Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 14th February 2013, 21:02
Desp Desp is offline
Junior Member
 
Join Date: Dec 2008
Location: Sweden
Posts: 27
Thanks: 0
Thanked 4 Times in 2 Posts
Send a message via MSN to Desp Send a message via Yahoo to Desp
Default [SOLVED] Postfix or apache sending spam emails

Hello guys,

I am having a problem with postfix sending spam emails that are targeting a list of aol.com users.

I am using Ubuntu 12.04

Problems:

## Postfix + squirrelmail ##

1- Since I am using postfix on a home server so port 25 is blocked by default from my ISP so I had to use the relay option to be able to send email using:

relayhost = smtp.bredband.net ( My ISP ) in main.cf

2- The emails been sent using userid 33 ( www-data ) from other domains that are hosted on same server and pointed to same ip.

So, My main domain I am using with postfix is selman.us and all emails should only be sent from user@selman.us and I don't want it to be sent from another apache virtual host like user@cashpaidsurveys.org

Now spammers using botnet or some other applications to be able to send emails from my other domain while those users don't exist on the website or the system like brucelee@cashpaidsurveys.org

Steps I have taken so far to stop this drama:

1- Removed my ISP smtp server from relayhost in main.cf to disable relay on the server.

2- Added the smtp server to squirrelmail instead and sending emails works fine.

3- Blocked all outgoing connections to aol.com ips on port 25 using ufw.

Now all emails been sent by the spammers go to postfix queue and I have in my mail logs:
status=deferred (delivery temporarily suspended: connect to mailin-04.mx.aol.com[64.12.138.161]:25: Connection timed out)

Since I am having tons of emails going out so it's about 2k emails per hour go to queue so I have created a cron job to wipe them hourly using:
postsuper -d ALL

----------------------

The problem is partly solved now but I need something more effective:

1- I need to know how use my own smtp server to send emails using another port than 25 like port 587

2- How to prevent spammers from using my other domain names to send emails. Like allow only my main domain name or host name to send out emails and not all domains hosted on my server.

Thank you for reading and your help is much appreciated.
__________________
Mahmoud Selman

Last edited by Desp; 15th February 2013 at 20:45.
Reply With Quote
Sponsored Links
  #2  
Old 15th February 2013, 20:44
Desp Desp is offline
Junior Member
 
Join Date: Dec 2008
Location: Sweden
Posts: 27
Thanks: 0
Thanked 4 Times in 2 Posts
Send a message via MSN to Desp Send a message via Yahoo to Desp
Smile

Ok guys, I found this solution after a while googleing and I hope you don't mind me sharing it here in case someone else face same problem.

The problem is not on the server side as apache or postfix issue, but the spam been sent using a WP spambots/malware that have been installed on my websites from a theme or plugin and from there been spreading to other WP files and using the domain names to send the spam.

You can scan your websites folders with Linux Malware Detect that is currently found here.

The result that I found is:

malware detect scan report for hostname:
SCAN ID: 021513-2017.31607
TIME: Feb 15 20:18:28 +0100
PATH: /home/user/public_html/
TOTAL FILES: 10784
TOTAL HITS: 7
FILE HIT LIST:
{CAV}PHP.Trojan.Spambot
{HEX}php.cmdshell.unclassed.344
{CAV}PHP.Trojan.Spambot
{CAV}PHP.Trojan.Spambot
{HEX}php.cmdshell.unclassed.344
{CAV}PHP.Trojan.Spambot
{CAV}PHP.Trojan.Spambot

Hope this will be helpful..
__________________
Mahmoud Selman
Reply With Quote
Reply

Bookmarks

Tags
apache, botnet, postfix, spammer, squirrelmail

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting Email Working ISPConfig3 Squirrelmail and Courier etc Ian Wilson Installation/Configuration 17 19th June 2013 22:58
How cai remove amavis from postfix ? gabrix Server Operation 16 2nd October 2012 09:58
sneaking suspicion my postfix config has gone awry mjbarfoot Installation/Configuration 7 24th August 2010 12:23
RoundCube Sends but will not receive. happz Installation/Configuration 33 17th April 2010 21:55
Need help get mail to work (can't recieve and apperently can't send) omega13a Installation/Configuration 19 20th August 2009 21:06


All times are GMT +2. The time now is 19:13.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.