Re: Spammer succeeded in relaying through my server

[Patrick Proniewski]

Hello,

Do you have the logs (postfix and maybe dovecot) showing the spammer 
interaction with the server?

pat

> On 21 Dec 2022, at 05:45, Samer Afach <samer.af...@msn.com> wrote:
> 
> Thank you, Phil. Here we go. Here's postconf -n:
> 
> 
> I hope this helps in better identifying how the spammer was able to use my 
> server to send a spam email.
> 
> 
> ```
> 
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> broken_sasl_auth_clients = yes
> debug_peer_level = 6
> debug_peer_list = 0.0.0.0/0
> disable_vrfy_command = yes
> inet_interfaces = all
> inet_protocols = ipv4
> mailbox_size_limit = 0
> maillog_file = /dev/stdout
> message_size_limit = 0
> milter_default_action = accept
> milter_protocol = 2
> mydestination = hostname.hosting-service.com, localhost.hosting-service.com, 
> localhost
> myhostname = localhost
> mynetworks_style = subnet
> myorigin = localhost
> non_smtpd_milters = inet:docker-email-opendkim:12301
> proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps 
> $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains 
> $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps 
> $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks 
> $smtpd_sender_login_maps
> readme_directory = no
> recipient_delimiter = +
> relay_domains =
> relayhost =
> smtp_tls_cert_file = /shared-keys/example.com/fullchain.pem
> smtp_tls_key_file = /shared-keys/example.com/privkey.pem
> smtp_tls_loglevel = 1
> smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
> smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
> smtpd_client_restrictions = permit_mynetworks
> smtpd_helo_restrictions = reject_invalid_helo_hostname,
> smtpd_milters = inet:docker-email-opendkim:12301
> smtpd_recipient_restrictions = check_sender_access 
> hash:/etc/postfix/sender_access, permit_sasl_authenticated, 
> permit_mynetworks, reject_unauth_destination, reject_invalid_hostname, 
> reject_unknown_recipient_domain, reject_unauth_destination, reject_rbl_client 
> sbl.spamhaus.org, reject_rbl_client b.barracudacentral.org, reject_rbl_client 
> zen.spamhaus.org, reject_rbl_client truncate.gbudb.net, reject_rbl_client 
> bl.spamcop.net, reject_rbl_client cbl.abuseat.org,
> smtpd_relay_restrictions = permit_sasl_authenticated permit_mynetworks 
> reject_unauth_destination
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_authenticated_header = yes
> smtpd_sasl_path = /shared-socks/auth_dovecot
> smtpd_sasl_type = dovecot
> smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql_sender_login_maps.cf
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /shared-keys/example.com/fullchain.pem
> smtpd_tls_ciphers = high
> smtpd_tls_key_file = /shared-keys/example.com/privkey.pem
> smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
> smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
> smtpd_tls_security_level = may
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> smtpd_use_tls = yes
> virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
> virtual_gid_maps = static:5000
> virtual_mailbox_base = /var/vmail/
> virtual_mailbox_domains = 
> proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
> virtual_mailbox_limit = 0
> virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
> virtual_minimum_uid = 104
> virtual_transport = lmtp:inet:docker-email-dovecot:10024
> virtual_uid_maps = static:5000
> 
> ```
> 
> 
> Best regards,
> 
> Sam
> 
> 
> On 21/12/2022 8:35 AM, Phil Stracchino wrote:
>> On 12/20/22 21:39, Samer Afach wrote:
>>> I could share postconf too, but it's huge and I don't want to make this
>>> a huge burden unless necessary.
>> 
>> 'postconf -n' is much more concise.  Try it.
>> 
>>