LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 02-05-2015, 10:34 AM   #1
dereut
LQ Newbie
 
Registered: Apr 2005
Posts: 23

Rep: Reputation: 0
email server queue always full


hello all,

I have a server with Debain 7 on it and a email server using courier-imap, postfix and mysql for virtual domain/users
there is also some other relevant pieces of software like clamv ...

I have set this up following https://www.howtoforge.com/virtual-u...-debian-wheezy

in principle, this means that noody can send email if not using username/password for SMTP

however, I found every 2 days my postfix queue full on unsend emails (more than 8000) all failed because for some raison I cannot send to external addresses

what bugs me, is that they all try to send using fakename@mydomain.com (mydomain.com to replace with my real domain name)

it means that if my sending system was not broken, those parasites would have spam the world (8000 of them) with emails using my system

this means that my system is not secure, my stupid smtp is still trying to send or relay emails from users that are not in the Database

anyone would know how to stop smtp doing that ? or a good serious howto to set a secure email serveur ?

I know that it is a very vast question, due to different server and different settings, but what I hope is to find someone with enough knowledge to point at the right path

thanks a lot in advance

reup
 
Old 02-06-2015, 03:54 AM   #2
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,342

Rep: Reputation: 2746Reputation: 2746Reputation: 2746Reputation: 2746Reputation: 2746Reputation: 2746Reputation: 2746Reputation: 2746Reputation: 2746Reputation: 2746Reputation: 2746
Use the Report button to ask the Mods to move this to the security forum and in any case read the Sticky posts there.
HTH
 
Old 02-06-2015, 04:07 AM   #3
dereut
LQ Newbie
 
Registered: Apr 2005
Posts: 23

Original Poster
Rep: Reputation: 0
done, thank you Chrism01
 
Old 02-06-2015, 07:53 AM   #4
Rawcous
Member
 
Registered: Jan 2014
Location: Farnborough, Hampshire - UK
Distribution: SCO UNIX -> Fedora (Core) -> CentOS -> RedHat
Posts: 128

Rep: Reputation: 48
Hello Dereut,

I'm not exactly an expert but there are a couple of standard checks that I would perform.

1. Check the contents of the /var/log/maillog file.
2. Check the contents of the /var/log/secure file.

The above 2 may provide an idea as to how your system was compromised - for example has your server been compromised and thus the script is being executed internally from your server i.e. using an ssh account etc?

3. You may need to reconfigure your /etc/mail/access database so that relaying mail through your server from an external network is not permitted - I believe postfix uses the access file in the same manner thus see this link: http://www.sendmail.co.uk/sm/open_so...anti_spam.html

4. Use an external mail server integrity / security checker such as the one I have seen recommended previously on this forum. I personally use it to test the security of my mail server. It will indicate whether or not any attacker is able to relay mail from an external source: http://www.emailsecuritygrader.com/ and other potential holes in your mail server setup.

Hope the above helps.

Regards,

Rawcous!
 
Old 02-06-2015, 10:18 AM   #5
dereut
LQ Newbie
 
Registered: Apr 2005
Posts: 23

Original Poster
Rep: Reputation: 0
rawcous,

thanks for your help.

for what I read, it seems that I need to make sure I can send email only from this server, so no relay what so ever.

I see that there is a lot of possible relay, I have to find how to disable all relay from postfix. I have a webmail client install on the server and want to be able to send only from this client.

I am using webmin to manage postfix and I can see it is a bad practice as I do not know how the files are modified.
you tick a box "Allow connections from this system" but if someone ask you "did you change this setting" you have no idea what was changed actually

reup
 
Old 02-07-2015, 06:29 AM   #6
dereut
LQ Newbie
 
Registered: Apr 2005
Posts: 23

Original Poster
Rep: Reputation: 0
so far no luck, it seems that if people add my domains in the return address, postfix will accept them

I am trying to make it that only people registered as my users in the database will be able to send emails, and as we all use a webmail client running on the same server as postfix, it should be only email send from this server IP

I have to admit that there is so many options and so much to read that I will accept any help to solve my issue.

I will learn, but right now I am in a hurry

reup
 
Old 02-07-2015, 06:52 AM   #7
dereut
LQ Newbie
 
Registered: Apr 2005
Posts: 23

Original Poster
Rep: Reputation: 0
digging more, it seems that all those emails are send through my apache server.

if I stop postfix and courier-imap, the queue keeps growing but as soon as I stop apache, and flush the queue, it stop completely

I must have some serious bug in my wordpress system to allow so many people to send emails.

reup
 
Old 02-07-2015, 06:55 AM   #8
Rawcous
Member
 
Registered: Jan 2014
Location: Farnborough, Hampshire - UK
Distribution: SCO UNIX -> Fedora (Core) -> CentOS -> RedHat
Posts: 128

Rep: Reputation: 48
Hello Dereut,

Hope I haven't misunderstood this but do all "valid" users who relay mail via your server do so on the local network? If yes then could set up an iptables rule to that affect - this would block all external users from hitting your smtp port i.e port 25. This is what I do with my Sendmail SMTP server.

Regards,

Rawcous!
 
Old 02-07-2015, 07:06 AM   #9
dereut
LQ Newbie
 
Registered: Apr 2005
Posts: 23

Original Poster
Rep: Reputation: 0
well it seems that some wordpress plugins are using my apache server to send those email https://www.howtoforge.com/community...pamming.60573/

I am checking right now, but if it is the case, I dont know how to stop that except finding the offending plugins or stopping apache

if I stop apache, the queue stop growing (I have 400 new email in the queue every 10mn right now). if I stop postfix or courier-imap, I still get new email in the queue

reup
 
Old 02-07-2015, 07:18 AM   #10
dereut
LQ Newbie
 
Registered: Apr 2005
Posts: 23

Original Poster
Rep: Reputation: 0
for now, I have addess in php.ini disable_functions = "mail"

restarted apache

will see if it works
 
Old 02-07-2015, 04:03 PM   #11
dereut
LQ Newbie
 
Registered: Apr 2005
Posts: 23

Original Poster
Rep: Reputation: 0
well, it worked, I remove all relay from the system and stop php mail function.

now my system does not send junk mail any more

thanks for the hint and information links, this has help a lot

reup
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix - Issues with massive local email queue Selenis Linux - Server 4 02-28-2014 06:17 AM
var full on server - cannot access plesk, domains, email BAD311 Linux - Server 4 12-08-2013 08:04 PM
Email staying in queue on server... txscooterd Linux - Server 3 05-10-2011 07:07 AM
Postfix - Disable incoming email but still process queue FragInHell Linux - Server 4 06-09-2009 09:37 PM
Postfix Email Is Stuck In Queue carlosinfl Linux - Server 3 06-19-2008 10:19 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 09:50 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration