Messages

1

E-Mail / Re: Postfix, SpamAssassin, or something else

« on: July 01, 2025, 06:46:20 AM »

I'll post some other example from yesterday, i don't understand why is not rejected.

Received: from SERVERHOSTNAME
    by SERVERHOSTNAME with LMTP
    id eC6yH1GmYmiA1TEAl/FcBg
    (envelope-from <ukqewbp@wolkingers.mielec.pl>)
    for <EMAIL@MYDOMAIN>; Mon, 30 Jun 2025 17:59:29 +0300
Received: SERVERHOSTNAME (Postfix, from userid 65534)
    id 80186400009F; Mon, 30 Jun 2025 17:59:29 +0300 (EEST)
Received: from 561.028.xn--p1acf (561.028.xn--p1acf [178.162.131.126])
    (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
    key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
    (No client certificate requested)
    by SERVERHOSTNAME (Postfix) with ESMTPS id 5F5F04006D1F
    for <EMAIL@MYDOMAIN>; Mon, 30 Jun 2025 17:58:21 +0300 (EEST)
From: Akusoli Insoles <ukqewbp@wolkingers.mielec.pl>
To: <adrian.serbanica@cez.ro>

i have another server with centos webpanel but on CentOS7 not Alma Linux, and i don't get this emails there there are filtered correctly.

I monitored spam assassin and he filter and reject, but not all the messages.

I think is smt diff. on spam assassin, i look on "Status" on first for spamassassin service and the result is diff (between AlmaLinux & CentOS 7)

2

E-Mail / Re: Postfix, SpamAssassin, or something else

« on: June 24, 2025, 04:07:45 PM »

ok, i just check now some mailbox and i still get this type of emails ...

Return-Path: <yvcaztn@firengerme.de>
Delivered-To: EMAIL@MYDOMAIN
Received: from SERVERHOSTNAME
    by SERVERHOSTNAME with LMTP
    id P95LExbJWmhsTB0Al/FcBg
    (envelope-from <yvcaztn@firengerme.de>)
    for <EMAIL@MYDOMAIN>; Tue, 24 Jun 2025 18:49:42 +0300
Received: by SERVERHOSTNAME (Postfix, from userid 65534)
    id 48272400009F; Tue, 24 Jun 2025 18:49:42 +0300 (EEST)
Received: from xn--80aua.xn--80ag7c.xn--p1acf (xn--80aua.xn--80ag7c.xn--p1acf [37.48.78.112])
    (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
    key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
    (No client certificate requested)
    by SERVERHOSTNAME (Postfix) with ESMTPS id 2754A400009B
    for <EMAIL@MYDOMAIN>; Tue, 24 Jun 2025 18:48:42 +0300 (EEST)
Message-ID: <751441785208504837733045162177506451115316284233@firengerme.de>
From: "KetoProbiotix" <yvcaztn@firengerme.de>
To: <proiecte@centrade.ro>
Subject: =?utf-8?B?U2NhcMSDIGRlIGdyxINzaW1lYSBkZSBwZSBhYmRvbWVuIMiZaSDImW9sZHVyaSBmxINyxIMgaW50ZXJ2ZW7Im2llIGNoaXJ1cmdpY2FsxIMgw65uIDIxIGRlIHppbGUh?=
Date: Tue, 24 Jun 2025 17:51:04 +0300




