Control Web Panel

WebPanel => E-Mail => Topic started by: Trovan on May 01, 2016, 06:38:15 PM

Title: Spam @mydomain - Mail Queue
Post by: Trovan on May 01, 2016, 06:38:15 PM

Hello, i am getting a lot of spam in my queue, i think it's a spam, anyone can help me to stop this?

I receveid a mail queue from my domain, where user's domain is faker.

(http://s32.postimg.org/5rzel4z8l/spam.jpg)

I have the all options enabled when i rebuild mail server.

Title: Re: Spam @mydomain - Mail Queue
Post by: Sandeep on May 01, 2016, 09:11:02 PM

you need to configure your postfix configuration to stop this spam ... google will help you

Title: Re: Spam @mydomain - Mail Queue
Post by: Trovan on May 01, 2016, 09:14:04 PM

Hello, what is configuration for this postfix?

I think spf1 is disabled, i am trying to set all correct values.

Can you send me or post a example configuration?

Regards,

Title: Re: Spam @mydomain - Mail Queue
Post by: Jae on May 02, 2016, 02:19:36 AM

first you need to find out, how spammer can use your server to sending spam.. check /var/log/maillog
if spam came from 127.0.0.1 witsh sasl auth, then change that password user.. but there is many possibilities...

Title: Re: Spam @mydomain - Mail Queue
Post by: Trovan on May 02, 2016, 03:52:39 AM

There are my log:

Quote

2 04:49:05 servidor postfix/cleanup[18847]: 7CD66281EF1: message-id=<62fc4c3ef20f31c9f345843755a1a999@mydomain.com>
May  2 04:49:05 servidor postfix/qmgr[12974]: 7CD66281EF1: from=<jan_malone@mydomain.com>, size=7796, nrcpt=1 (queue active)
May  2 04:49:05 servidor postfix/pickup[15597]: 87E6F281EE3: uid=508 from=<diana_vargas@mydomain.com>
May  2 04:49:05 servidor postfix/cleanup[18847]: 87E6F281EE3: message-id=<2d81dae2f00ef39492253a716270bf29@mydomain.com>
May  2 04:49:05 servidor postfix/qmgr[12974]: 87E6F281EE3: from=<diana_vargas@mydomain.com>, size=7741, nrcpt=1 (queue active)
May  2 04:49:05 servidor postfix/pickup[15597]: 92ACE281EEF: uid=508 from=<jan_malone@mydomain.com>
May  2 04:49:05 servidor postfix/cleanup[18847]: 92ACE281EEF: message-id=<d4c1a0e5117aa4486872d01e047470cc@mydomain.com>
May  2 04:49:05 servidor postfix/qmgr[12974]: 92ACE281EEF: from=<jan_malone@mydomain.com>, size=7757, nrcpt=1 (queue active)
May  2 04:49:05 servidor postfix/pickup[15597]: 9DA60281EEB: uid=508 from=<jan_malone@mydomain.com>
May  2 04:49:05 servidor postfix/cleanup[18847]: 9DA60281EEB: message-id=<db2e726a1dc5c6bfafdbf4bc7ba1e059@mydomain.com>
May  2 04:49:05 servidor postfix/qmgr[12974]: 9DA60281EEB: from=<jan_malone@mydomain.com>, size=7684, nrcpt=1 (queue active)

I can't see where is comming, but the spam i have in queue that's it...

Title: Re: Spam @mydomain - Mail Queue
Post by: Jae on May 02, 2016, 06:52:36 AM

Quote from: Trovan on May 02, 2016, 03:52:39 AM

May  2 04:49:05 servidor postfix/pickup[15597]: 87E6F281EE3: uid=508 from=<diana_vargas@mydomain.com>

Never have problem like this before, cant see "postfix/pickup" in my server log
try to find who have uid=508 in /etc/passwd
you can change/block authorized_submit_users inside main.cf

Title: Re: Spam @mydomain - Mail Queue
Post by: Trovan on May 02, 2016, 09:02:11 AM

Quote

agenciae:x:508:508::/home/agenciae:/sbin/nologin

How i can block this?

Title: Re: Spam @mydomain - Mail Queue
Post by: Jae on May 02, 2016, 09:41:48 AM

Add this to master.cf

authorized_submit_users = !agenciae, static:anyone

Title: Re: Spam @mydomain - Mail Queue
Post by: Trovan on May 02, 2016, 10:58:57 PM

After insert this in master.cf, i cant send email's on port 25.

Quote

Temporary MTA failure on relaying, From MTA() during fwd-connect

I send by outlook in other host.

Title: Re: Spam @mydomain - Mail Queue
Post by: Jae on May 04, 2016, 01:57:29 AM

Im sorry, i have no more idea...

Title: Re: Spam @mydomain - Mail Queue
Post by: infinitech07 on May 06, 2016, 07:18:54 AM

Is your VPS hosted with vultr.com?

Title: Re: Spam @mydomain - Mail Queue
Post by: infinitech07 on May 06, 2016, 07:59:27 AM

Not sure if this going to help you.

http://forum.centos-webpanel.com/csf-firewall/csf-custom-regex-fail2ban-regex/