View Single Post
  #1  
Old 27th April 2008, 21:36
tom tom is offline
Senior Member
 
Join Date: Apr 2006
Posts: 492
Thanks: 8
Thanked 8 Times in 7 Posts
Default postqueue -p show lots of spam mails sent to system users

postqueue -p

shows lots of spam mails. Most of them has an emry "from<>" but postfix tries to inform the sender that the mail cant be delivered. That could be nice if the sender would be exist but it is spam with "from<>" as sender and postfix tries again and again to inform the unkown spam sender that the mail can't be delivered.

This prosses creates a lot of mailtrafic overhead. As well the same mails addressed to system users because Postfix reads /etc/passwd /etc/shaddow to verify the allowed mailusers.

Example:
Try to send an mail with your local mail-client to your ISPConfig Postfix. As recipient use "sshd", "uucp", "nobody" or whatever systemuser you like. Try sshd@yourserver.com and sent it to your server. Postfix will accept the spam mail, try to deliver it to /var/run/sshd/Maildir/tmp/... . Than Postfix will put the spam Mail because no Maildir for sshd to smptd in the mailq to inform the sender that the mail can't be deliverd. This mail will go back to you or your spam directory of your provider send by MAILER-DAEMON@yourserver.com.

In this example case you, the original sender exists. If it is realy spam the original sender does not exist and could not take this message. Exaxtly this happens mostly because postfix is polite and try, I don't know maybe 50 times to send the sender and more and more mails addressed to system users let grow the mailq because 99% are unwanted mail, but postfix does not say "no" after the EHLO dialog, it say "yes, your are wellcome".

How it is possible with ISPConfig to ban unknown users and system users already at the fist gate, that this mails don't go in the mailq?

Maybe one part of these problem could be solved by using policyd-weight but how that goes together with ISPConfig. The other part coult be to use a secound list of knows mail users to provide the using of /etc/passwd. How could this be manged with ISPConfig?

Last edited by tom; 27th April 2008 at 21:56.
Reply With Quote
Sponsored Links