Return-Path: <ofnulzn@wolkingers.mielec.pl>
Delivered-To: EMAIL@MYDOMAIN
Received: from SERVERHOSTNAME
    by SERVERHOSTNAME with LMTP
    id lI76DQ7IWmi+Sh0Al/FcBg
    (envelope-from <ofnulzn@wolkingers.mielec.pl>)
    for <EMAIL@MYDOMAIN>; Tue, 24 Jun 2025 18:45:18 +0300
Received: by SERVERHOSTNAME (Postfix, from userid 65534)
    id 3340C400009F; Tue, 24 Jun 2025 18:45:18 +0300 (EEST)
Received: from 561.028.xn--p1acf (561.028.xn--p1acf [178.162.131.126])
    (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
    key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
    (No client certificate requested)
    by SERVERHOSTNAME (Postfix) with ESMTPS id 3CEED400009B
    for <EMAIL@MYDOMAIN>; Tue, 24 Jun 2025 18:45:05 +0300 (EEST)
Message-ID: <14722032L62414078X20446240M74502862O@idofnulzn>
From: "Best Pillow" <ofnulzn@wolkingers.mielec.pl>
To: <comenzi@centromodaitalia.ro>
Subject: =?utf-8?B?UGVybmEgRGVyaWxhICMxIMOubiBSb23Dom5pYQ==?=
Date: Tue, 24 Jun 2025 17:54:34 +0300


Return-Path: <oqvuqzq@ivelonse.my>
Delivered-To: EMAIL@MYDOMAIN
Received: from SERVERHOSTNAME
    by SERVERHOSTNAME with LMTP
    id BvOUJyfFWmiFRR0Al/FcBg
    (envelope-from <oqvuqzq@ivelonse.my>)
    for <EMAIL@MYDOMAIN>; Tue, 24 Jun 2025 18:32:55 +0300
Received: by SERVERHOSTNAME (Postfix, from userid 65534)
    id 9B5DF400009F; Tue, 24 Jun 2025 18:32:55 +0300 (EEST)
Received: from s7.xn--80aicbs3aneck.xn--j1aef.xn--p1acf (s7.xn--80aicbs3aneck.xn--j1aef.xn--p1acf [83.149.99.122])
    (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
    key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
    (No client certificate requested)
    by SERVERHOSTNAME (Postfix) with ESMTPS id 3C969400009B
    for <EMAIL@MYDOMAIN>; Tue, 24 Jun 2025 18:31:57 +0300 (EEST)
Message-ID: <052438376325105471635151361047512226616053884874@ivelonse.my>
From: "Alkotox" <oqvuqzq@ivelonse.my>
To: <international@ceccaro.ro>
Subject: =?utf-8?B?QWxrb3RveCAtIHNwdW5lIMKrbnXCuyBkZXBlbmRlbsibZWkgZGUgYWxjb29sIQ==?=
Date: Tue, 24 Jun 2025 17:49:09 +0300

3

E-Mail / Re: Postfix, SpamAssassin, or something else

« on: June 24, 2025, 12:12:06 PM »

Do you need to support mail from Serbia? Do you need to support Romanian e-mail traffic? Madagascar? You can block any/all of these at the CSF level, or by an RBL within Postfix's config:

Code: [Select]

reject_rbl_client rs.country.spameatingmonkey.net,
reject_rbl_client mg.country.spameatingmonkey.net,You can also block full TLDs if you so choose (/ etc /postfix/reject_domains):

Code: [Select]

# Rejecting whole TLDs
/\.pro$/        REJECT
/\.cam$/        REJECT
/\.top$/        REJECT
/\.work$/ REJECT
/\.click$/ REJECT
/\.link$/ REJECT
/\.diet$/ REJECT
/\.party$/ REJECT
/\.zip$/        REJECT
/\.date$/ REJECT
/\.club$/ REJECT
/\.rest$/ REJECT
/\.casa$/ REJECT
/\.bar$/        REJECT
/\.sbs$/        REJECT
/\.xyz$/        REJECT
/\.bio$/        REJECT
/\.best$/ REJECT

thanks for the idea, i already made the change in postfix, i will see tomorrow, hope tomorrow i will not see this type of emails. I'll be back tomorrow with some details 

4

E-Mail / Postfix, SpamAssassin, or something else

« on: June 24, 2025, 10:29:17 AM »

Hi.

Centos Web Panel is installed on AlmaLinux release 8.10, everything is on green and running (apache, nginx, mysql etc) even the email server is working properly (sending, receiving emails).

