dumb-medic
22nd April 2006, 20:50
had to re-setup ispconfig, using opensuse 10.0.
didn't have any problems during install,
but somehow it's configured as an open relay.
it seems that someone is abusing my server.
in "/var/log/mail" there are thousands of entries within minutes:
Apr 22 05:43:03 server1 postfix/smtp[15717]: DE5BB2E4040: to=<smikang@daum.net>, relay=mx5.hanmail.net[211.43.197.110], delay=8, status=bounced (host mx5.hanmail.net[211.43.197.110] said: 550 5.7.1 <vvsmtpvv@daum.net>... Error.your access was denied.? Since you sent too many e-mails,you are not allowed to send more e-mails within 24 hours.After 24 hours,you can send e-mails as usual.If you did not send any e-mails,which is considered as a spam,you'd better register (in reply to MAIL FROM command))
how can i prevent this?
here's my main.cf:
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
html_directory = /usr/share/doc/packages/postfix/html
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
readme_directory = /usr/share/doc/packages/postfix/README_FILES
inet_protocols = all
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = server1.$mydomain
program_directory = /usr/lib/postfix
inet_interfaces = all
masquerade_domains =
defer_transports =
disable_dns_lookups = no
relayhost =
mailbox_command =
mailbox_transport =
strict_8bitmime = no
disable_mime_output_conversion = no
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,check_ relay_domains
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = yes
smtpd_use_tls = yes
smtp_use_tls = yes
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 10240000
mydomain = hereismydomain.tld (removed ;-)
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
virtual_maps = hash:/etc/postfix/virtusertable
mydestination = /etc/postfix/local-host-names
here's /etc/postfix/local-host-names:
###################################
#
# ISPConfig local-host-names Configuration File
# Version 1.0
#
###################################
localhost
server1.hereismydomain.tld
localhost.server1.hereismydomain.tld
localhost.hereismydomain.tld
www.hereismydomain.tld
www.hereismyseconddomain.tld
hereismydomain.tld
hereismyseconddomain.tld
#### MAKE MANUAL ENTRIES BELOW THIS LINE! ####
server1:~ # telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 server1.hereismydomain.tld ESMTP Postfix
ehlo localhost
250-server1.hereismydomain.tld
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250 8BITMIME
finally, i can't login via uebimiau, always saying that user & pass incorrect.
regards,
dumb-medic
didn't have any problems during install,
but somehow it's configured as an open relay.
it seems that someone is abusing my server.
in "/var/log/mail" there are thousands of entries within minutes:
Apr 22 05:43:03 server1 postfix/smtp[15717]: DE5BB2E4040: to=<smikang@daum.net>, relay=mx5.hanmail.net[211.43.197.110], delay=8, status=bounced (host mx5.hanmail.net[211.43.197.110] said: 550 5.7.1 <vvsmtpvv@daum.net>... Error.your access was denied.? Since you sent too many e-mails,you are not allowed to send more e-mails within 24 hours.After 24 hours,you can send e-mails as usual.If you did not send any e-mails,which is considered as a spam,you'd better register (in reply to MAIL FROM command))
how can i prevent this?
here's my main.cf:
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
html_directory = /usr/share/doc/packages/postfix/html
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
readme_directory = /usr/share/doc/packages/postfix/README_FILES
inet_protocols = all
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = server1.$mydomain
program_directory = /usr/lib/postfix
inet_interfaces = all
masquerade_domains =
defer_transports =
disable_dns_lookups = no
relayhost =
mailbox_command =
mailbox_transport =
strict_8bitmime = no
disable_mime_output_conversion = no
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,check_ relay_domains
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = yes
smtpd_use_tls = yes
smtp_use_tls = yes
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 10240000
mydomain = hereismydomain.tld (removed ;-)
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
virtual_maps = hash:/etc/postfix/virtusertable
mydestination = /etc/postfix/local-host-names
here's /etc/postfix/local-host-names:
###################################
#
# ISPConfig local-host-names Configuration File
# Version 1.0
#
###################################
localhost
server1.hereismydomain.tld
localhost.server1.hereismydomain.tld
localhost.hereismydomain.tld
www.hereismydomain.tld
www.hereismyseconddomain.tld
hereismydomain.tld
hereismyseconddomain.tld
#### MAKE MANUAL ENTRIES BELOW THIS LINE! ####
server1:~ # telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 server1.hereismydomain.tld ESMTP Postfix
ehlo localhost
250-server1.hereismydomain.tld
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250 8BITMIME
finally, i can't login via uebimiau, always saying that user & pass incorrect.
regards,
dumb-medic