View Single Post
  #1  
Old 15th December 2011, 14:56
cookie-monster cookie-monster is offline
Junior Member
 
Join Date: Dec 2011
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default I'm sending spams?! [postfix][debian][ispconfig3]

Hello,
My 3 day old server started sending spam. I see that i can't connect mysql, i made a little research, there's huge amount of queries to mysql. And finally, i found the mail logs..
I just configured the server, and nobody is using smtp server... 25 port is closed im using 465...

Here is the part of log file
Code:
Dec 14 00:13:50 woody postfix/qmgr[28051]: DB7E21321AF: from=<root@woody.2fastweb.net>, size=36855, nrcpt=1 (queue active)
Dec 14 00:13:50 woody postfix/qmgr[28051]: BC9371321D4: from=<root@woody.2fastweb.net>, size=36385, nrcpt=1 (queue active)
Dec 14 00:13:50 woody postfix/smtp[25828]: DA8141321CC: to=<hsvguy2005@hotmail.com>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=85, delay=7.4, delays=0.67/6.4/0/0.37, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=25301-02-85, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as DB7E21321AF)
Dec 14 00:13:50 woody postfix/smtp[25827]: 2E2811321FE: to=<thewrongprescription@hotmail.co.uk>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=86, delay=8.8, delays=2.1/6.4/0/0.37, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=25303-02-86, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as CCF1A1321E2)
Dec 14 00:13:50 woody postfix/qmgr[28051]: DA8141321CC: removed
Dec 14 00:13:50 woody postfix/qmgr[28051]: 2E2811321FE: removed
Dec 14 00:13:50 woody postfix/pickup[24000]: 0A2771321CC: uid=0 from=<root>
Dec 14 00:13:50 woody postfix/cleanup[25425]: 0A2771321CC: message-id=<20111213231350.0A2771321CC@woody.2fastweb.net>
Dec 14 00:13:50 woody postfix/qmgr[28051]: 0A2771321CC: from=<root@woody.2fastweb.net>, size=36389, nrcpt=1 (queue active)
Dec 14 00:13:50 woody postfix/pickup[24000]: 1EC511321ED: uid=0 from=<root>
Dec 14 00:13:50 woody postfix/cleanup[25450]: 1EC511321ED: message-id=<20111213231350.1EC511321ED@woody.2fastweb.net>
Dec 14 00:13:50 woody postfix/smtpd[24247]: 370B713220F: client=localhost.localdomain[127.0.0.1]
Dec 14 00:13:50 woody postfix/cleanup[25668]: 370B713220F: message-id=<20111213231343.584471321E6@woody.2fastweb.net>
Dec 14 00:13:50 woody postfix/smtp[24365]: 70BF41321FB: to=<cursie_18@yahoo.de>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=0.77, delays=0.14/0.07/0.08/0.48, dsn=2.0.0, status=sent (250 ok dirdel)
Dec 14 00:13:50 woody postfix/smtpd[24256]: 384BB13220B: client=localhost.localdomain[127.0.0.1]
Dec 14 00:13:50 woody postfix/cleanup[25910]: 384BB13220B: message-id=<20111213231343.8786F1321A0@woody.2fastweb.net>
Dec 14 00:13:50 woody postfix/qmgr[28051]: 70BF41321FB: removed
Dec 14 00:13:50 woody postfix/smtp[24375]: EAE551321D0: to=<americanboi28@yahoo.com>, relay=mta7.am0.yahoodns.net[66.94.238.147]:25, delay=2.3, delays=0.14/0/0.42/1.8, dsn=2.0.0, status=sent (250 ok dirdel)
Dec 14 00:13:50 woody postfix/qmgr[28051]: EAE551321D0: removed
Dec 14 00:13:50 woody postfix/qmgr[28051]: 370B713220F: from=<root@woody.2fastweb.net>, size=36903, nrcpt=1 (queue active)
Dec 14 00:13:50 woody amavis[25303]: (25303-02-87) Passed CLEAN, <root@woody.2fastweb.net> -> <hornyoncam2010@hotmail.com>, Message-ID: <20111213231343.8786F1321A0@woody.2fastweb.net>, mail_id: oUSpQcQLnQuM, Hits: 9.875, size: 36399, queued_as: 384BB13220B, 323 ms
Dec 14 00:13:50 woody amavis[25301]: (25301-02-86) Passed CLEAN, <root@woody.2fastweb.net> -> <blackbrew90291129@btinternet.co.uk>, Message-ID: <20111213231343.584471321E6@woody.2fastweb.net>, mail_id: zk0M4xzdOAUw, Hits: 9.875, size: 36415, queued_as: 370B713220F, 324 ms