I got a strange problem with the email server, in some mailbox i'm receiving some email (spam email), and the destination of that spam email is not even an email address from my server.
I config postfix to reject emails but i don't understand why i still get this emails

I'll post the a header with that email, and i replace the actual email with EMAIL@MYDOMAIN and the server hostname with SERVERHOSTNAME

Return-Path: <yrjalmr@topuk.in.rs>
Delivered-To: EMAIL@MYDOMAIN
Received: from SERVERHOSTNAME
    by SERVERHOSTNAME with LMTP
    id s9yHLwDCWWgD3xkAl/FcBg
    (envelope-from <yrjalmr@topuk.in.rs>)
    for <EMAIL@MYDOMAIN>; Tue, 24 Jun 2025 00:07:12 +0300
Received: SERVERHOSTNAME (Postfix, from userid 65534)
    id BB672400009E; Tue, 24 Jun 2025 00:07:12 +0300 (EEST)
Received: from mail.twoking.or.mg (mail.toceda.pro [86.104.194.44])
    by SERVERHOSTNAME(Postfix) with ESMTP id 98D0F4011421
    for <EMAIL@MYDOMAIN>; Tue, 24 Jun 2025 00:07:04 +0300 (EEST)
Received: from mail.twoking.or.mg (t81.tugara.bond [62.76.188.81])
    by mail.twoking.or.mg (Postfix) with ESMTPA id 2F2C17D5F;
    Mon, 23 Jun 2025 18:34:54 +0300 (EEST)
Message-ID: <245740155528033167732388743203865821521082333551@topuk.in.rs>
From: Keto Diet <yrjalmr@topuk.in.rs>
To: <birou@centrulminerva.ro>

i'll post my postfix config file

smtpd_client_restrictions = reject_unknown_client
smtpd_helo_restrictions =
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_whitelist, check_sender_access hash:/etc/postfix/sender_blacklist
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_unauth_destination, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org,reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net

Any idea why the postfix is not rejecting this emails, or what should i do so this type of e-mails won't get in my mailbox ?

5

Postfix / Re: connection refused to a domain on another virtual machine

« on: October 25, 2024, 05:18:03 PM »

Alright so i try the rebuild of the server.
On rebuild of the server /etc/postfix/transport will reset so is need it to add again so everyone will try this solution, must remember this, on every rebuild transport file will reset and need to be completed with the domains and the command

Code: [Select]

postmap /etc/postfix/transport must be run again

6

Postfix / Re: connection refused to a domain on another virtual machine

« on: October 25, 2024, 02:05:53 PM »

I did not check this, but it's a good point, i should check soon. Also idk maybe it's a good idea for cwp since there is an option there for email exchange i think is the same, to add this option, to relay emails. I'll be back with the situation after rebuild postfix

7

Postfix / Re: connection refused to a domain on another virtual machine

« on: October 25, 2024, 12:55:10 PM »

Hi again.
I found out the solution for this issue.
So basically since they are in a private network (those two VM, have local ip) there is a conflict on port 25 when they try to send internally between server.

The solution:


Edit

Code: [Select]

/etc/hosts and add the local IP and the domains from the other machine (the MX record for each)

Edit

Code: [Select]

/etc/postfix/transport and there add info from others domain like

• DOMAIN.com              smtp:192.168.0.XX:25
• .DOMAIN.com              smtp:192.168.0.XX:25

Run the command

Code: [Select]

postmap /etc/postfix/transport from terminal
 

What this solution will do is not seding the email via internet and relay the emails to the machine where is hosted, like an internal email. The details in transport file will filter emails based on domain. This way i was able to send emails both internal and to other domain outside the network.

8

Postfix / Re: connection refused to a domain on another virtual machine

« on: October 21, 2024, 05:35:01 PM »

thank u very much for your help

No problem. I wish you to find root of the problem and solve it to get maximum from your infrastructure and CWP panel.

I will post here the solution i found, so if anybody get into the same issue maybe they can find the solution.

9

Postfix / Re: connection refused to a domain on another virtual machine

« on: October 21, 2024, 11:52:00 AM »

If you disabled CSF/Firewall, dig, nslookup show correct answers but you can't connect to the port 25 of another VM then there is some networking problem. It could be your router or some other device used to manage traffic. I am afraid the CWP community is unable to help you with it because it requires deeper understanding of your infrastructure and network configuration.

