postfix/dovecot, other domain is using our server to send spam
up vote
-3
down vote
favorite
Our server is being used to send spam from an account that doesn't belong to our domain. This account is sending emails to other domains and it is affecting our IP reputation.
log:
Nov 20 06:31:42 mydomain postfix/qmgr[5177]: 8C5C921014: from=<info3@samrexindia.com>, size=327666, nrcpt=1 (queue active)
Nov 20 06:31:42 mydomain opendkim[1017]: BA73821F61: no signing table match for 'info3@samrexindia.com'
Nov 20 06:31:42 mydomain postfix/qmgr[5177]: BA73821F61: from=<info3@samrexindia.com>, size=327674, nrcpt=1 (queue active)
Nov 20 06:31:42 mydomain postfix/smtp[5214]: 61964220B8: to=<info3@samrexindia.com>, relay=aspmx.l.google.com[74.125.192.26]:25, delay=0.45, delays=0.01/0/0.34/0.1, dsn=5.7.1, status=bounced (host aspmx.l.google.com[74.125.192.26] said: 550-5.7.1 [67.205.151.88 12] Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1 https://support.google.com/mail/?p=UnsolicitedMessageError 550 5.7.1 for more information. e12si9806509qvj.70 - gsmtp (in reply to end of DATA command))
I am trying to block these emails by using this configuration in the file main.cf of postfix:
"smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination"
but it didn't work. How can I stop this type of open relay?
postconf - output
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
anvil_rate_time_unit = 60s
body_checks = regexp:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = all
invalid_hostname_reject_code = 554
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 30720000
milter_default_action = accept
milter_protocol = 2
mua_client_restrictions = permit_sasl_authenticated, reject
mua_helo_restrictions = permit_sasl_authenticated, reject
mua_sender_restrictions = permit_sasl_authenticated, reject
multi_recipient_bounce_reject_code = 554
mydestination = localhost, localhost.localdomain
myhostname = tboxplanet.com
mynetworks = 127.0.0.0/8 10.136.0.0/16
newaliases_path = /usr/bin/newaliases.postfix
non_fqdn_reject_code = 554
non_smtpd_milters = $smtpd_milters
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $virtual_mailbox_limit_maps
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
relay_domains = proxy:mysql:/etc/postfix/mysql-relay_domains_maps.cf
relay_domains_reject_code = 554
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_security_level = may
smtpd_client_message_rate_limit = 0
smtpd_client_recipient_rate_limit = 0
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
smtpd_helo_required = yes
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_limit = 5000
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, reject_unknown_recipient_domain, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, permit
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_non_fqdn_sender, permit_mynetworks, permit_sasl_authenticated, reject_sender_login_mismatch, reject_unlisted_sender, check_sender_access pcre:/etc/postfix/access, permit
smtpd_tls_CAfile = /etc/letsencrypt/live/mail.tboxplanet.com/fullchain.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.tboxplanet.com/cert.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.tboxplanet.com/privkey.pem
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
virtual_alias_domains =
virtual_alias_maps = hash:/etc/postfix/blacklist, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, regexp:/etc/postfix/virtual_regexp
virtual_gid_maps = static:12
virtual_mailbox_base = /mnt/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains_maps.cf
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
virtual_minimum_uid = 101
virtual_transport = dovecot
virtual_uid_maps = static:101
linux email smtp spam-prevention dovecot
add a comment |
up vote
-3
down vote
favorite
Our server is being used to send spam from an account that doesn't belong to our domain. This account is sending emails to other domains and it is affecting our IP reputation.
log:
Nov 20 06:31:42 mydomain postfix/qmgr[5177]: 8C5C921014: from=<info3@samrexindia.com>, size=327666, nrcpt=1 (queue active)
Nov 20 06:31:42 mydomain opendkim[1017]: BA73821F61: no signing table match for 'info3@samrexindia.com'
Nov 20 06:31:42 mydomain postfix/qmgr[5177]: BA73821F61: from=<info3@samrexindia.com>, size=327674, nrcpt=1 (queue active)
Nov 20 06:31:42 mydomain postfix/smtp[5214]: 61964220B8: to=<info3@samrexindia.com>, relay=aspmx.l.google.com[74.125.192.26]:25, delay=0.45, delays=0.01/0/0.34/0.1, dsn=5.7.1, status=bounced (host aspmx.l.google.com[74.125.192.26] said: 550-5.7.1 [67.205.151.88 12] Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1 https://support.google.com/mail/?p=UnsolicitedMessageError 550 5.7.1 for more information. e12si9806509qvj.70 - gsmtp (in reply to end of DATA command))
I am trying to block these emails by using this configuration in the file main.cf of postfix:
"smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination"
but it didn't work. How can I stop this type of open relay?
