Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 04-16-2012, 03:57 AM   #1
Registered: Aug 2010
Location: KL
Distribution: Centos, ubuntu
Posts: 137

Rep: Reputation: 2
how to block spammer using my mailserver


how to defend my mailserver using by spammer to send email to etc yahoomail,hotmail n gmail

my mail server now become blacklist because of spammer
already setting everything to block of all that but still attacked by spammers

below log mail:-

Apr 16 15:45:44 mail postfix/smtp[7405]: 3A2F95944373: to=<>,[], delay=31, status=deferred (host[] refused to talk to me: 421 4.7.0 [TS01] Messages from temporarily deferred due to user complaints -; see
Apr 16 15:45:44 mail postfix/smtpd[7409]: A8F2E59443A0: client=unknown[], sasl_method=LOGIN, sasl_username=daniel
Apr 16 15:45:48 mail postfix/smtp[7392]: 983BA59442EC: to=<>,[], delay=122, status=sent (250 2.0.0 OK 1334562782 t9si19599750pbj.72)
Apr 16 15:45:48 mail postfix/smtp[7392]: 983BA59442EC: to=<>,[], delay=122, status=sent (250 2.0.0 OK 1334562782 t9si19599750pbj.72)

Old 04-16-2012, 06:03 AM   #2
Senior Member
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 780Reputation: 780Reputation: 780Reputation: 780Reputation: 780Reputation: 780Reputation: 780
I am assuming here that the log entries shown are all spam mail originating from your server and the username daniel is not a valid user. I also did a whois of and got an organization in Utah named If you try to go to their site, you get some varient of a domain not found that tries to search for the keyword alliance (e.g. gives links to Alliance, Ohio).

My initial guess is that you have something improperly configured in your SASL setup. Postfix supports Dovecot and Cyrus for SASL authentication, which are you using? The part that tells me that something is wrong is this: sasl_method=LOGIN, sasl_username=daniel as this doesn't look like a proper sasl authentication. For example, here are a couple of logins from my server:
Apr 16 05:02:06 server dovecot: imap-login: Login: user=<me@my.domain>, method=PLAIN, rip=a.b.c.d, lip=192.168.x.x, TLS
Apr 12 10:52:10 server dovecot: pop3-login: Login: user=<other@other.virtual.domain>, method=PLAIN, rip=a.b.c.d, lip=192.168.x.x, TLS
In each case, notice that Dovecot is being used as the authentication service, but this (or the corresponding Cyrus information) is lacking in your logs.

I thought that this link had a pretty good discussion of this subject, note that the method=LOGIN being implicated in a setup problem allowing a spammer to relay:

To correct this first make sure that you have configured Postfix for the proper SASL authentication:
In all cases and if your using Cyrus see this:
If you are using Dovecot1.x see this:
If you are using Dovecot2.x see this:

Note that you need to tell Postfix in what you are using for authentication. You also need to setup the backend authentication database in whichever method you are using.

Second, make sure you have the permissions set correctly in for your smtpd_recipient_restrictions.
For example (the one in bold preventing you from being an open relay, but I don't think this is your problem, but See:
smtpd_recipient_restrictions =
   check_policy_service inet:


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
fsck.ext3 keeps fails with "Error reading block" short read at same block jpletka Linux - Server 2 06-10-2010 03:46 AM
I need a mailserver rm22 Linux - Software 1 03-27-2008 08:34 PM
IPTables and PPTPD :S (to block or not to block) thewonka Linux - Networking 0 03-24-2005 07:58 PM
MailServer Help nixinbarrie Linux - Networking 3 04-22-2004 01:51 PM
Mailserver jayakrishnan Linux - General 0 03-14-2002 06:29 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:04 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration