how to block spammer using my mailserver
Hi,
how to defend my mailserver using by spammer to send email to etc yahoomail,hotmail n gmail my mail server now become blacklist because of spammer already setting everything to block of all that but still attacked by spammers below log mail:- Apr 16 15:45:44 mail postfix/smtp[7405]: 3A2F95944373: to=<taram8@yahoo.com>, relay=mta6.am0.yahoodns.net[67.195.103.233], delay=31, status=deferred (host mta6.am0.yahoodns.net[67.195.103.233] refused to talk to me: 421 4.7.0 [TS01] Messages from 210.19.31.170 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html) Apr 16 15:45:44 mail postfix/smtpd[7409]: A8F2E59443A0: client=unknown[199.71.214.214], sasl_method=LOGIN, sasl_username=daniel Apr 16 15:45:48 mail postfix/smtp[7392]: 983BA59442EC: to=<tammie.logan@gmail.com>, relay=gmail-smtp-in.l.google.com[173.194.79.26], delay=122, status=sent (250 2.0.0 OK 1334562782 t9si19599750pbj.72) Apr 16 15:45:48 mail postfix/smtp[7392]: 983BA59442EC: to=<tammiesonlineearnings@gmail.com>, relay=gmail-smtp-in.l.google.com[173.194.79.26], delay=122, status=sent (250 2.0.0 OK 1334562782 t9si19599750pbj.72) thanks |
I am assuming here that the log entries shown are all spam mail originating from your server and the username daniel is not a valid user. I also did a whois of 199.71.214.214 and got an organization in Utah named premierdebtalliance.com. If you try to go to their site, you get some varient of a domain not found that tries to search for the keyword alliance (e.g. gives links to Alliance, Ohio).
My initial guess is that you have something improperly configured in your SASL setup. Postfix supports Dovecot and Cyrus for SASL authentication, which are you using? The part that tells me that something is wrong is this: sasl_method=LOGIN, sasl_username=daniel as this doesn't look like a proper sasl authentication. For example, here are a couple of logins from my server: Code:
Apr 16 05:02:06 server dovecot: imap-login: Login: user=<me@my.domain>, method=PLAIN, rip=a.b.c.d, lip=192.168.x.x, TLS I thought that this link had a pretty good discussion of this subject, note that the method=LOGIN being implicated in a setup problem allowing a spammer to relay: http://www.zimbra.com/forums/adminis...ing-issue.html To correct this first make sure that you have configured Postfix for the proper SASL authentication: In all cases and if your using Cyrus see this: http://www.postfix.org/SASL_README.html If you are using Dovecot1.x see this: http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL If you are using Dovecot2.x see this: http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL Note that you need to tell Postfix in main.cf what you are using for authentication. You also need to setup the backend authentication database in whichever method you are using. Second, make sure you have the permissions set correctly in main.cf for your smtpd_recipient_restrictions. For example (the one in bold preventing you from being an open relay, but I don't think this is your problem, but See: http://www.postfix.org/postconf.5.ht..._destination): Code:
smtpd_recipient_restrictions = |
All times are GMT -5. The time now is 12:33 AM. |