postconf - output
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
anvil_rate_time_unit = 60s
body_checks = regexp:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = all
invalid_hostname_reject_code = 554
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 30720000
milter_default_action = accept
milter_protocol = 2
mua_client_restrictions = permit_sasl_authenticated, reject
mua_helo_restrictions = permit_sasl_authenticated, reject
mua_sender_restrictions = permit_sasl_authenticated, reject
multi_recipient_bounce_reject_code = 554
mydestination = localhost, localhost.localdomain
myhostname = tboxplanet.com
mynetworks = 127.0.0.0/8 10.136.0.0/16
newaliases_path = /usr/bin/newaliases.postfix
non_fqdn_reject_code = 554
non_smtpd_milters = $smtpd_milters
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $virtual_mailbox_limit_maps
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
relay_domains = proxy:mysql:/etc/postfix/mysql-relay_domains_maps.cf
relay_domains_reject_code = 554
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_security_level = may
smtpd_client_message_rate_limit = 0
smtpd_client_recipient_rate_limit = 0
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
smtpd_helo_required = yes
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_limit = 5000
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, reject_unknown_recipient_domain, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, permit
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_non_fqdn_sender, permit_mynetworks, permit_sasl_authenticated, reject_sender_login_mismatch, reject_unlisted_sender, check_sender_access pcre:/etc/postfix/access, permit
smtpd_tls_CAfile = /etc/letsencrypt/live/mail.tboxplanet.com/fullchain.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.tboxplanet.com/cert.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.tboxplanet.com/privkey.pem
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
virtual_alias_domains =
virtual_alias_maps = hash:/etc/postfix/blacklist, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, regexp:/etc/postfix/virtual_regexp
virtual_gid_maps = static:12
virtual_mailbox_base = /mnt/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains_maps.cf
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
virtual_minimum_uid = 101
virtual_transport = dovecot
virtual_uid_maps = static:101
linux email smtp spam-prevention dovecot
Will depend on the rest of your config. Can you post output ofpostconf -n
– ivanivan
Nov 20 at 15:41
I edit the question whit the output of postconf -n
– Snick MB
Nov 20 at 15:50
add a comment |
up vote
-3
down vote
favorite
up vote
-3
down vote
favorite
Our server is being used to send spam from an account that doesn't belong to our domain. This account is sending emails to other domains and it is affecting our IP reputation.
log:
Nov 20 06:31:42 mydomain postfix/qmgr[5177]: 8C5C921014: from=<info3@samrexindia.com>, size=327666, nrcpt=1 (queue active)
Nov 20 06:31:42 mydomain opendkim[1017]: BA73821F61: no signing table match for 'info3@samrexindia.com'
Nov 20 06:31:42 mydomain postfix/qmgr[5177]: BA73821F61: from=<info3@samrexindia.com>, size=327674, nrcpt=1 (queue active)
Nov 20 06:31:42 mydomain postfix/smtp[5214]: 61964220B8: to=<info3@samrexindia.com>, relay=aspmx.l.google.com[74.125.192.26]:25, delay=0.45, delays=0.01/0/0.34/0.1, dsn=5.7.1, status=bounced (host aspmx.l.google.com[74.125.192.26] said: 550-5.7.1 [67.205.151.88 12] Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1 https://support.google.com/mail/?p=UnsolicitedMessageError 550 5.7.1 for more information. e12si9806509qvj.70 - gsmtp (in reply to end of DATA command))
I am trying to block these emails by using this configuration in the file main.cf of postfix:
"smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination"
but it didn't work. How can I stop this type of open relay?
