how to block spammer using my mailserver
 

Hi,

how to defend my mailserver using by spammer to send email to etc yahoomail,hotmail n gmail


my mail server now become blacklist because of spammer
already setting everything to block of all that but still attacked by spammers

below log mail:-

Apr 16 15:45:44 mail postfix/smtp[7405]: 3A2F95944373: to=<taram8@yahoo.com>, relay=mta6.am0.yahoodns.net[67.195.103.233], delay=31, status=deferred (host mta6.am0.yahoodns.net[67.195.103.233] refused to talk to me: 421 4.7.0 [TS01] Messages from 210.19.31.170 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
Apr 16 15:45:44 mail postfix/smtpd[7409]: A8F2E59443A0: client=unknown[199.71.214.214], sasl_method=LOGIN, sasl_username=daniel
Apr 16 15:45:48 mail postfix/smtp[7392]: 983BA59442EC: to=<tammie.logan@gmail.com>, relay=gmail-smtp-in.l.google.com[173.194.79.26], delay=122, status=sent (250 2.0.0 OK 1334562782 t9si19599750pbj.72)
Apr 16 15:45:48 mail postfix/smtp[7392]: 983BA59442EC: to=<tammiesonlineearnings@gmail.com>, relay=gmail-smtp-in.l.google.com[173.194.79.26], delay=122, status=sent (250 2.0.0 OK 1334562782 t9si19599750pbj.72)

thanks

I am assuming here that the log entries shown are all spam mail originating from your server and the username daniel is not a valid user. I also did a whois of 199.71.214.214 and got an organization in Utah named premierdebtalliance.com. If you try to go to their site, you get some varient of a domain not found that tries to search for the keyword alliance (e.g. gives links to Alliance, Ohio).

My initial guess is that you have something improperly configured in your SASL setup. Postfix supports Dovecot and Cyrus for SASL authentication, which are you using? The part that tells me that something is wrong is this: sasl_method=LOGIN, sasl_username=daniel as this doesn't look like a proper sasl authentication. For example, here are a couple of logins from my server:
In each case, notice that Dovecot is being used as the authentication service, but this (or the corresponding Cyrus information) is lacking in your logs.

I thought that this link had a pretty good discussion of this subject, note that the method=LOGIN being implicated in a setup problem allowing a spammer to relay: http://www.zimbra.com/forums/adminis...ing-issue.html

To correct this first make sure that you have configured Postfix for the proper SASL authentication:
In all cases and if your using Cyrus see this: http://www.postfix.org/SASL_README.html
If you are using Dovecot1.x see this: http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL
If you are using Dovecot2.x see this: http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL

Note that you need to tell Postfix in main.cf what you are using for authentication. You also need to setup the backend authentication database in whichever method you are using.

Second, make sure you have the permissions set correctly in main.cf for your smtpd_recipient_restrictions.
For example (the one in bold preventing you from being an open relay, but I don't think this is your problem, but See: http://www.postfix.org/postconf.5.ht..._destination):