On 11/25/2013 3:39 AM, Rod Evans wrote: > Hi > > I've taken over a postfix mailserver which has the main.cf shown below > > The server is sheltered behind a reasonably good commercial antispam > service so the config is light on many of the usual things discussed > on this list. The protection afforded by the antispam service seems > to have been good enough over the last few years, but in the last > few days the server has been compromised. Spam is being sent in > volumes in the name of one user. Deleting the user from the service > had no effect. > > The log shows mail being sent consistently from one address > > from= < u...@domain.com <mailto:u...@domain.com> > > > and I have tried to stop this with an extra line in main.cf > > smtpd_sender_restrictions=check_sender_access > hash:/etc/postfix/sender_access > > with u...@domain.com <mailto:u...@domain.com> REJECT in the > sender_access file > > This rejects mail when I try to send it as u...@domain.com > <mailto:u...@domain.com> but spam from u...@domain.com > <mailto:u...@domain.com> is still being sent with corresponding > entries in the log. > > Can anyone advise: > > - what I can do to stop mail from u...@domain.com > <mailto:u...@domain.com> being sent? > > - and what I should do generally to tighten up the config?
That sounds like an abused web form, submitting mail through the sendmail(1) command. As a temporary measure, you can add the web user to main.cf authorized_submit_users http://www.postfix.org/postconf.5.html#authorized_submit_users # main.cf authorized_submit_users = !www, static:all where www is the abused user name. Then, you must fix your web server. If you need more help with postfix, please read: http://www.postfix.org/DEBUG_README.html#mail -- Noel Jones > > main.cf: > ----------- > > queue_directory = /var/spool/postfix > > command_directory = /usr/sbin > > daemon_directory = /usr/libexec/postfix > > mail_owner = postfix > > mydestination = $myhostname, localhost.$mydomain > unknown_local_recipient_reject_code = 450 > > mynetworks_style = host > > > debug_peer_level = 2 > > debugger_command = > PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin > ddd $daemon_directory/$process_name $process_id & sleep 5 > > sendmail_path = /usr/sbin/sendmail.postfix > > newaliases_path = /usr/bin/newaliases.postfix > > mailq_path = /usr/bin/mailq.postfix > > setgid_group = postdrop > > manpage_directory = /usr/share/man > > sample_directory = /usr/share/doc/postfix-2.3.3/samples > > readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES > alias_database = hash:/etc/postfix/aliases > > virtual_maps = hash:/etc/postfix/virtual > transport_maps = hash:/etc/postfix/transport > virtual_mailbox_domains = $transport_maps > local_destination_concurrency_limit=1 > maildrop_destination_concurrency_limit=1 > maildrop_destination_recipient_limit=1 > relay_domains=$mydestination > > mynetworks = 127.0.0.1 > > smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination > smtpd_sasl_auth_enable=yes > smtpd_sasl_security_options=noanonymous > > Thanks > > RE
