Hello, I have a big problem, someone is using my mailserver for sending spam. I see it in de logs. I can block the IP but then they use other IP's.
So far I know my server is up-to-date and correct configured. And when I do some open relay tests, everything is OK. Like this ones: http://www.mailradar.com/openrelay/ http://mxtoolbox.com/diagnostic.aspx The name of my mailserver is mail.vandervlis.nl, so far I see the spammers are using port 587. Please feel free to do tests. What I see in the logs and in the headers of the spam is that they are using authentication. But the username is not correct. On my server I use usernames like "john", and this username lookslike an e-mail address, so with an "@" in it. The part before the @ is a correct username on my server, but when I change the password it does not help. All spam is recognizeble by this authenticated username. In the headers I see this as the first "received" (I've changed the authenticated sender for privacy): ---- Received: from [127.0.0.1] (87-92-55-206.bb.dnainternet.fi [87.92.55.206]) (Authenticated sender: p...@puk.nl) by mail.vandervlis.nl (Postfix) with ESMTPSA id 774B23E0285; Fri, 21 Oct 2016 18:57:14 +0200 (CEST) ---- As would my server sent it to my server... Does somebody have a clou here? With regards, Paul van der Vlis. Some settings and logs: smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, check_sender_access hash:/etc/postfix/whitelist, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, check_policy_service unix:private/shadelist, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client ix.dnsbl.manitu.net, permit smtpd_tls_cert_file = /etc/postfix/tls/*.vandervlis.nl.pem smtpd_use_tls = yes smtpd_sasl_auth_enable = yes smtpd_sasl_exceptions_networks = $mynetworks smtpd_tls_loglevel = 1 smtpd_tls_auth_only = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes Oct 21 16:54:31 sigmund postfix/smtpd[2158]: D34743E027B: client=unknown[94.26.41.188], sasl_method=PLAIN, sasl_username=p...@puk.nl -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/
