Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 12th December 2013, 08:01
emanuelebruno emanuelebruno is offline
Junior Member
 
Join Date: Mar 2013
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default Server Ip Address blocked for Spam...Please help me!

Hi to all,
I use ISPConfig from many years. I have a 3.0.5.2 installation. 2 weeks ago my ISP blocked my ip address 25 smpt port for spam... So I had to move my server to another Ip address and I have changed all email account password because I was scared that somebody had used them to spam without authorization...

Today, looking to some logs I have read something strange:

***
Dec 12 01:39:00 server1 postfix/pickup[18194]: 75D0F361204F: uid=5045 from=<emanuelebruno@gmail.com>
Dec 12 01:39:00 server1 postfix/cleanup[21629]: 75D0F361204F: message-id=<7d0db88299a185197009a2680b46f502@mineofduty.it >
Dec 12 01:39:00 server1 postfix/qmgr[3816]: 75D0F361204F: from=<emanuelebruno@gmail.com>, size=1212, nrcpt=1 (queue active)
Dec 12 01:39:05 server1 postfix/smtpd[21676]: connect from localhost[127.0.0.1]
Dec 12 01:39:05 server1 postfix/smtpd[21676]: 500303612057: client=localhost[127.0.0.1]
Dec 12 01:39:05 server1 postfix/cleanup[21629]: 500303612057: message-id=<7d0db88299a185197009a2680b46f502@mineofduty.it >
Dec 12 01:39:05 server1 postfix/smtpd[21676]: disconnect from localhost[127.0.0.1]
Dec 12 01:39:05 server1 postfix/qmgr[3816]: 500303612057: from=<emanuelebruno@gmail.com>, size=1732, nrcpt=1 (queue active)
Dec 12 01:39:05 server1 amavis[29901]: (29901-13) Passed CLEAN, <emanuelebruno@gmail.com> -> <jonnydorn8719@mail.porevoonline.net>, Message-ID: <7d0db88299a185197009a2680b46f502@mineofduty.it> , mail_id: tX9YG7IOCRit, Hits: 0.411, size: 1211, queued_as: 500303612057, 4837 ms
Dec 12 01:39:05 server1 postfix/smtp[21633]: 75D0F361204F: to=<jonnydorn8719@mail.porevoonline.net>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.9, delays=0.04/0/0/4.8, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 500303612057)
Dec 12 01:39:05 server1 postfix/qmgr[3816]: 75D0F361204F: removed
Dec 12 01:39:09 server1 postfix/smtp[21678]: 500303612057: to=<jonnydorn8719@mail.porevoonline.net>, relay=mail.porevoonline.net[176.99.6.113]:25, delay=4.6, delays=0.01/0.01/4.2/0.45, dsn=2.0.0, status=sent (250 OK id=1VqrUr-0002Cd-Oh)
Dec 12 01:39:09 server1 postfix/qmgr[3816]: 500303612057: removed
***
mineofduty.it is a hosted website that at now it is abandoned by his customer.
taking a look in to joomla administration panel I discovered that a suspicious guest is registered in that web site and he sent some emails from that.
How can I avoid to send email from joomla or any other CMS without using SMTP AUTHENTICATION? If you look to the attachment you'll see that at now anybody can send email anonymously.

Can you help?

THIS IS A COPY OF /etc/postfix/main.cf
***
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = server1.XXXXXXXXXX.it
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
myorigin = /etc/mailname
mydestination = server1.XXXXXXXXXX.it, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
message_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf, hash:/var/lib/mailman/data/virtual-mailman
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /var/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
inet_protocols = all
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
smtpd_tls_security_level = may
transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
smtpd_client_message_rate_limit = 100
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
virtual_transport = dovecot
header_checks = regexp:/etc/postfix/header_checks
mime_header_checks = regexp:/etc/postfix/mime_header_checks
nested_header_checks = regexp:/etc/postfix/nested_header_checks
body_checks = regexp:/etc/postfix/body_checks
owner_request_special = no
dovecot_destination_recipient_limit = 1
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
Attached Images
  

Last edited by emanuelebruno; 13th December 2013 at 20:08.
Reply With Quote
Sponsored Links
  #2  
Old 13th December 2013, 14:38
emanuelebruno emanuelebruno is offline
Junior Member
 
Join Date: Mar 2013
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Exclamation

according to http://www.webhostingtalk.com/showthread.php?t=758198 I can disable phpmail function modifing the php.ini file in this way:

disabled_functions = mail

doing in this way, my customers are forced to send mail from SMTP server or they can send mail from their web site in another way?

I'd like that they can send their newsletter only with SMTP authentication (even from their CMS)...