Dec 14 00:13:50 woody postfix/smtp[25827]: 8786F1321A0: to=<hornyoncam2010@hotmail.com>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=87, delay=8.2, delays=1.7/6.1/0/0.33, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=25303-02-87, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 384BB13220B)
Dec 14 00:13:50 woody postfix/smtp[25828]: 584471321E6: to=<blackbrew90291129@btinternet.co.uk>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=86, delay=8.3, delays=1.4/6.5/0/0.33, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=25301-02-86, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 370B713220F)
Dec 14 00:13:50 woody postfix/qmgr[28051]: 1EC511321ED: from=<root@woody.2fastweb.net>, size=36411, nrcpt=1 (queue active)
Dec 14 00:13:50 woody postfix/qmgr[28051]: 8786F1321A0: removed
Dec 14 00:13:50 woody postfix/qmgr[28051]: 384BB13220B: from=<root@woody.2fastweb.net>, size=36871, nrcpt=1 (queue active)
Dec 14 00:13:50 woody postfix/pickup[24000]: 5A9571321A0: uid=0 from=<root>
Dec 14 00:13:50 woody postfix/qmgr[28051]: 584471321E6: removed
Dec 14 00:13:50 woody postfix/cleanup[25425]: 5A9571321A0: message-id=<20111213231350.5A9571321A0@woody.2fastweb.net>
Dec 14 00:13:50 woody postfix/qmgr[28051]: 5A9571321A0: from=<root@woody.2fastweb.net>, size=36389, nrcpt=1 (queue active)
Dec 14 00:13:50 woody postfix/pickup[24000]: 6D1A71321B9: uid=0 from=<root>
Dec 14 00:13:50 woody postfix/cleanup[25450]: 6D1A71321B9: message-id=<20111213231350.6D1A71321B9@woody.2fastweb.net>
Dec 14 00:13:50 woody postfix/smtp[24475]: 370B713220F: to=<blackbrew90291129@btinternet.co.uk>, relay=none, delay=0.22, delays=0.14/0.01/0.07/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=btinternet.co.uk type=A: Host found but no data record of requested type)
Dec 14 00:13:50 woody postfix/cleanup[25910]: 7126F132214: message-id=<20111213231350.7126F132214@woody.2fastweb.net>
Dec 14 00:13:50 woody postfix/smtpd[24247]: 83120132212: client=localhost.localdomain[127.0.0.1]
Dec 14 00:13:50 woody postfix/cleanup[25425]: 83120132212: message-id=<20111213231343.EE5FE1321FF@woody.2fastweb.net>
Dec 14 00:13:50 woody postfix/smtpd[24256]: 8B9A9132213: client=localhost.localdomain[127.0.0.1]
Dec 14 00:13:50 woody postfix/cleanup[25668]: 8B9A9132213: message-id=<20111213231343.E19101321F0@woody.2fastweb.net>
Dec 14 00:13:50 woody postfix/bounce[24413]: 370B713220F: sender non-delivery notification: 7126F132214
Dec 14 00:13:50 woody amavis[25303]: (25303-02-88) Passed CLEAN, <root@woody.2fastweb.net> -> <bcramerx@yahoo.com>, Message-ID: <20111213231343.E19101321F0@woody.2fastweb.net>, mail_id: lZjmQxcMBiEh, Hits: 9.875, size: 36383, queued_as: 8B9A9132213, 338 ms

Code:
alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
append_dot_mydomain = no
biff = no
body_checks = regexp:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
header_checks = regexp:/etc/postfix/header_checks
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
message_size_limit = 0
mime_header_checks = regexp:/etc/postfix/mime_header_checks
mydestination = woody.2fastweb.net, localhost, localhost.localdomain
myhostname = woody.2fastweb.net
mynetworks = 127.0.0.0/8 [::1]/128
nested_header_checks = regexp:/etc/postfix/nested_header_checks
owner_request_special = no
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
readme_directory = /usr/share/doc/postfix
receive_override_options = no_address_mappings
recipient_delimiter = +
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_message_rate_limit = 100
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf, hash:/var/lib/mailman/data/virtual-mailman
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_transport = dovecot
virtual_uid_maps = static:5000
Reply With Quote
Sponsored Links