Rejecting outbound mail

[tristanlee85]

Is there any way to refuse to send mail outside of the server? Basically I want to keep my mail server turned on so I can receive mail, but I don't want to be able to send mail out from the server. How can I go about doing this?

Time Warner finally sent me a notice in the mail that any more spam sent from my account will result in termination of my account so... yeh. I need to keep the server running, but not send any mail outbound.

[till]

I think the more interesting question is, why is your server sending spam emails.

Have you checked your server, if it is a open relay? Have you checked if someone sends spam through any html contact forms?

[tristanlee85]

I've actually had a couple of threads on here trying to figure out why I am spamming people. Through the tests I've done, it's not an open relay, at least according to the couple of sites I used to test my server.

The only contact form I have is on my forums. It requires an e-mail address, image verification, and a message. The form sends all mail to phpbb@plastikracing.net. I don't see how they are using that form.

[tristanlee85]

Alright. It's now happened again. I can't send any more e-mails out for another 24 hours because I've reached my daily limit of 1000. In other words, people have been using my server again to keep spamming. I removed all contact forms from my pages that allow users to e-mail me. I don't know how else to stop this other than just turning off the SMTP server, but if I do that then my e-mail doesn't work and my primary e-mail address is used on this server.

I'm willing to let one of the "known" people of ISPConfig SSH and look at my computer to see what may be wrong if you would be willing to do so. Like I've said in other posts, all of the relay testing sites say they can't relay from my server so something is up. I don't know what else to do here. Please help.

[tristanlee85]

I was able to find this log. This is was caused me to reach my outbound limit. I did a trace of the IP which lead to Italy and it looks like the user is trying to login as "brandon", but was unsuccessful. Postfix is even show that the host is unknown and it's disconnecting, but then all of a sudden after disconnecting it starts sending a ton of e-mails. There are way more than what I've listed, but you get the idea.

Any ideas on how this is possible from an outside host using my server?

Code:

May 17 16:34:19 server postfix/smtpd[2316]: warning: 62.97.56.142: hostname host-56-142.pool.intred.it verification failed: Name or service not known
May 17 16:34:19 server postfix/smtpd[2316]: connect from unknown[62.97.56.142]
May 17 16:34:20 server postfix/smtpd[2316]: 9CB4E49008A: client=unknown[62.97.56.142], sasl_method=LOGIN, sasl_username=brandon
May 17 16:34:28 server postfix/cleanup[2320]: 9CB4E49008A: message-id=<20070517203420.9CB4E49008A@server.vasceria.com>
May 17 16:34:29 server postfix/qmgr[24088]: 9CB4E49008A: from=<aw-member@ebay.com>, size=15883, nrcpt=50 (queue active)
May 17 16:34:29 server postfix/smtpd[2316]: disconnect from unknown[62.97.56.142]
May 17 16:34:31 server postfix/smtpd[2316]: warning: 62.97.56.142: hostname host-56-142.pool.intred.it verification failed: Name or service not known
May 17 16:34:31 server postfix/smtpd[2316]: connect from unknown[62.97.56.142]
May 17 16:34:32 server postfix/smtpd[2316]: BE85F490092: client=unknown[62.97.56.142], sasl_method=LOGIN, sasl_username=brandon
May 17 16:34:40 server postfix/cleanup[2320]: BE85F490092: message-id=<20070517203432.BE85F490092@server.vasceria.com>
May 17 16:34:41 server postfix/qmgr[24088]: BE85F490092: from=<aw-member@ebay.com>, size=15883, nrcpt=50 (queue active)
May 17 16:34:41 server postfix/smtpd[2316]: disconnect from unknown[62.97.56.142]
May 17 16:34:43 server postfix/smtpd[2316]: warning: 62.97.56.142: hostname host-56-142.pool.intred.it verification failed: Name or service not known
May 17 16:34:43 server postfix/smtpd[2316]: connect from unknown[62.97.56.142]
May 17 16:34:45 server postfix/smtpd[2316]: 021E7490094: client=unknown[62.97.56.142], sasl_method=LOGIN, sasl_username=brandon
May 17 16:34:52 server postfix/cleanup[2320]: 021E7490094: message-id=<20070517203445.021E7490094@server.vasceria.com>
May 17 16:34:53 server postfix/qmgr[24088]: 021E7490094: from=<aw-member@ebay.com>, size=15883, nrcpt=50 (queue active)
May 17 16:34:53 server postfix/smtpd[2316]: disconnect from unknown[62.97.56.142]
May 17 16:34:54 server postfix/smtpd[2316]: warning: 62.97.56.142: hostname host-56-142.pool.intred.it verification failed: Name or service not known
May 17 16:34:54 server postfix/smtpd[2316]: connect from unknown[62.97.56.142]
May 17 16:34:56 server postfix/smtpd[2316]: 6D07B490095: client=unknown[62.97.56.142], sasl_method=LOGIN, sasl_username=brandon
May 17 16:35:04 server postfix/cleanup[2320]: 6D07B490095: message-id=<20070517203456.6D07B490095@server.vasceria.com>
May 17 16:35:05 server postfix/qmgr[24088]: 6D07B490095: from=<aw-member@ebay.com>, size=15883, nrcpt=50 (queue active)
May 17 16:35:05 server postfix/smtpd[2316]: disconnect from unknown[62.97.56.142]
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aa361@163.com>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aa19194@a.cni.org>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aaameetings@aaanet.org>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aa5693@acc.msmc.edu>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aaarlington@actadv.com>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aa4hq@arrl.net>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aa1gw@arrl.org>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aaamail@bdcom.com>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aaam@bellsouth.net>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aaappliance@bluebonnet.net>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aaappraisals@cfu.net>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aaapke@chilton.com>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aa223aay@chollian.com>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aa622@cleveland.freenet.edu>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aa726@cleveland.freenet.edu>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aa69@cornell.edu>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aaarne@cox.net>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)
May 17 16:35:05 server postfix/smtp[2348]: 021E7490094: to=<aaaquiltsup@d-web.com>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=21, status=sent (250 2.0.0 l4HKM4f0000173 Message accepted for delivery)

[tristanlee85]

I did some reading on SASL, which I guess is a way to remote login and user the (my) server as a SMTP relay. In /etc/postfix/main.cf I found smtpd_sasl_auth_enable = yes so I changed it to smtpd_sasl_auth_enable = no. Do you think this will fix my problems?