HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   postqueue -p show lots of spam mails sent to system users (http://www.howtoforge.com/forums/showthread.php?t=22776)

tom 27th April 2008 22:39

postqueue -p show lots of spam mails sent to system users
 
postqueue -p

shows lots of spam mails. Most of them has an emry "from<>" but postfix tries to inform the sender that the mail cant be delivered. That could be nice if the sender would be exist but it is spam with "from<>" as sender and postfix tries again and again to inform the unkown spam sender that the mail can't be delivered.

This prosses creates a lot of mailtrafic overhead. As well the same mails addressed to system users because Postfix reads /etc/passwd /etc/shaddow to verify the allowed mailusers.

Example:
Try to send an mail with your local mail-client to your ISPConfig Postfix. As recipient use "sshd", "uucp", "nobody" or whatever systemuser you like. Try sshd@yourserver.com and sent it to your server. Postfix will accept the spam mail, try to deliver it to /var/run/sshd/Maildir/tmp/... . Than Postfix will put the spam Mail because no Maildir for sshd to smptd in the mailq to inform the sender that the mail can't be deliverd. This mail will go back to you or your spam directory of your provider send by MAILER-DAEMON@yourserver.com.

In this example case you, the original sender exists. If it is realy spam the original sender does not exist and could not take this message. Exaxtly this happens mostly because postfix is polite and try, I don't know maybe 50 times to send the sender and more and more mails addressed to system users let grow the mailq because 99% are unwanted mail, but postfix does not say "no" after the EHLO dialog, it say "yes, your are wellcome".

How it is possible with ISPConfig to ban unknown users and system users already at the fist gate, that this mails does'nt go in the mailq?

till 28th April 2008 11:43

Switch your mailsystem form sendmail style to postfix style in /home/admispconfig/ispconfig/lib/config.inc.php and then change a mail user within ISPConfig so that the config files get rewritten.

tom 28th April 2008 18:33

1. What will be happen after switching to postfix style?
2. Which files will be rewritten?
3. Does that change makes postfix accept only mails from mailusers an no system users anymore?
4. I suppose to change the following rule could protect mails sent to system users like sshd@domain.com or why "proxy:unix:passwd.byname" is given?

Quote:

smtpd_recipient_restrictions =
...
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
...
change to:
Quote:

smtpd_recipient_restrictions =
...
local_recipient_maps = $alias_maps
...
5. Another question is how that can be happen and solved, a mail to admin if admin does'nt exist?
Quote:

...
postfix/local[9028]: EE1472231A: to=<admin@mail.domain1.com> (expanded from <webmaster@domain2sameserver.de>): unknown
user: "admin"...

tom 29th April 2008 12:24

I've just seen that ISPConfig 3 Beta supports virutal users. I suppose with this new version the spam problem reciving mail for system users like sshd@domain.com are solved, right?

What about using ISPConfig 3 Beta produktiv and how to migrate from ISPConfig 2 to ISPConfig 3 Beta?

Still I woult be lucy to get some anwsers to my question in my previous post :-)

till 29th April 2008 13:33

This problem is solved in ISPConfig 2 too when you switch to postfix style, thats why I posted it above in #2

Quote:

What about using ISPConfig 3 Beta produktiv and how to migrate from ISPConfig 2 to ISPConfig 3 Beta?
Productive use it not recommended yet, only if you dont give your clients access to the controlpanel you might use it as productive system.

There is no direct migration from ISPConfig 2 to 3 possible.

Quote:

Still I woult be lucy to get some anwsers to my question in my previous post :-)
Please do what I posted in #2 to resolve this. Only the local-host-names and virtusertable files is written in a different format.

tom 29th April 2008 13:43

Thanks for your answer :-)
Can you just tell which files will be rewritten be switching ISPConfig to postfix style?

till 29th April 2008 14:18

Quote:

Originally Posted by tom
Thanks for your answer :-)
Can you just tell which files will be rewritten be switching ISPConfig to postfix style?

Quoted from my post above ;)

Quote:

Only the local-host-names and virtusertable files is written in a different format.


All times are GMT +2. The time now is 03:25.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.