I am having a problem with postfix sending spam emails that are targeting a list of aol.com users.
I am using Ubuntu 12.04
## Postfix + squirrelmail ##
1- Since I am using postfix on a home server so port 25 is blocked by default from my ISP so I had to use the relay option to be able to send email using:
relayhost = smtp.bredband.net ( My ISP ) in main.cf
2- The emails been sent using userid 33 ( www-data ) from other domains that are hosted on same server and pointed to same ip.
So, My main domain I am using with postfix is selman.us and all emails should only be sent from email@example.com
and I don't want it to be sent from another apache virtual host like firstname.lastname@example.org
Now spammers using botnet or some other applications to be able to send emails from my other domain while those users don't exist on the website or the system like email@example.com
Steps I have taken so far to stop this drama:
1- Removed my ISP smtp server from relayhost in main.cf to disable relay on the server.
2- Added the smtp server to squirrelmail instead and sending emails works fine.
3- Blocked all outgoing connections to aol.com ips on port 25 using ufw.
Now all emails been sent by the spammers go to postfix queue and I have in my mail logs:
status=deferred (delivery temporarily suspended: connect to mailin-04.mx.aol.com[22.214.171.124]:25: Connection timed out)
Since I am having tons of emails going out so it's about 2k emails per hour go to queue so I have created a cron job to wipe them hourly using:
postsuper -d ALL
The problem is partly solved now but I need something more effective:
1- I need to know how use my own smtp server to send emails using another port than 25 like port 587
2- How to prevent spammers from using my other domain names to send emails. Like allow only my main domain name or host name to send out emails and not all domains hosted on my server.
Thank you for reading and your help is much appreciated.