postconf - output
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
anvil_rate_time_unit = 60s
body_checks = regexp:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = all
invalid_hostname_reject_code = 554
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 30720000
milter_default_action = accept
milter_protocol = 2
mua_client_restrictions = permit_sasl_authenticated, reject
mua_helo_restrictions = permit_sasl_authenticated, reject
mua_sender_restrictions = permit_sasl_authenticated, reject
multi_recipient_bounce_reject_code = 554
mydestination = localhost, localhost.localdomain
myhostname = tboxplanet.com
mynetworks = 127.0.0.0/8 10.136.0.0/16
newaliases_path = /usr/bin/newaliases.postfix
non_fqdn_reject_code = 554
non_smtpd_milters = $smtpd_milters
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $virtual_mailbox_limit_maps
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
relay_domains = proxy:mysql:/etc/postfix/mysql-relay_domains_maps.cf
relay_domains_reject_code = 554
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_security_level = may
smtpd_client_message_rate_limit = 0
smtpd_client_recipient_rate_limit = 0
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
smtpd_helo_required = yes
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_limit = 5000
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, reject_unknown_recipient_domain, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, permit
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_non_fqdn_sender, permit_mynetworks, permit_sasl_authenticated, reject_sender_login_mismatch, reject_unlisted_sender, check_sender_access pcre:/etc/postfix/access, permit
smtpd_tls_CAfile = /etc/letsencrypt/live/mail.tboxplanet.com/fullchain.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.tboxplanet.com/cert.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.tboxplanet.com/privkey.pem
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
virtual_alias_domains =
virtual_alias_maps = hash:/etc/postfix/blacklist, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, regexp:/etc/postfix/virtual_regexp
virtual_gid_maps = static:12
virtual_mailbox_base = /mnt/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains_maps.cf
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
virtual_minimum_uid = 101
virtual_transport = dovecot
virtual_uid_maps = static:101
linux email smtp spam-prevention dovecot
Our server is being used to send spam from an account that doesn't belong to our domain. This account is sending emails to other domains and it is affecting our IP reputation.
log:
Nov 20 06:31:42 mydomain postfix/qmgr[5177]: 8C5C921014: from=<info3@samrexindia.com>, size=327666, nrcpt=1 (queue active)
Nov 20 06:31:42 mydomain opendkim[1017]: BA73821F61: no signing table match for 'info3@samrexindia.com'
Nov 20 06:31:42 mydomain postfix/qmgr[5177]: BA73821F61: from=<info3@samrexindia.com>, size=327674, nrcpt=1 (queue active)
Nov 20 06:31:42 mydomain postfix/smtp[5214]: 61964220B8: to=<info3@samrexindia.com>, relay=aspmx.l.google.com[74.125.192.26]:25, delay=0.45, delays=0.01/0/0.34/0.1, dsn=5.7.1, status=bounced (host aspmx.l.google.com[74.125.192.26] said: 550-5.7.1 [67.205.151.88 12] Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1 https://support.google.com/mail/?p=UnsolicitedMessageError 550 5.7.1 for more information. e12si9806509qvj.70 - gsmtp (in reply to end of DATA command))
I am trying to block these emails by using this configuration in the file main.cf of postfix:
"smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination"
but it didn't work. How can I stop this type of open relay?
postconf - output
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
anvil_rate_time_unit = 60s
body_checks = regexp:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = all
invalid_hostname_reject_code = 554
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 30720000
milter_default_action = accept
milter_protocol = 2
mua_client_restrictions = permit_sasl_authenticated, reject
mua_helo_restrictions = permit_sasl_authenticated, reject
mua_sender_restrictions = permit_sasl_authenticated, reject
multi_recipient_bounce_reject_code = 554
mydestination = localhost, localhost.localdomain
myhostname = tboxplanet.com
mynetworks = 127.0.0.0/8 10.136.0.0/16
newaliases_path = /usr/bin/newaliases.postfix
non_fqdn_reject_code = 554
non_smtpd_milters = $smtpd_milters
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $virtual_mailbox_limit_maps
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
relay_domains = proxy:mysql:/etc/postfix/mysql-relay_domains_maps.cf
relay_domains_reject_code = 554
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_security_level = may
smtpd_client_message_rate_limit = 0
smtpd_client_recipient_rate_limit = 0
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
smtpd_helo_required = yes
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_limit = 5000
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, reject_unknown_recipient_domain, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, permit
