Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 11th November 2006, 20:06
Hagforce Hagforce is offline
Senior Member
 
Join Date: Feb 2006
Posts: 210
Thanks: 37
Thanked 1 Time in 1 Post
Default TPS FC4, mail server abused to send spam?

Hello.

I used the exelent how to guide on your pages to setup a web/mail server.

The server is setup with an official IP adress, so no NAT or firewall protects it.
Just the firewall in ISPConfig (erverything is set up as in the tutorial).

I`m worried that my server is used as a "spam server".
I`ve been locking at the logs, but I`m not shore what to loock for etc.

Is there any way to see what messages are beeing sent out from my server, from witch adress, subject, reciever, IP adr etc.

I`would really like some help with this.
Reply With Quote
Sponsored Links
  #2  
Old 12th November 2006, 16:12
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Quote:
Originally Posted by Hagforce
Is there any way to see what messages are beeing sent out from my server, from witch adress, subject, reciever, IP adr etc.
It's all in your mail log. If you have lots of activity there that could be a sign of spam (unless your mail server is usually busy anyway). You can also check the mail queue:
Code:
postqueue -p
If you see lots of mails there, this could also be a sign of spam abuse.
Then you can check of your server is blacklisted:
http://www.mxtoolbox.com/blacklists.aspx

Also make sure that your mynetworks setting allows unauthenticated sending only from localhost. What's the output of
Code:
postconf -d | grep mynetworks
and
Code:
postconf -n | grep mynetworks
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 12th November 2006, 21:13
Hagforce Hagforce is offline
Senior Member
 
Join Date: Feb 2006
Posts: 210
Thanks: 37
Thanked 1 Time in 1 Post
Default

Code:
[root@www ~]# postconf -n | grep mynetworks
mynetworks = 127.0.0.0/8
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
Code:
[root@www ~]# postconf -d | grep mynetworks
mynetworks = 127.0.0.0/8 85.118.78.0/24
mynetworks_style = subnet
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks}
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
My mail log is very large, but I got over 400 mail users on my server....
The postqueue -p also contains a lot of mails, and with adresses I do not use as vbhnuz@static47.bane-cust.com, static47.bane-cust.com is a dns for the IP on the server I think???

Is all the mails in the log actualy sent?.

I`m not blacklisted, but this does not lock good.

Last edited by Hagforce; 12th November 2006 at 21:16.
Reply With Quote
  #4  
Old 13th November 2006, 16:23
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Quote:
Originally Posted by Hagforce
Code:
[root@www ~]# postconf -n | grep mynetworks
mynetworks = 127.0.0.0/8
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
This looks good.

Quote:
Originally Posted by Hagforce
My mail log is very large, but I got over 400 mail users on my server....
The postqueue -p also contains a lot of mails, and with adresses I do not use as vbhnuz@static47.bane-cust.com, static47.bane-cust.com is a dns for the IP on the server I think???
What's your server's IP address? What's the output of
Code:
dig -x your_ip_address
?

Quote:
Originally Posted by Hagforce
Is all the mails in the log actualy sent?.
This is recorded also in the mail log.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 13th November 2006, 18:10
Hagforce Hagforce is offline
Senior Member
 
Join Date: Feb 2006
Posts: 210
Thanks: 37
Thanked 1 Time in 1 Post
Default

output of "dig -x your_ip_address"

Code:
;; ANSWER SECTION:
47.78.118.85.in-addr.arpa. 86400 IN     PTR     static47.bane-cust.com.
Reply With Quote
  #6  
Old 14th November 2006, 15:10
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

So static47.bane-cust.com is your server, and Postfix translates local domains to static47.bane-cust.com. that's why you see this domain in your mail log. That's the ususal behaviour, there's nothing wrong with it.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Statistic not working mzo Installation/Configuration 49 20th April 2011 12:19
Setting up a backup mail server setup with two installations of ISPConfig zitch Tips/Tricks/Mods 7 30th December 2006 10:07
Core 4: Error Messages on Fresh Install re CTX/SSL jjw Installation/Configuration 30 6th September 2006 12:16
Can not recieve mail with de virtual mail adress Mounir Installation/Configuration 9 24th July 2006 23:16
Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAs ebbay Installation/Configuration 9 4th March 2006 11:47


All times are GMT +2. The time now is 16:57.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.