Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a server with Debain 7 on it and a email server using courier-imap, postfix and mysql for virtual domain/users
there is also some other relevant pieces of software like clamv ...
in principle, this means that noody can send email if not using username/password for SMTP
however, I found every 2 days my postfix queue full on unsend emails (more than 8000) all failed because for some raison I cannot send to external addresses
what bugs me, is that they all try to send using fakename@mydomain.com (mydomain.com to replace with my real domain name)
it means that if my sending system was not broken, those parasites would have spam the world (8000 of them) with emails using my system
this means that my system is not secure, my stupid smtp is still trying to send or relay emails from users that are not in the Database
anyone would know how to stop smtp doing that ? or a good serious howto to set a secure email serveur ?
I know that it is a very vast question, due to different server and different settings, but what I hope is to find someone with enough knowledge to point at the right path
I'm not exactly an expert but there are a couple of standard checks that I would perform.
1. Check the contents of the /var/log/maillog file.
2. Check the contents of the /var/log/secure file.
The above 2 may provide an idea as to how your system was compromised - for example has your server been compromised and thus the script is being executed internally from your server i.e. using an ssh account etc?
3. You may need to reconfigure your /etc/mail/access database so that relaying mail through your server from an external network is not permitted - I believe postfix uses the access file in the same manner thus see this link: http://www.sendmail.co.uk/sm/open_so...anti_spam.html
4. Use an external mail server integrity / security checker such as the one I have seen recommended previously on this forum. I personally use it to test the security of my mail server. It will indicate whether or not any attacker is able to relay mail from an external source: http://www.emailsecuritygrader.com/ and other potential holes in your mail server setup.
for what I read, it seems that I need to make sure I can send email only from this server, so no relay what so ever.
I see that there is a lot of possible relay, I have to find how to disable all relay from postfix. I have a webmail client install on the server and want to be able to send only from this client.
I am using webmin to manage postfix and I can see it is a bad practice as I do not know how the files are modified.
you tick a box "Allow connections from this system" but if someone ask you "did you change this setting" you have no idea what was changed actually
so far no luck, it seems that if people add my domains in the return address, postfix will accept them
I am trying to make it that only people registered as my users in the database will be able to send emails, and as we all use a webmail client running on the same server as postfix, it should be only email send from this server IP
I have to admit that there is so many options and so much to read that I will accept any help to solve my issue.
Hope I haven't misunderstood this but do all "valid" users who relay mail via your server do so on the local network? If yes then could set up an iptables rule to that affect - this would block all external users from hitting your smtp port i.e port 25. This is what I do with my Sendmail SMTP server.
I am checking right now, but if it is the case, I dont know how to stop that except finding the offending plugins or stopping apache
if I stop apache, the queue stop growing (I have 400 new email in the queue every 10mn right now). if I stop postfix or courier-imap, I still get new email in the queue
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.