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_non_fqdn_sender, permit_mynetworks, permit_sasl_authenticated, reject_sender_login_mismatch, reject_unlisted_sender, check_sender_access pcre:/etc/postfix/access, permit
smtpd_tls_CAfile = /etc/letsencrypt/live/mail.tboxplanet.com/fullchain.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.tboxplanet.com/cert.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.tboxplanet.com/privkey.pem
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
virtual_alias_domains =
virtual_alias_maps = hash:/etc/postfix/blacklist, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, regexp:/etc/postfix/virtual_regexp
virtual_gid_maps = static:12
virtual_mailbox_base = /mnt/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains_maps.cf
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
virtual_minimum_uid = 101
virtual_transport = dovecot
virtual_uid_maps = static:101
linux email smtp spam-prevention dovecot
linux email smtp spam-prevention dovecot
edited Nov 20 at 16:19
Worthwelle
2,2613724
2,2613724
asked Nov 20 at 15:30
Snick MB
12
12
Will depend on the rest of your config. Can you post output ofpostconf -n
– ivanivan
Nov 20 at 15:41
I edit the question whit the output of postconf -n
– Snick MB
Nov 20 at 15:50
add a comment |
Will depend on the rest of your config. Can you post output ofpostconf -n
– ivanivan
Nov 20 at 15:41
I edit the question whit the output of postconf -n
– Snick MB
Nov 20 at 15:50
Will depend on the rest of your config. Can you post output of
postconf -n
– ivanivan
Nov 20 at 15:41
Will depend on the rest of your config. Can you post output of
postconf -n
– ivanivan
Nov 20 at 15:41
I edit the question whit the output of postconf -n
– Snick MB
Nov 20 at 15:50
I edit the question whit the output of postconf -n
– Snick MB
Nov 20 at 15:50
add a comment |
2 Answers
2
active
oldest
votes
up vote
0
down vote
OK, you are using MySQL to store users, domains to service, etc. You'll need to open up one of the mysql conf files, get the username/password and what database is being used, and look through the users and transport maps to figure out exactly who your server is configured to service. Then remove the accounts/domains that do not belong to your company.
Look at the file /etc/postfix/mysql-virtual_mailbox_maps.cf
It should have something like
user = mailuser
password = secretword!
hosts = 127.0.0.1
dbname = mail_data
query = SELECT 1 FROM virtual_users WHERE email='%s'
In it. Username, password, and database are all listed there. Use that info to connect via mysql
client, or mysql-workbench
, etc. to do your exploration.
It appears that your mail server is set up similar to how this tutorial works - https://workaround.org/ispmail/jessie
I'm looking for what you said, but this user info3@samrexindia.com doesn't exist in our databases(tables:alias,aliasdomains,address), that's weird in this case because this domain samrexindia.com is unfamiliar for us
– Snick MB
Nov 20 at 16:41
add a comment |
up vote
0
down vote
accepted
After several days without incident i'm find the solution to our problem.
smtpd_relay_restrictions = check_sender_access hash:/etc/postfix/permit_domain
I create a list of domains who can send emails(relay), this list just authorizing mydomain, because the email who are sending spam is under domain gmail
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
OK, you are using MySQL to store users, domains to service, etc. You'll need to open up one of the mysql conf files, get the username/password and what database is being used, and look through the users and transport maps to figure out exactly who your server is configured to service. Then remove the accounts/domains that do not belong to your company.
Look at the file /etc/postfix/mysql-virtual_mailbox_maps.cf
It should have something like
user = mailuser
password = secretword!
hosts = 127.0.0.1
dbname = mail_data
query = SELECT 1 FROM virtual_users WHERE email='%s'
In it. Username, password, and database are all listed there. Use that info to connect via mysql
client, or mysql-workbench
, etc. to do your exploration.
It appears that your mail server is set up similar to how this tutorial works - https://workaround.org/ispmail/jessie
I'm looking for what you said, but this user info3@samrexindia.com doesn't exist in our databases(tables:alias,aliasdomains,address), that's weird in this case because this domain samrexindia.com is unfamiliar for us
– Snick MB
Nov 20 at 16:41
add a comment |
up vote
0
down vote
OK, you are using MySQL to store users, domains to service, etc. You'll need to open up one of the mysql conf files, get the username/password and what database is being used, and look through the users and transport maps to figure out exactly who your server is configured to service. Then remove the accounts/domains that do not belong to your company.
Look at the file /etc/postfix/mysql-virtual_mailbox_maps.cf
It should have something like
user = mailuser
password = secretword!
hosts = 127.0.0.1
dbname = mail_data
query = SELECT 1 FROM virtual_users WHERE email='%s'
In it. Username, password, and database are all listed there. Use that info to connect via mysql
client, or mysql-workbench
, etc. to do your exploration.
