_recipient,
            reject_unknown_sender_domain,
            reject_unknown_recipient_domain,
            reject_unauth_destination,
            reject_unknown_recipient_domain,
            permit_mynetworks,
            reject_rbl_client sbl.spamhaus.org,
            reject_rbl_client cbl.abuseat.org,
            reject_rbl_client dul.dnsbl.sorbs.net,
            permit
    
    smtpd_data_restrictions = reject_unauth_pipelining
    
    smtpd_error_sleep_time = 1s
    smtpd_soft_error_limit = 10
    smtpd_hard_error_limit = 20
    This helped me alote of rejecting the major scanners/bots that are lurking for open relay servers or half-configured servers.

    Also i have a cron-script that syncs with spamhaus BLOCK list, that also helps alote to refuse connections from marked blacklisted ip's.

    Check out: spamhaus dot org section: SBL - IP Spam Filter

    p.s.: i use virtual email boxes in my mysql.

    Hopes this helps a bit.
    - Barret

  5. #5
    Just Joined!
    Join Date
    Sep 2007
    Location
    Silver Spring, MD
    Posts
    95

    Spamming Main.cf changes

    Everything looks good from my point of view, most of the items are set to the default settings which are good in many cases. I have reviewed each line of code here

    smtpd_helo_restrictions =
    permit_mynetworks,
    check_client_access proxy:mysql:/etc/postfix/mysql-
    permit # Add to the restrictions section for proper syntax
    virtual_mailboxes.cf,
    reject_unlisted_recipient,
    reject_invalid_helo_hostname,
    reject_non_fqdn_helo_hostname,
    reject_unknown_helo_hostname,
    permit

    smtpd_sender_restrictions =
    reject_non_fqdn_sender,
    reject_unknown_sender_domain,
    reject_unlisted_sender,
    permit # Add to the restrictions section for proper syntax

    smtpd_recipient_restrictions =
    permit_sasl_authenticated,
    permit_mynetworks,
    reject_invalid_hostname,
    reject_non_fqdn_hostname,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unknown_sender_domain,
    reject_unknown_recipient_domain,
    reject_unauth_destination,
    reject_unknown_recipient_domain,
    permit_mynetworks, <==Remove, you have it twice
    reject_rbl_client sbl.spamhaus.org,
    reject_rbl_client cbl.abuseat.org,
    reject_rbl_client dul.dnsbl.sorbs.net,
    permit

    smtpd_data_restrictions = reject_unauth_pipelining

    smtpd_error_sleep_time = 1s
    smtpd_soft_error_limit = 10
    smtpd_hard_error_limit = 20

    allow_untrusted_routing=0 # Add this line items, helps with spamming as well
    relay_recipient_maps= # Adds another line of defense by rejecting mail used for spamming purposes
    [/CODE]

    Also, what version of postfix are you running?

    In addition, there is a nice fix that I think you could try - Linux basic command: Spam Control For Postfix

    But one thing to remember, run the chkrootkit and the rkhunter on your machine to ensure you have not been affected (just as a side note).

    I hope this helps.

    Todd

  6. #6
    Just Joined!
    Join Date
    Aug 2012
    Posts
    6
    Thank you all for your answers, but I use sendmail, not postfix.

  7. #7
    Just Joined!
    Join Date
    Sep 2007
    Location
    Silver Spring, MD
    Posts
    95

    Please look at the trail

    Near the middle of the documentation, it says you configured postfix parameters.

    So let me know if I am missing something because the parameters you listed are from your posting in regards to postfix.

    Please be advised.

    Todd

  8. #8
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,849
    Quote Originally Posted by tdsan View Post
    Near the middle of the documentation, it says you configured postfix parameters.

    So let me know if I am missing something because the parameters you listed are from your posting in regards to postfix.

    Please be advised.

    Todd
    The op hasn't posted any parameters. They've only made two posts on this message board this far - and they're both in this thread. Are you getting the op's request for help mixed up with some of the other posts further down?
    Linux user #126863 - see http://linuxcounter.net/

  9. #9
    Just Joined!
    Join Date
    Aug 2012
    Posts
    6
    No , the first post is mine.
    My username is pasin.

  10. #10
    Just Joined!
    Join Date
    Sep 2007
    Location
    Silver Spring, MD
    Posts
    95

    Original post

    Ok, the post I was referring to must have came from Barrett.

    Ok, my bad there.

    Ok, if it is sendmail, do you have the sendmail.mc file, I need to look at this for review.

    In addition, do you have the configuration file for spam assassin.

    Thank you for the catch.

    Todd

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •