#1  
Old 2nd May 2012, 04:30
TimR TimR is offline
Junior Member
 
Join Date: May 2012
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default Spam Tracing/blocking

I am trying to block spam coming into a mail server I admin.

Config OpenSuSe11.3/Postfix/Dovecot

Router TP-Link TD-W8920G

Log below of incoming spam. Spamassassin correctly identifies it. It is delivered to one active mail box and bounced from another deleted user.

main.cf (lots from falko's suggestions) included

Questions.
1. From log:
May 2 09:28:59 mmay-server postfix/smtpd[6063]: 5C7B5E43FA: client=unknown[192.168.6.2]
The connecting server delivering the message is client=unknown[192.168.6.2]. 192.168.6.2 is the router's local ip. Why isn't the incoming mail server's external IP revealed? Is it a misconfiguration of my router? The router port forwards to the mail server box on 192.168.6.1

2. From log:
May 2 09:29:03 mmay-server postfix/smtp[6087]: certificate verification failed for mx1.xrea.com[202.172.25.31]:25: untrusted issuer /C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority
May 2 09:29:04 mmay-server postfix/smtp[6087]: BEC6EE4472: to=<lettyrana@xrea.com>, relay=mx1.xrea.com[202.172.25.31]:25, delay=4.2, delays=0.05/0.01/2.8/1.3, dsn=2.0.0, status=sent (250 ok 1335914945 qp 19895)
These lines seem to indicate that some info is captured to identify spamming server. How can I use it to stop spam?

Thanks,
Tim

Log
May 2 09:28:59 mmay-server postfix/smtpd[6063]: 5C7B5E43FA: client=unknown[192.168.6.2]
May 2 09:29:00 mmay-server postfix/cleanup[6073]: 5C7B5E43FA: message-id=<69l85h57j48-69308177-739w3l27@kkqnbcqhj>
May 2 09:29:00 mmay-server postfix/qmgr[17341]: 5C7B5E43FA: from=<lettyrana@xrea.com>, size=813, nrcpt=2 (queue active)
May 2 09:29:00 mmay-server spamd[4755]: spamd: connection from localhost [127.0.0.1] at port 36258
May 2 09:29:00 mmay-server spamd[4755]: spamd: setuid to nobody succeeded
May 2 09:29:00 mmay-server spamd[4755]: spamd: processing message <69l85h57j48-69308177-739w3l27@kkqnbcqhj> for nobody:65534
May 2 09:29:00 mmay-server spamd[4755]: spamd: identified spam (16.1/5.0) for nobody:65534 in 0.2 seconds, 793 bytes.
May 2 09:29:00 mmay-server spamd[4755]: spamd: result: Y 16 - ALL_TRUSTED,BAYES_99,FREEMAIL_FROM,FS_REPLICA,FS_R EPLICAWATCH,REPLICA_WATCH,SANE_04e8bf28eb445199a7f 11b943c44d209,SANE_3b92eda751c992f230f215fb7eb3684 4,SANE_4ef8302546bf270a19baf98508afacc4 scantime=0.2,size=793,user=nobody,uid=65534,requir ed_score=5.0,rhost=localhost,raddr=127.0.0.1,rport =36258,mid=<69l85h57j48-69308177-739w3l27@kkqnbcqhj>,bayes=1.000000,autolearn=spam
May 2 09:29:00 mmay-server spamd[3183]: prefork: child states: II
May 2 09:29:00 mmay-server postfix/pickup[5960]: A2273E5086: uid=65534 from=<lettyrana@xrea.com>
May 2 09:29:00 mmay-server postfix/pipe[6076]: 5C7B5E43FA: to=<kirstie@maxmay.com.au>, relay=spamassassin, delay=6.9, delays=6.6/0/0/0.25, dsn=2.0.0, status=sent (delivered via spamassassin service)
May 2 09:29:00 mmay-server postfix/pipe[6076]: 5C7B5E43FA: to=<max@maxmay.com.au>, relay=spamassassin, delay=6.9, delays=6.6/0/0/0.25, dsn=2.0.0, status=sent (delivered via spamassassin service)
May 2 09:29:00 mmay-server postfix/qmgr[17341]: 5C7B5E43FA: removed
May 2 09:29:00 mmay-server postfix/cleanup[6073]: A2273E5086: message-id=<69l85h57j48-69308177-739w3l27@kkqnbcqhj>
May 2 09:29:00 mmay-server postfix/qmgr[17341]: A2273E5086: from=<lettyrana@xrea.com>, size=3774, nrcpt=2 (queue active)
May 2 09:29:00 mmay-server postfix/local[6083]: A2273E5086: to=<mmay@mmay-server.maxmay.com.au>, orig_to=<max@maxmay.com.au>, relay=local, delay=0.17, delays=0.1/0.02/0/0.05, dsn=2.0.0, status=sent (delivered to mailbox)
May 2 09:29:00 mmay-server postfix/local[6082]: A2273E5086: to=<kstewart@mmay-server.maxmay.com.au>, orig_to=<kirstie@maxmay.com.au>, relay=local, delay=0.18, delays=0.1/0.01/0/0.07, dsn=5.1.1, status=bounced (unknown user: "kstewart")
May 2 09:29:00 mmay-server postfix/cleanup[6073]: BEC6EE4472: message-id=<20120501232900.BEC6EE4472@mmay-server.maxmay.com.au>
May 2 09:29:00 mmay-server postfix/bounce[6085]: A2273E5086: sender non-delivery notification: BEC6EE4472
May 2 09:29:00 mmay-server postfix/qmgr[17341]: BEC6EE4472: from=<>, size=5781, nrcpt=1 (queue active)
May 2 09:29:00 mmay-server postfix/qmgr[17341]: A2273E5086: removed
May 2 09:29:01 mmay-server postfix/smtpd[6063]: disconnect from unknown[192.168.6.2]
May 2 09:29:03 mmay-server postfix/smtp[6087]: certificate verification failed for mx1.xrea.com[202.172.25.31]:25: untrusted issuer /C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority
May 2 09:29:04 mmay-server postfix/smtp[6087]: BEC6EE4472: to=<lettyrana@xrea.com>, relay=mx1.xrea.com[202.172.25.31]:25, delay=4.2, delays=0.05/0.01/2.8/1.3, dsn=2.0.0, status=sent (250 ok 1335914945 qp 19895)
May 2 09:29:04 mmay-server postfix/qmgr[17341]: BEC6EE4472: removed

postfix/main.cf
inet_protocols = all
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_alias_domains = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = mmay-server.$mydomain
delay_warning_time = 1h
message_strip_characters = \0
program_directory = /usr/lib/postfix
inet_interfaces = all
masquerade_domains =
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
defer_transports =
mynetworks_style = host
mydomain = maxmay.com.au
mynetworks = 127.0.0.0/8, !192.168.6.2, 192.168.6.0/24
relay_domains = $mydestination, hash:/etc/postfix/relay
disable_dns_lookups = no
relayhost =
#content_filter = smtp-amavis:[127.0.0.1]:10025
content_filter =
mailbox_command =
mailbox_transport =
strict_8bitmime = no
disable_mime_output_conversion = no
smtpd_sender_restrictions = reject_unknown_sender_domain, hash:/etc/postfix/access
smtpd_client_restrictions =
#anti spam settings--->
smtpd_helo_required = yes
#smtpd_helo_required = no
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
#strict_rfc821_envelopes = no
invalid_hostname_reject_code = 554
multi_recipient_bounce_reject_code = 554
non_fqdn_reject_code = 554
relay_domains_reject_code = 554
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_sender_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
smtpd_recipient_restrictions =
check_sender_access hash:/etc/postfix/sender_access,
reject_invalid_hostname,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client multi.uribl.com,
reject_rbl_client dsn.rfc-ignorant.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client list.dsbl.org,
reject_rbl_client multihop.dsbl.org,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client combined.rbl.msrbl.net,
reject_rbl_client rabl.nuclearelephant.com,
permit
#smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access,permit_sasl_authenticated,permit_myn etworks,reject_unauth_destination
# <------ end anti spam settings
smtpd_helo_restrictions =
#smtpd_reject_unlisted_sender = no
smtp_sasl_auth_enable = no
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_sasl_auth_enable = yes
smtpd_use_tls = yes
smtp_use_tls = yes
smtp_enforce_tls = no
smtp_tls_session_cache_timeout = 3600s
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 0
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
Reply With Quote
Sponsored Links
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SPAM Issues Tekati Installation/Configuration 1 19th December 2011 23:16
Spam Filtering - Postfix, Amavis, Spam Assassin Tekati Installation/Configuration 1 20th January 2011 00:50
Help Too much SPAM!! makensy13 Installation/Configuration 4 13th January 2011 17:55
Spamfilter policy - question about spam actions prisfeo Installation/Configuration 4 2nd February 2010 16:17
Ubuntu 8.04 Spamsnake - all SA scores 0.00 Thomas_Powers HOWTO-Related Questions 23 24th June 2008 17:37


All times are GMT +2. The time now is 13:34.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.