Undelivered Mail Returned to Sender

[clucian]

To remove your ip from SORBS-SPAM request that your ISP to request to remove from this blacklist.
Or request to change your ISP to change your IP.

Be sure to DROP your port 25 in firewall chain FORWARD.

iptables -A FORWARD -p tcp --dport -j DROP

[djmixx07]

Quote:

Originally Posted by clucian

To remove your ip from SORBS-SPAM request that your ISP to request to remove from this blacklist.
Or request to change your ISP to change your IP.

Be sure to DROP your port 25 in firewall chain FORWARD.

iptables -A FORWARD -p tcp --dport -j DROP

Should I change my IP first before I do "iptables -A FORWARD -p tcp --dport -j DROP"? And can I ask what does this code do and what importance does it serve? According to SORBS-SPAM they will not remove me from the list unless I pay a "donation". Thanks for the reply.

[clucian]

I had an IP blacklist the Sorbs, and solutions was to request the ISP to do that, and solve the problem.

This rule in firewall is a MUST (my opinion) on mail server:
iptables -A FORWARD -p tcp --dport -j DROP

If the mail server is behind a network, and a computer is virus spam trafic on port 25. I'll have problems with blacklist spam.

For more info read this: block port 25

[Mark_NL]

Code:

iptables -A FORWARD -p tcp --dport 25 -j DROP

you mean? ;-)

[djmixx07]

Is this applicable for me? because the ISP only provides us DNS, and all the rest is here in our in-house servers. And I'm using a public IP.

And I'm figuring maybe even if I change or request a new IP, it will be solved for the meantime but sooner or later it may be blacklisted again. Because just recently Gmail refused connections from my IP, meaning there's still wrong and my configuration isn't still fixed. I don't know if there's still missing or wrong with my posfix main.cf or any other configuration that's still causing or allowing this to happen. I need to track down which is causing my IP to be blacklisted.

Is there a possibility that one of our user's computer has a virus that makes their email client send spam -- therefore makes us blacklisted? But if so, it would impossible and difficult to check/scan all their computers one by one. And so if my assumption is true, how can I filter outgoing mail from spam? How would I know which users are sending spam and how can I stop it?

Like I said, it's just an assumption..if I'm wrong, pls suggest other causes and solutions. Thanks so much.

Here's my main.cf

Code:

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mail.mydomain.com
mydomain = mydomain.com
myorigin = $mydomain
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = /etc/postfix/local-host-names
relayhost = 
home_mailbox =
mynetworks = 127.0.0.0/8, 124.6.144.0/29
mailbox_command = 
mailbox_size_limit = 0
message_size_limit = 104857600
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_sasl_local_domain = 
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination, reject_invalid_hostname, reject_non_fqdn_hostname, reject_rbl_client zen.spamhaus.org, reject_rhsbl_sender dsn.fc-ignorant.org, check_policy_service inet:127.0.0.1:60000, permit
soft_bounce = yes
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
virtual_maps = hash:/etc/postfix/virtusertable
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_data_restrictions = reject_unauth_pipelining, reject_multi_recipient_bounce, permit
smtpd_helo_restrictions = permit_mynetworks, reject_unknown_helo_hostname, permit
smtpd_sender_restrictions = reject_unknown_address, reject_unknown_sender_domain
maximal_queue_lifetime = 1d
delay_warning_time = 0h
smtpd_helo_required = yes
disable_vrfy_command = yes
smtpd_reject_unlisted_recipient = yes
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

Thanks again

[Mark_NL]

Well, you've been looking at firewall rules, dns stuff, block lists and i see you have dkim-filter installed ..

i'd suggest you take a few steps back and start with a clean postfix install and work your way up from there again.

[djmixx07]

Quote:

Originally Posted by Mark_NL

Well, you've been looking at firewall rules, dns stuff, block lists and i see you have dkim-filter installed ..

i'd suggest you take a few steps back and start with a clean postfix install and work your way up from there again.

What? install everything again?? Why? Which are the things I should install again besides postfix?

[Mark_NL]

Why, because you're kind of stuck and i doubt you actually know what you're doing ;-)

I've learned all this by just .. install .. config .. mess up .. reinstall.. rinse and repeat ;-)

Setting up postfix with (virt)users/domains etc etc should take up to 30mins to set up and test.

Ow and looking at your config files, i also noticed you installed greylisten (port 60000? ;-)

I'm running multiple mailservers that get more that 500k+ mails each day, try adding these rbl checks in your main.cf

Code:

smtpd_recipient_restrictions = 
 permit_sasl_authenticated,
 permit_mynetworks,
 reject_unauth_destination
 reject_invalid_hostname,
 reject_rbl_client virbl.dnsnl.bit.nl,
 reject_rbl_client cbl.abuseat.org,
 reject_rbl_client bl.spamcop.net,
 reject_rbl_client sbl-xbl.spamhaus.org

[djmixx07]

Yes that's correct I'm already lost and I don't know what I'm doing anymore LOL.. My only basis are the stuff I read online..It's been a total crash course for me. That's why I'm very anxious about doing it all over again. But I really want to learn this. About the greylist, I got this from of the tutorials here..isn't it supposed to be 60000? Sorry..What number should I put there? Thanks for the tips, you've been helpful.

[Mark_NL]

Well from my understanding, you want to set up a mailserver .. using ispconfig3 would make your life easier with handling users/groups etc etc ..

so i suggest you follow this tutorial:
http://www.howtoforge.org/perfect-se...nny-ispconfig3

gl!