Re: Spam Attack on my outgoing server

Mon, 11 Jan 2010 12:06:34 -0800 

On 1/11/2010 1:44 PM, Damian Rivas wrote:



Damian,

Please ignore the above bad advice.  An OK in
smtpd_sender_restrictions can not possibly make you an open
relay.  Likely it didn't work as expected because the mail
isn's submitted via SMTP.



Before you waste time on any other bad advice you may get,
examine your logs to see where the mail comes from.  Once you
know the problem, a solution is much easier.



Post logs here if you don't know how to evaluate them.



My wild guess is that you have an abused web form, but check
the logs before you go running around telling everyone your
web server is hacked.


   -- Noel Jones



Thanks to everyone for your quick answers.

Noel, it's not my web server the problem, or I guess it isn't, it's my
outgoing mail server that has the problem and it is because I'm not
finding a way to properly check my valid senders.

In an inconming mail relay built on Postfix you can build a list of
valid recipients and reject the invalid ones. Isn't there a similar
option to validate senders? And, is there a way validate if that sender
has come out from my network? I was thinking in those two things to stop
this.

Anyway, I'm posting some logs from the mailqueue:




You need to show where the mail ENTERS postfix.  These will be 
logged as "postfix/smtpd" for SMTP mail, or "postfix/pickup" 
for command-line mail.



To limit valid SMTP senders, you can use check_sender_access. 
 Your "postconf -n" output looked a little odd, maybe your 
syntax is wrong or maybe the mail didn't arrive via SMTP.



The logs will show where the mail arrived from.  Kill the spam 
at the source as shown in the logs.  Forcing your local domain 
as sender will just encourage the spammer to use your own 
domain, further damaging your reputation.



smtpd_sender_restrictions = permit_mynetworks,        check_sender_access = 
hash                                             :/etc/postfix/sender_map,      
         reject_non_fqdn_sender, reject_unknown_s                               
              ender_domain,   permit



Assuming this is an outbout-only relay, and valid senders are 
listed in sender_map, your smtpd_sender_restrictions should 
look like:

smtpd_sender_restrictions =
  check_sender_access hash:/etc/postfix/sender_map,
  reject


  -- Noel Jones






















					Reply via email to