Control Web Panel
WebPanel => E-Mail => Topic started by: Trovan on May 01, 2016, 06:38:15 PM
-
Hello, i am getting a lot of spam in my queue, i think it's a spam, anyone can help me to stop this?
I receveid a mail queue from my domain, where user's domain is faker.
(http://s32.postimg.org/5rzel4z8l/spam.jpg)
I have the all options enabled when i rebuild mail server.
-
you need to configure your postfix configuration to stop this spam ... google will help you
-
Hello, what is configuration for this postfix?
I think spf1 is disabled, i am trying to set all correct values.
Can you send me or post a example configuration?
Regards,
-
first you need to find out, how spammer can use your server to sending spam.. check /var/log/maillog
if spam came from 127.0.0.1 witsh sasl auth, then change that password user.. but there is many possibilities...
-
There are my log:
2 04:49:05 servidor postfix/cleanup[18847]: 7CD66281EF1: message-id=<62fc4c3ef20f31c9f345843755a1a999@mydomain.com>
May 2 04:49:05 servidor postfix/qmgr[12974]: 7CD66281EF1: from=<jan_malone@mydomain.com>, size=7796, nrcpt=1 (queue active)
May 2 04:49:05 servidor postfix/pickup[15597]: 87E6F281EE3: uid=508 from=<diana_vargas@mydomain.com>
May 2 04:49:05 servidor postfix/cleanup[18847]: 87E6F281EE3: message-id=<2d81dae2f00ef39492253a716270bf29@mydomain.com>
May 2 04:49:05 servidor postfix/qmgr[12974]: 87E6F281EE3: from=<diana_vargas@mydomain.com>, size=7741, nrcpt=1 (queue active)
May 2 04:49:05 servidor postfix/pickup[15597]: 92ACE281EEF: uid=508 from=<jan_malone@mydomain.com>
May 2 04:49:05 servidor postfix/cleanup[18847]: 92ACE281EEF: message-id=<d4c1a0e5117aa4486872d01e047470cc@mydomain.com>
May 2 04:49:05 servidor postfix/qmgr[12974]: 92ACE281EEF: from=<jan_malone@mydomain.com>, size=7757, nrcpt=1 (queue active)
May 2 04:49:05 servidor postfix/pickup[15597]: 9DA60281EEB: uid=508 from=<jan_malone@mydomain.com>
May 2 04:49:05 servidor postfix/cleanup[18847]: 9DA60281EEB: message-id=<db2e726a1dc5c6bfafdbf4bc7ba1e059@mydomain.com>
May 2 04:49:05 servidor postfix/qmgr[12974]: 9DA60281EEB: from=<jan_malone@mydomain.com>, size=7684, nrcpt=1 (queue active)
I can't see where is comming, but the spam i have in queue that's it...
-
May 2 04:49:05 servidor postfix/pickup[15597]: 87E6F281EE3: uid=508 from=<diana_vargas@mydomain.com>
Never have problem like this before, cant see "postfix/pickup" in my server log
try to find who have uid=508 in /etc/passwd
you can change/block authorized_submit_users inside main.cf
-
agenciae:x:508:508::/home/agenciae:/sbin/nologin
How i can block this?
-
Add this to master.cf
authorized_submit_users = !agenciae, static:anyone
-
After insert this in master.cf, i cant send email's on port 25.
Temporary MTA failure on relaying, From MTA() during fwd-connect
I send by outlook in other host.
-
Im sorry, i have no more idea...
-
Is your VPS hosted with vultr.com?
-
Not sure if this going to help you.
http://forum.centos-webpanel.com/csf-firewall/csf-custom-regex-fail2ban-regex/