Hello, Do you have the logs (postfix and maybe dovecot) showing the spammer interaction with the server?
pat > On 21 Dec 2022, at 05:45, Samer Afach <samer.af...@msn.com> wrote: > > Thank you, Phil. Here we go. Here's postconf -n: > > > I hope this helps in better identifying how the spammer was able to use my > server to send a spam email. > > > ``` > > alias_database = hash:/etc/aliases > alias_maps = hash:/etc/aliases > append_dot_mydomain = no > biff = no > broken_sasl_auth_clients = yes > debug_peer_level = 6 > debug_peer_list = 0.0.0.0/0 > disable_vrfy_command = yes > inet_interfaces = all > inet_protocols = ipv4 > mailbox_size_limit = 0 > maillog_file = /dev/stdout > message_size_limit = 0 > milter_default_action = accept > milter_protocol = 2 > mydestination = hostname.hosting-service.com, localhost.hosting-service.com, > localhost > myhostname = localhost > mynetworks_style = subnet > myorigin = localhost > non_smtpd_milters = inet:docker-email-opendkim:12301 > proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps > $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains > $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps > $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks > $smtpd_sender_login_maps > readme_directory = no > recipient_delimiter = + > relay_domains = > relayhost = > smtp_tls_cert_file = /shared-keys/example.com/fullchain.pem > smtp_tls_key_file = /shared-keys/example.com/privkey.pem > smtp_tls_loglevel = 1 > smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1 > smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1 > smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache > smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) > smtpd_client_restrictions = permit_mynetworks > smtpd_helo_restrictions = reject_invalid_helo_hostname, > smtpd_milters = inet:docker-email-opendkim:12301 > smtpd_recipient_restrictions = check_sender_access > hash:/etc/postfix/sender_access, permit_sasl_authenticated, > permit_mynetworks, reject_unauth_destination, reject_invalid_hostname, > reject_unknown_recipient_domain, reject_unauth_destination, reject_rbl_client > sbl.spamhaus.org, reject_rbl_client b.barracudacentral.org, reject_rbl_client > zen.spamhaus.org, reject_rbl_client truncate.gbudb.net, reject_rbl_client > bl.spamcop.net, reject_rbl_client cbl.abuseat.org, > smtpd_relay_restrictions = permit_sasl_authenticated permit_mynetworks > reject_unauth_destination > smtpd_sasl_auth_enable = yes > smtpd_sasl_authenticated_header = yes > smtpd_sasl_path = /shared-socks/auth_dovecot > smtpd_sasl_type = dovecot > smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql_sender_login_maps.cf > smtpd_tls_auth_only = yes > smtpd_tls_cert_file = /shared-keys/example.com/fullchain.pem > smtpd_tls_ciphers = high > smtpd_tls_key_file = /shared-keys/example.com/privkey.pem > smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1 > smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1 > smtpd_tls_security_level = may > smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache > smtpd_use_tls = yes > virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf > virtual_gid_maps = static:5000 > virtual_mailbox_base = /var/vmail/ > virtual_mailbox_domains = > proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf > virtual_mailbox_limit = 0 > virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf > virtual_minimum_uid = 104 > virtual_transport = lmtp:inet:docker-email-dovecot:10024 > virtual_uid_maps = static:5000 > > ``` > > > Best regards, > > Sam > > > On 21/12/2022 8:35 AM, Phil Stracchino wrote: >> On 12/20/22 21:39, Samer Afach wrote: >>> I could share postconf too, but it's huge and I don't want to make this >>> a huge burden unless necessary. >> >> 'postconf -n' is much more concise. Try it. >> >>