It appears that your mail server is set up similar to how this tutorial works - https://workaround.org/ispmail/jessie
I'm looking for what you said, but this user info3@samrexindia.com doesn't exist in our databases(tables:alias,aliasdomains,address), that's weird in this case because this domain samrexindia.com is unfamiliar for us
– Snick MB
Nov 20 at 16:41
add a comment |
up vote
0
down vote
up vote
0
down vote
OK, you are using MySQL to store users, domains to service, etc. You'll need to open up one of the mysql conf files, get the username/password and what database is being used, and look through the users and transport maps to figure out exactly who your server is configured to service. Then remove the accounts/domains that do not belong to your company.
Look at the file /etc/postfix/mysql-virtual_mailbox_maps.cf
It should have something like
user = mailuser
password = secretword!
hosts = 127.0.0.1
dbname = mail_data
query = SELECT 1 FROM virtual_users WHERE email='%s'
In it. Username, password, and database are all listed there. Use that info to connect via mysql
client, or mysql-workbench
, etc. to do your exploration.
It appears that your mail server is set up similar to how this tutorial works - https://workaround.org/ispmail/jessie
OK, you are using MySQL to store users, domains to service, etc. You'll need to open up one of the mysql conf files, get the username/password and what database is being used, and look through the users and transport maps to figure out exactly who your server is configured to service. Then remove the accounts/domains that do not belong to your company.
Look at the file /etc/postfix/mysql-virtual_mailbox_maps.cf
It should have something like
user = mailuser
password = secretword!
hosts = 127.0.0.1
dbname = mail_data
query = SELECT 1 FROM virtual_users WHERE email='%s'
In it. Username, password, and database are all listed there. Use that info to connect via mysql
client, or mysql-workbench
, etc. to do your exploration.
It appears that your mail server is set up similar to how this tutorial works - https://workaround.org/ispmail/jessie
answered Nov 20 at 15:56
ivanivan
1,12917
1,12917
I'm looking for what you said, but this user info3@samrexindia.com doesn't exist in our databases(tables:alias,aliasdomains,address), that's weird in this case because this domain samrexindia.com is unfamiliar for us
– Snick MB
Nov 20 at 16:41
add a comment |
I'm looking for what you said, but this user info3@samrexindia.com doesn't exist in our databases(tables:alias,aliasdomains,address), that's weird in this case because this domain samrexindia.com is unfamiliar for us
– Snick MB
Nov 20 at 16:41
I'm looking for what you said, but this user info3@samrexindia.com doesn't exist in our databases(tables:alias,aliasdomains,address), that's weird in this case because this domain samrexindia.com is unfamiliar for us
– Snick MB
Nov 20 at 16:41
I'm looking for what you said, but this user info3@samrexindia.com doesn't exist in our databases(tables:alias,aliasdomains,address), that's weird in this case because this domain samrexindia.com is unfamiliar for us
– Snick MB
Nov 20 at 16:41
add a comment |
up vote
0
down vote
accepted
After several days without incident i'm find the solution to our problem.
smtpd_relay_restrictions = check_sender_access hash:/etc/postfix/permit_domain
I create a list of domains who can send emails(relay), this list just authorizing mydomain, because the email who are sending spam is under domain gmail
add a comment |
up vote
0
down vote
accepted
After several days without incident i'm find the solution to our problem.
smtpd_relay_restrictions = check_sender_access hash:/etc/postfix/permit_domain
I create a list of domains who can send emails(relay), this list just authorizing mydomain, because the email who are sending spam is under domain gmail
add a comment |
up vote
0
down vote
accepted
up vote
0
down vote
accepted
After several days without incident i'm find the solution to our problem.
smtpd_relay_restrictions = check_sender_access hash:/etc/postfix/permit_domain
I create a list of domains who can send emails(relay), this list just authorizing mydomain, because the email who are sending spam is under domain gmail
After several days without incident i'm find the solution to our problem.
smtpd_relay_restrictions = check_sender_access hash:/etc/postfix/permit_domain
I create a list of domains who can send emails(relay), this list just authorizing mydomain, because the email who are sending spam is under domain gmail
answered Nov 23 at 15:42
Snick MB
12
12
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1377012%2fpostfix-dovecot-other-domain-is-using-our-server-to-send-spam%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Will depend on the rest of your config. Can you post output of
postconf -n
– ivanivan
Nov 20 at 15:41
I edit the question whit the output of postconf -n
– Snick MB
Nov 20 at 15:50