Author Topic: Spam @mydomain - Mail Queue  (Read 17266 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Spam @mydomain - Mail Queue
« on: May 01, 2016, 06:38:15 PM »
Hello, i am getting a lot of spam in my queue, i think it's a spam, anyone can help me to stop this?

I receveid a mail queue from my domain, where user's domain is faker.



I have the all options enabled when i rebuild mail server.


Offline
*****
Re: Spam @mydomain - Mail Queue
« Reply #1 on: May 01, 2016, 09:11:02 PM »
you need to configure your postfix configuration to stop this spam ... google will help you

Offline
*
Re: Spam @mydomain - Mail Queue
« Reply #2 on: May 01, 2016, 09:14:04 PM »
Hello, what is configuration for this postfix?

I think spf1 is disabled, i am trying to set all correct values.

Can you send me or post a example configuration?

Regards,

Offline
***
Re: Spam @mydomain - Mail Queue
« Reply #3 on: May 02, 2016, 02:19:36 AM »
first you need to find out, how spammer can use your server to sending spam.. check /var/log/maillog
if spam came from 127.0.0.1 witsh sasl auth, then change that password user.. but there is many possibilities...

Offline
*
Re: Spam @mydomain - Mail Queue
« Reply #4 on: May 02, 2016, 03:52:39 AM »
There are my log:

Quote
2 04:49:05 servidor postfix/cleanup[18847]: 7CD66281EF1: message-id=<62fc4c3ef20f31c9f345843755a1a999@mydomain.com>
May  2 04:49:05 servidor postfix/qmgr[12974]: 7CD66281EF1: from=<jan_malone@mydomain.com>, size=7796, nrcpt=1 (queue active)
May  2 04:49:05 servidor postfix/pickup[15597]: 87E6F281EE3: uid=508 from=<diana_vargas@mydomain.com>
May  2 04:49:05 servidor postfix/cleanup[18847]: 87E6F281EE3: message-id=<2d81dae2f00ef39492253a716270bf29@mydomain.com>
May  2 04:49:05 servidor postfix/qmgr[12974]: 87E6F281EE3: from=<diana_vargas@mydomain.com>, size=7741, nrcpt=1 (queue active)
May  2 04:49:05 servidor postfix/pickup[15597]: 92ACE281EEF: uid=508 from=<jan_malone@mydomain.com>
May  2 04:49:05 servidor postfix/cleanup[18847]: 92ACE281EEF: message-id=<d4c1a0e5117aa4486872d01e047470cc@mydomain.com>
May  2 04:49:05 servidor postfix/qmgr[12974]: 92ACE281EEF: from=<jan_malone@mydomain.com>, size=7757, nrcpt=1 (queue active)
May  2 04:49:05 servidor postfix/pickup[15597]: 9DA60281EEB: uid=508 from=<jan_malone@mydomain.com>
May  2 04:49:05 servidor postfix/cleanup[18847]: 9DA60281EEB: message-id=<db2e726a1dc5c6bfafdbf4bc7ba1e059@mydomain.com>
May  2 04:49:05 servidor postfix/qmgr[12974]: 9DA60281EEB: from=<jan_malone@mydomain.com>, size=7684, nrcpt=1 (queue active)

I can't see where is comming, but the spam i have in queue that's it...


Offline
***
Re: Spam @mydomain - Mail Queue
« Reply #5 on: May 02, 2016, 06:52:36 AM »
May  2 04:49:05 servidor postfix/pickup[15597]: 87E6F281EE3: uid=508 from=<diana_vargas@mydomain.com>

Never have problem like this before, cant see "postfix/pickup" in my server log
try to find who have uid=508 in /etc/passwd
you can change/block authorized_submit_users inside main.cf


Offline
*
Re: Spam @mydomain - Mail Queue
« Reply #6 on: May 02, 2016, 09:02:11 AM »
Quote
agenciae:x:508:508::/home/agenciae:/sbin/nologin

How i can block this?

Offline
***
Re: Spam @mydomain - Mail Queue
« Reply #7 on: May 02, 2016, 09:41:48 AM »
Add this to master.cf

authorized_submit_users = !agenciae, static:anyone

Offline
*
Re: Spam @mydomain - Mail Queue
« Reply #8 on: May 02, 2016, 10:58:57 PM »
After insert this in master.cf, i cant send email's on port 25.

Quote
Temporary MTA failure on relaying, From MTA() during fwd-connect

I send by outlook in other host.

Offline
***
Re: Spam @mydomain - Mail Queue
« Reply #9 on: May 04, 2016, 01:57:29 AM »
Im sorry, i have no more idea...

Offline
*
Re: Spam @mydomain - Mail Queue
« Reply #10 on: May 06, 2016, 07:18:54 AM »
Is your VPS hosted with vultr.com?

Offline
*
Re: Spam @mydomain - Mail Queue
« Reply #11 on: May 06, 2016, 07:59:27 AM »