Is it possible?
Reply With Quote
  #3  
Old 13th December 2013, 14:47
Croydon Croydon is offline
ISPConfig Developer
 
Join Date: Jul 2007
Location: Koblenz, Germany
Posts: 756
Thanks: 15
Thanked 215 Times in 166 Posts
Default

There are several ways to send mail.
If you cannot use the "mail" function you can call "sendmail" directly via exec, shell_exec and so on.
If this is forbidden, too, you can use fsockopen on port 25 (or whatever the local mail server listens on).
If your mail server is on a different physical server you could disable the postfix daemon on your web server completely.
Keep in mind that if you forbid the mail function with disable_functions you will render some of the wide-spread cms useless.
Wordpress is not able to use smtp without plugin and lot's of web software may throw php errors and stop working if mail function is not existing.
__________________
Marius Cramer

pixcept KG
Reply With Quote
  #4  
Old 13th December 2013, 17:27
emanuelebruno emanuelebruno is offline
Junior Member
 
Join Date: Mar 2013
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by Croydon View Post
[...]Keep in mind that if you forbid the mail function with disable_functions you will render some of the wide-spread cms useless[...]
Thank you for your reply: I'm asking if there is a way to "disable" the "Auth SMTP NO" option because at now any customer that install a CMS can sends email without "SMTP ACCOUNT AUTHENTICATION"...

I hope I was clear this time
Reply With Quote
  #5  
Old 13th December 2013, 17:35
Croydon Croydon is offline
ISPConfig Developer
 
Join Date: Jul 2007
Location: Koblenz, Germany
Posts: 756
Thanks: 15
Thanked 215 Times in 166 Posts
Default

I understood what you meant before

I just wanted to make clear that this will not be possible without blocking mails from several cms completely.
If you disable unauthenticated mail sending even from the local host, mails that are sent through php mail function etc. are silently bounced and your customers won't even recognize it.
And, as I said, multiple cms do not offer smtp authed mail sending without extra plugins.
__________________
Marius Cramer

pixcept KG
Reply With Quote
  #6  
Old 13th December 2013, 20:13
emanuelebruno emanuelebruno is offline
Junior Member
 
Join Date: Mar 2013
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by Croydon View Post
[...]If you disable unauthenticated mail sending even from the local host[...]
Sorry but trying to do that from php settings it doesn't work:
Attached Images
 
Reply With Quote
  #7  
Old 13th December 2013, 20:17
emanuelebruno emanuelebruno is offline
Junior Member
 
Join Date: Mar 2013
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

According to this post http://www.howtoforge.com/forums/showthread.php?t=53828 I could try to remove the following line-code from this file /etc/postfix/main.cf :

mynetworks = 127.0.0.0/8 [::1]/128

Is it correct? I'm scared that something will go bad.
Reply With Quote
  #8  
Old 14th December 2013, 10:20
Croydon Croydon is offline
ISPConfig Developer
 
Join Date: Jul 2007
Location: Koblenz, Germany
Posts: 756
Thanks: 15
Thanked 215 Times in 166 Posts
Default

Quote:
Originally Posted by emanuelebruno View Post
Sorry but trying to do that from php settings it doesn't work:
It is disable_functions and not disabled_functions.
__________________
Marius Cramer

pixcept KG
Reply With Quote
  #9  
Old 14th December 2013, 12:07
emanuelebruno emanuelebruno is offline
Junior Member
 
Join Date: Mar 2013
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by Croydon View Post
It is disable_functions and not disabled_functions.
Thank you very much! It works

Now I have to disable "sendmail" ...

According to http://serverfault.com/questions/820...g-up-in-ubuntu it could be disable the "sendmail service" from startup, but I suppose that I have to remove the service "completely" according to this other post http://forum.i-mscp.net/Thread-HOWTO...ail-completely ... this procedure is safe for ispconfig ?

I use roundcube for my customers and if I disable or remove "sendmail service" I suppose that roundcube will not be able to send emails anymore...

Is it possible to tell roundcube to use postfix or "disable sendmail" is not a good solution?

Last edited by emanuelebruno; 15th December 2013 at 10:29.
Reply With Quote
  #10  
Old 16th December 2013, 08:56
Croydon Croydon is offline
ISPConfig Developer
 
Join Date: Jul 2007
Location: Koblenz, Germany
Posts: 756
Thanks: 15
Thanked 215 Times in 166 Posts
 
Default

You could configure roundcube to use smtp during configuration.

I don't know if removing/disabling sendmail completely will break something else on your server. But I believe it could as sendmail is used for lots of services to send mail.
__________________
Marius Cramer

pixcept KG
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig3 mail doesn't work Marr General 6 1st September 2010 09:32
Can't Ping over VPN RoMiONeT Server Operation 2 4th July 2010 00:19
Debian 5 Ajax error + network interface always shutting down ev0css Installation/Configuration 3 5th June 2010 12:58
subdomain and mail relay configuration aranthorn Installation/Configuration 24 3rd September 2007 22:53
Problems with Postfix Mysql Courier PatrickAdrichem Installation/Configuration 3 13th April 2007 15:44


All times are GMT +2. The time now is 09:03.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.