I will check my router NAT config then.
thank u very much for your help

10

Postfix / Re: connection refused to a domain on another virtual machine

« on: October 21, 2024, 09:59:46 AM »

1. Did you disable CSF/Firewall on both VMs ? Does it try to access the VM2 from VM1 using public or private IP ?

2. What did the test 2 show exactly when it failed ?

3. does "nslookup MX.DOMAIN.COM"  (replace MX.DOMAIN.COM with the actual MX record of the domain hosted on VM2) executed on VM1 shows the same result as "dig" ?

For 1:

• Yes i did disabled firewall on both VM
• he try to access VM2 using public ip

For 2:

• Connection refused print-screen down

For 3:

• Post the picture below with all comands (nslookup, dig, telnet)

11

Postfix / Re: connection refused to a domain on another virtual machine

« on: October 20, 2024, 07:34:32 PM »

Disable CSF/IPtables and run tests 2,3 again. If the tests are passed with the disabled CSF/iptables then check your CSF/iptables  rules.

Test 2 failed buit test 3 work, i got the traceroute for test 3

12

Postfix / Re: connection refused to a domain on another virtual machine

« on: October 20, 2024, 03:36:15 PM »

Remove any extra lines from /etc/hosts added by you:

1. On VM1 can you resolve the MX records of the domain hosted on VM2 ?
2. Can you connect to the port 25 from VM1 to the host/IP resolved in p1 ?
3. Does the traceroute command executed on VM1 to the host/ip resolved in p1 look good (VM2 is accessible) ?

i remove all the line from

Code: [Select]

/etc/hosts
 For 1.

• dig command work & get the correct response (on the main domain)
• dig command & ping on mx record is ok i get the response

For 2.

• the connection is refused when i try to telnet from vm1 to vm2

For 3.

• traceroute is not permited

13

Postfix / Re: connection refused to a domain on another virtual machine

« on: October 20, 2024, 01:31:27 PM »

Maybe i did not express myself correctly.

Everything outside is working, outgoing mails, income mails, rDNS, PTR, DKIM, NS, etc.

With all the tools used to test the conf. (starting from mxtoolbox, mail-tester.com to diff. dns checkers, etc) got a green response and
 everything is ok, i can send and receive (emails) from others domains outside VMs network.

If i try to telnet, curl, ping, dig. whatever from others servers, everything is working and got a correct response.

My problem is between my VMs inside the same network.

I don't how to check, cuz' with all the commands i know everything is ok (i used them from outside my network, diff servers, ip etc.).

I don't know how DNS MX record should look so everything is ok between my 2 WM.

14

Postfix / Re: connection refused to a domain on another virtual machine

« on: October 20, 2024, 09:34:32 AM »

Hey again.
So i start to check my

Code: [Select]

/etc/hosts and with small modification i add the mx record to my host file, when i try to telnet on port 25 i got the response    

But when i try to send an email i still get refused by postfix.
Is there an option to config on postfix to check for internal servers or smt like that, i'm asking this since the both VM are in the same local network.

15

Postfix / Re: connection refused to a domain on another virtual machine

« on: October 15, 2024, 06:00:55 PM »

Looks like you need to check your configuration in your NAT on your router to your internal IPs.

Again, ports can only be forwarded to 1 internal IP, not multiple.
And even then things get tricky, because unless you can set your rDNS correctly, SSL, etc. won't work like they should.

all the other options are working correctly, webservsers, ssl, etc even emails to gmail, yahoo, or other domain.

I'm wonder if on postfix there is some options, idk to set other local ip to check, since when i try to curl from 1 vm to another i had to add those details in /etc/hosts ... or maybe i should add on /etc/hosts the public ip and the domain...

i ask a person that know some rules, and he said to me to check the IP that he send the emails (is internal or public)...

i'll keep search for a solution, but if u any of u got any idea what to do, or what to test i'm here for it