Stopping spammers extreme
in [Postfix]
|
From: Ansgar Wiechers on 4 May 2010 03:17 On 2010-05-04 Terry Gilsenan wrote: > Then change mynetwokrs to be 127.0.0.1 and use a firewall to block > incoming tcp on 25 and 587 it really is that simple. Dont allow > services to listen to anything you dont want them to act on. If you don't want services to listen on interfaces they're not supposed to listen on: configure the services to not listen on those interfaces. Do NOT let the services listen on all interfaces and then block access with a packet filter. inet_interfaces = loopback-only Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
From: Ansgar Wiechers on 4 May 2010 03:20 On 2010-05-04 Appliantologist wrote: > I had a situation where some of my users had compromised machines and > someone is brazil and indiawere able to authorize themselves to use > sendmail using the login then send scenario. Recently we changed > hosting and set up postfix. In addition we decided to eliminate any > access to our system buy email users, instead we asked them all to go > open gmail accounts and put the corresponding address in the virtual > file. > > Now it seems the spammers are back with a vengance and still able to > send spam. I set up the rules suggested but it seems they are simply > using email that exist. I was hoping someone could point me to a > solution. > > > I would like to set up postfix so that: > > It only accepts mail generated by the scripts on the server > and > It only accepts mail to a predefined list of email address > > I tried to make a CIDR file with most of the 3rd world in it, some > 30,000 ips but for some reason it doesn't seem to have the effect I > was hoping for. > Any ideas would be helpful, thanks.David Please post a log excerpt of one full (spam) mail transaction from submission to delivery to demonstrate the issue. Also post the output of "postconf -n". Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
From: Appliantologist on 4 May 2010 05:29 Hi guys, I still need to accept mail for the email addresses we host on our machine from the net, so blocking port 25 or mynetworks as local host would seem to prevent that. we still have users on the domain that get mail to the address, except now we forward that mail to gmail using the virtual table here is the result of postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 default_privs = apache disable_vrfy_command = yes html_directory = no in_flow_delay = 1s inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost mydomain = wans-eu.com myhostname = wans-eu.com newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_helo_restrictions = reject_invalid_hostname strict_rfc821_envelopes = yes unknown_local_recipient_reject_code = 550 virtual_alias_domains = multiterminal.ua virtual_alias_maps = hash:/etc/postfix/virtual On Tue, May 4, 2010 at 2:14 AM, Terry Gilsenan <terry.gilsenan(a)interoil.com> wrote: > From: owner-postfix-users(a)postfix.org [owner-postfix-users(a)postfix.org] On Behalf Of Appliantologist [octobit(a)gmail.com] > Sent: Tuesday, 4 May 2010 9:11 AM > To: Gary Smith > Cc: The Doctor; postfix-users(a)postfix.org > Subject: Re: Stopping spammers extreme > > Hi, > > We don't have any legitimate users sending mail aside from scripts on > the server (linux), only mail from localhost, anyone with an email > address is listed in the virtual file and has their email forwarded to > a gmail and uses gmail's MTA to send mail. > > Since we have all the email addresses we accept mail for in a file > (/etc/postfix/virtual) I was hoping there was some way to check a) is > the mail from the localhost OR is the mail for an address in some > file. My understanding is you can make a list of email addresses > that you will deliver to like a whitelist, but we also send mail from > scripts to outside addresses of which we don't alway know beforehand. > > I don't think I am running an open relay, I've tested it on a couple > of sites came back clean. I come from 20 years of sendmail, which has > a completely different system and we were using pop authorization, > until people had their password compromised and spammers took over. > > I am sure some of this is trojans so the amavisd seems like a solid > tool to have anyway. > > Thanks guys, > David > > Do this..: > > Then change mynetwokrs to be 127.0.0.1 and use a firewall to block incoming tcp on 25 and 587 it really is that simple. Dont allow services to listen to anything you dont want them to act on. > > > > > On Tue, May 4, 2010 at 1:49 AM, Gary Smith <gary.smith(a)holdstead.com> wrote: >>> > I tried to make a CIDR file with most of the 3rd world in it, some >>> > 30,000 ips but for some reason it doesn't seem to have the effect I >>> > was hoping for. >>> > Any ideas would be helpful, thanks.David >>> >>> Add amavisd to your postfix. >> >> If they are relaying messages through their server, how is amavisd going to help? Some additional configuration details might be useful. Are the users authenticated? If so, which user is sending the email? It actually sounds like an open relay issue. But I'm just guessing here. >> >
From: Charles Marcus on 4 May 2010 06:16 Please stop top-posting... On 2010-05-04 5:29 AM, Appliantologist wrote: > Hi guys, > > I still need to accept mail for the email addresses we host on our > machine from the net, so blocking port 25 or mynetworks as local host > would seem to prevent that. we still have users on the domain that > get mail to the address, except now we forward that mail to gmail > using the virtual table > > here is the result of postconf -n You forgot the logging of a sample spam... -- Best regards, Charles
From: Gary Smith on 4 May 2010 10:00 > Hi guys, > > I still need to accept mail for the email addresses we host on our > machine from the net, so blocking port 25 or mynetworks as local host > would seem to prevent that. we still have users on the domain that > get mail to the address, except now we forward that mail to gmail > using the virtual table Accepting email for your domain and setting mynetworks to local host still work. When my networks is set to remote addresses, you are given those remote addresses permission to relay through you. That's bad. The short course is that you need to setup postfix to accept email for your domain, then set my networks to be your local network (or loopback). When you do that, external email will still be allowed to flow to your server, and your server will accept that email, as it knows it is the endpoint. Once this is done any email coming across the internet to your box will be rejected if it's not the proper destination. Though you say your not an open relay, it still sounds like you are.
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: MIA: mstone author / maintainer Next: timeout problem on inbound and outbound SMTP |