Control Web Panel

WebPanel => E-Mail => Topic started by: Tcap on February 20, 2020, 11:47:56 AM

Title: What is your idea (Postfix Update)
Post by: Tcap on February 20, 2020, 11:47:56 AM
They have been trying to spam with different addresses from my server for 3 days.
Also, if I don't use a spam gateway, my ip addresses would be blacklisted.
Spam email cannot be escaped via spam gateway BUT...
How is spam trying to send spam with a different email address from my server? where is it open i couldn't find it..
anyways....

this came to my mind... this update. Was this spam problem due to postfix...
have you had problems like me? What do you think about this subject..
Title: Re: What is your idea (Postfix Update)
Post by: studio4host on February 20, 2020, 11:56:36 AM
you need to read mail server logs, any system admin can detect spam source.
Also, there are several instructions about spam detecting on the cwp wiki.
Title: Re: What is your idea (Postfix Update)
Post by: Tcap on February 20, 2020, 12:11:44 PM
you need to read mail server logs, any system admin can detect spam source.
Also, there are several instructions about spam detecting on the cwp wiki.

Code: [Select]
Feb 19 19:18:52 svr9 postfix/cleanup[10308]: 3F948122EA5: message-id=<888762249cd5500cec3191b83ace7aed@elektrokalori.com.tr>
Feb 19 19:18:53 svr9 postfix/qmgr[28101]: 3F948122EA5: from=, size=1421181, nrcpt=15 (queue active)
Feb 19 19:18:53 svr9 postfix/pickup[3665]: 347E9124223: uid=99 from=

of course i looked
this domain is not on my server
how should I interpret. no more marks...

Title: Re: What is your idea (Postfix Update)
Post by: studio4host on February 20, 2020, 12:46:02 PM
this is not a complete log for the email, you should check all lines related to the email causing an issue
Title: Re: What is your idea (Postfix Update)
Post by: Tcap on February 20, 2020, 01:15:17 PM
this is not a complete log for the email, you should check all lines related to the email causing an issue

sorry but there are no other details


I use this  module=viewerlogs
and module=csfofficial  (search system logs )

or any other technique..

Title: Re: What is your idea (Postfix Update)
Post by: Tcap on February 20, 2020, 02:16:07 PM
b 19 19:18:52 svr9 postfix/smtpd[9877]: 3F948122EA5: client=localhost[127.0.0.1], sasl_method=LOGIN, sasl_username=exempel@agxxxxxxlo.com (my customer)
Feb 19 19:18:52 svr9 postfix/cleanup[10308]: 3F948122EA5: message-id=<888762249cd5500cec3191b83ace7aed@elektrokalori.com.tr> (spammer)

my customer is hacked
logged in from client's account
did i interpret correctly?