Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 14th February 2007, 17:11
linickx linickx is offline
Member
 
Join Date: Oct 2006
Location: UK
Posts: 52
Thanks: 3
Thanked 0 Times in 0 Posts
Exclamation Spam though perfect centos (postfix) install ?

Hi,

I followed the "perfect install" guide for CentOS (4.4 with ISPConfig 2.2.7). I recently received a SPAM, and it appears to have come through my server ???

Code:
Delivered-To: root AT vps.linickx DOTy co DOTy uk
Received: from 70A0802596.wbb.net.cable.rogers.com (70A0802596.wbb.net.cable.rogers.com [74.210.9.137])
	by vps.linickx.co.uk (Postfix) with SMTP id 67251BE390A
	for <support AT oakfarmpreschool DOTy com>; Tue, 13 Feb 2007 17:28:40 +0000 (GMT)
To: support AT oakfarmpreschool DOTy com
Message-Id: <20070213172840.67251BE390A@vps.linickx DOTy co DOTyuk>
Date: Tue, 13 Feb 2007 17:28:40 +0000 (GMT)
From: support AT oakfarmpreschool DOTy com
but (a) this address shouldn't exist

Code:
###################################
#
# ISPConfig virtusertable Configuration File
#         Version 1.0
#
###################################
admin AT www.oakfarmpreschool DOTy com    user28_oakfarm
user28_oakfarm AT www.oakfarmpreschool DOTy com    user28_oakfarm
admin AT oakfarmpreschool DOTy com    user28_oakfarm
user28_oakfarm AToakfarmpreschool DOTy com    user28_oakfarm
and (b) my understanding of is that this email should get authenticated as it's from a domain I'm hosting ?

Can anyone shed any light on the matter ? If it helps support@ does exist under other domains hosted on the same box.

Many Thanks
Nick
Reply With Quote
Sponsored Links
  #2  
Old 15th February 2007, 19:13
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

The mail was sent from
Quote:
Received: from 70A0802596.wbb.net.cable.rogers.com (70A0802596.wbb.net.cable.rogers.com [74.210.9.137])
to your server, not through your server.
If you send to a domain hosted on the server, you don't need authentication. Also take a look here: http://www.howtoforge.com/forums/sho...5&postcount=34
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 16th February 2007, 16:34
linickx linickx is offline
Member
 
Join Date: Oct 2006
Location: UK
Posts: 52
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Hi Falko,

Thanks for the response; what confuses me is that "support AT oakfarmpreschool DOTy com" shouldn't exist (see above virtusertable), any thoughts ?

cheers,
Nick
Reply With Quote
  #4  
Old 16th February 2007, 17:01
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,070
Thanks: 826
Thanked 5,396 Times in 4,240 Posts
Default

Quote:
Originally Posted by linickx
Thanks for the response; what confuses me is that "support AT oakfarmpreschool DOTy com" shouldn't exist (see above virtusertable), any thoughts ?
The email address "support AT oakfarmpreschool DOTy com" is the sender address, it is not nescessary that this address exists. Spammers are often using non existant fake addresses as sender.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 16th February 2007, 18:08
linickx linickx is offline
Member
 
Join Date: Oct 2006
Location: UK
Posts: 52
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by till
The email address "support AT oakfarmpreschool DOTy com" is the sender address
yeah that makes sense, but wasn't it was also the to.....

Quote:
Originally Posted by linickx
SMTP id 67251BE390A
for <support AT oakfarmpreschool DOTy com>; Tue, 13 Feb 2007 17:28:40 +0000 (GMT)
To: support AT oakfarmpreschool DOTy com
Message-Id: <20070213172840
that's why I'm thinking it should have been rejected (as support isn't on the oakfarm domain) rather than delivered to root. no ?
Reply With Quote
  #6  
Old 17th February 2007, 17:34
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by linickx
that's why I'm thinking it should have been rejected (as support isn't on the oakfarm domain) rather than delivered to root. no ?
What's in /etc/aliases? Is support a system user on your server?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 17th February 2007, 18:40
linickx linickx is offline
Member
 
Join Date: Oct 2006
Location: UK
Posts: 52
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Ah, yes, that explains it, I've never used that file b4

Is it safe to comment stuff out without effecting the running of ISPConfig ? (and associated services ) ... the man pages suggest it's a send mail file, so I think I'm ok as I'm using postfix.

Thanks !
Reply With Quote
  #8  
Old 17th February 2007, 18:49
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,070
Thanks: 826
Thanked 5,396 Times in 4,240 Posts
Default

The file /etc/aliases is used by postfix too.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 17th February 2007, 19:01
linickx linickx is offline
Member
 
Join Date: Oct 2006
Location: UK
Posts: 52
Thanks: 3
Thanked 0 Times in 0 Posts
Default

I want to comment out this rubbish at the bottom, as they're common spam victims.

Code:
newsadm:       news
newsadmin:     news
usenet:                news
ftpadm:                ftp
ftpadmin:      ftp
ftp-adm:       ftp
ftp-admin:     ftp
www:           webmaster
webmaster:     root
noc:           root
security:      root
hostmaster:    root
info:          postmaster
marketing:     postmaster
sales:         postmaster
support:       postmaster
Do you think that will cause any problems with the ISPConfig Magic ?
Reply With Quote
  #10  
Old 18th February 2007, 10:55
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,070
Thanks: 826
Thanked 5,396 Times in 4,240 Posts
 
Default

These entries are not from ISPConfig, so you can remove them sfaely and then run the command "newaliases".
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Killing that spam with greylisting using Postfix and Postgrey erk Tips/Tricks/Mods 11 18th June 2008 05:09
FC 6 Perfect Install and Postfix PortMan HOWTO-Related Questions 3 10th January 2007 17:10
LOTS of FTP timeouts (centos 4.4, perfect install, ispconfig) ThE-LyNX Server Operation 10 13th December 2006 20:41
Verify email setup meekish Installation/Configuration 28 27th October 2006 15:36
Mandriva 10.2 Perfect Setup Install Problems... ctroyp Installation/Configuration 12 30th December 2005 16:04


All times are GMT +2. The time now is 04:47.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.