LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-16-2012, 02:57 AM   #1
alphatest
Member
 
Registered: Aug 2010
Location: KL
Distribution: Centos, ubuntu
Posts: 137

Rep: Reputation: 2
how to block spammer using my mailserver


Hi,

how to defend my mailserver using by spammer to send email to etc yahoomail,hotmail n gmail


my mail server now become blacklist because of spammer
already setting everything to block of all that but still attacked by spammers

below log mail:-

Apr 16 15:45:44 mail postfix/smtp[7405]: 3A2F95944373: to=<taram8@yahoo.com>, relay=mta6.am0.yahoodns.net[67.195.103.233], delay=31, status=deferred (host mta6.am0.yahoodns.net[67.195.103.233] refused to talk to me: 421 4.7.0 [TS01] Messages from 210.19.31.170 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
Apr 16 15:45:44 mail postfix/smtpd[7409]: A8F2E59443A0: client=unknown[199.71.214.214], sasl_method=LOGIN, sasl_username=daniel
Apr 16 15:45:48 mail postfix/smtp[7392]: 983BA59442EC: to=<tammie.logan@gmail.com>, relay=gmail-smtp-in.l.google.com[173.194.79.26], delay=122, status=sent (250 2.0.0 OK 1334562782 t9si19599750pbj.72)
Apr 16 15:45:48 mail postfix/smtp[7392]: 983BA59442EC: to=<tammiesonlineearnings@gmail.com>, relay=gmail-smtp-in.l.google.com[173.194.79.26], delay=122, status=sent (250 2.0.0 OK 1334562782 t9si19599750pbj.72)

thanks
 
Old 04-16-2012, 05:03 AM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 780Reputation: 780Reputation: 780Reputation: 780Reputation: 780Reputation: 780Reputation: 780
I am assuming here that the log entries shown are all spam mail originating from your server and the username daniel is not a valid user. I also did a whois of 199.71.214.214 and got an organization in Utah named premierdebtalliance.com. If you try to go to their site, you get some varient of a domain not found that tries to search for the keyword alliance (e.g. gives links to Alliance, Ohio).

My initial guess is that you have something improperly configured in your SASL setup. Postfix supports Dovecot and Cyrus for SASL authentication, which are you using? The part that tells me that something is wrong is this: sasl_method=LOGIN, sasl_username=daniel as this doesn't look like a proper sasl authentication. For example, here are a couple of logins from my server:
Code:
Apr 16 05:02:06 server dovecot: imap-login: Login: user=<me@my.domain>, method=PLAIN, rip=a.b.c.d, lip=192.168.x.x, TLS
Apr 12 10:52:10 server dovecot: pop3-login: Login: user=<other@other.virtual.domain>, method=PLAIN, rip=a.b.c.d, lip=192.168.x.x, TLS
In each case, notice that Dovecot is being used as the authentication service, but this (or the corresponding Cyrus information) is lacking in your logs.

I thought that this link had a pretty good discussion of this subject, note that the method=LOGIN being implicated in a setup problem allowing a spammer to relay: http://www.zimbra.com/forums/adminis...ing-issue.html

To correct this first make sure that you have configured Postfix for the proper SASL authentication:
In all cases and if your using Cyrus see this: http://www.postfix.org/SASL_README.html
If you are using Dovecot1.x see this: http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL
If you are using Dovecot2.x see this: http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL

Note that you need to tell Postfix in main.cf what you are using for authentication. You also need to setup the backend authentication database in whichever method you are using.

Second, make sure you have the permissions set correctly in main.cf for your smtpd_recipient_restrictions.
For example (the one in bold preventing you from being an open relay, but I don't think this is your problem, but See: http://www.postfix.org/postconf.5.ht..._destination):
Code:
smtpd_recipient_restrictions =
   reject_rbl_client zen.spamhaus.org
   reject_rbl_client bl.spamcop.net
   permit_mynetworks
   check_policy_service inet:127.0.0.1:60000
   permit_sasl_authenticated
   permit_mx_backup
   reject_unauth_destination
   reject_unknown_recipient_domain
   permit
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
fsck.ext3 keeps fails with "Error reading block" short read at same block jpletka Linux - Server 2 06-10-2010 02:46 AM
I need a mailserver rm22 Linux - Software 1 03-27-2008 07:34 PM
IPTables and PPTPD :S (to block or not to block) thewonka Linux - Networking 0 03-24-2005 06:58 PM
MailServer Help nixinbarrie Linux - Networking 3 04-22-2004 12:51 PM
Mailserver jayakrishnan Linux - General 0 03-14-2002 05:29 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:38 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration