Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 22nd May 2014, 17:01
iceget iceget is offline
Member
 
Join Date: Feb 2008
Posts: 77
Thanks: 2
Thanked 0 Times in 0 Posts
Default mailserver on ispconfig questions

dear community,

i have 3000 Mailboxes on my ispconfig mailserver. now i get on a spamlist. can i find out which user Spams of the Server?

i looked on the logfiles; there are many unknown (not created) mailboxes like asdasdasdf@DOMAIN.com;

my questions:

1. how i can Setup that the mailserver only sends emails with the associated user?
2. how i can Setup that a user can only sends Maximum 100 emails in 15 minutes and otherwise lock the user?

many greets
Reply With Quote
Sponsored Links
  #2  
Old 3rd June 2014, 12:38
iceget iceget is offline
Member
 
Join Date: Feb 2008
Posts: 77
Thanks: 2
Thanked 0 Times in 0 Posts
Default

can anybody help me?

a user (i think Outlook Client) Spams out from the Server with Sparkasse@SERVERHOSTNAME.com.

if i open with postcat the mail, i see the correct authenticated send (which is the correct user).

but how it can be that a user can Spams over the serverdomain?

please help thanks

how i can Auto block users they send from any other e-mailadresses as they have?

Last edited by iceget; 3rd June 2014 at 12:44.
Reply With Quote
  #3  
Old 3rd June 2014, 14:09
srijan srijan is offline
HowtoForge Supporter
 
Join Date: Feb 2014
Location: New Delhi, India
Posts: 933
Thanks: 7
Thanked 134 Times in 128 Posts
Send a message via Skype™ to srijan
Default

Refer the thread
1
2
__________________
Br//
Srijan
Reply With Quote
  #4  
Old 3rd June 2014, 14:12
iceget iceget is offline
Member
 
Join Date: Feb 2008
Posts: 77
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Hello,

thanks for your reply, but that is no solution for me

i only has an mailserver (no webserver is there active).

no maleware was found on the machine (i have already scanned for maleware).

what i shall do?

thanks
Reply With Quote
  #5  
Old 3rd June 2014, 14:20
srijan srijan is offline
HowtoForge Supporter
 
Join Date: Feb 2014
Location: New Delhi, India
Posts: 933
Thanks: 7
Thanked 134 Times in 128 Posts
Send a message via Skype™ to srijan
Default

Deploy fail2ban to stop spamming.
Use link
__________________
Br//
Srijan
Reply With Quote
  #6  
Old 3rd June 2014, 14:49
iceget iceget is offline
Member
 
Join Date: Feb 2008
Posts: 77
Thanks: 2
Thanked 0 Times in 0 Posts
Default

hello,

thanks for your answer.

but my Problem is; the user spams not in realtime (random)).

does it work anyway?

i have added the file Screen.jpg

many thanks!!
Attached Images
 
Reply With Quote
  #7  
Old 3rd June 2014, 14:55
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,791
Thanks: 840
Thanked 5,612 Times in 4,423 Posts
Default

Quote:
if i open with postcat the mail, i see the correct authenticated send (which is the correct user).
Then either someone got the login details of the account over a unencrypted connection or the computer of the user has been hacked. In any case, you will have to change the password of the account to stop the spam.

Quote:
but how it can be that a user can Spams over the serverdomain?
The user may use any sender address, after authentication.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #8  
Old 3rd June 2014, 15:06
iceget iceget is offline
Member
 
Join Date: Feb 2008
Posts: 77
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Hello Till,

thanks for your reply.

can i configure postfix that only the one and only email address can be used for outgoing delivery?

currently the auth. spammer can use any email address...

thanks

Quote:
Originally Posted by till View Post
Then either someone got the login details of the account over a unencrypted connection or the computer of the user has been hacked. In any case, you will have to change the password of the account to stop the spam.



The user may use any sender address, after authentication.
Reply With Quote
  #9  
Old 3rd June 2014, 15:09
iceget iceget is offline
Member
 
Join Date: Feb 2008
Posts: 77
Thanks: 2
Thanked 0 Times in 0 Posts
Default

hey,

can i detect if any authenticated user try sends a mail from another email address so that i can do an Action before we are on a blacklist?
so i mean the postfix option reject_sender_login_mismatch?


i have added reject_sender_login_mismatch to smtpd_sender_restrictions (before check_sender_access) but if i restart postfix, i get this error with each user...

Jun 3 14:34:27 mail01 postfix/smtpd[29615]: NOQUEUE: reject: RCPT from ***: 553 5.7.1 <yy@cc.xx>: Sender address rejected: not owned by user USER@domain; from=<test@microsoft.com> to=<to@email.com> proto=ESMTP helo=<ul.raving.at>


Quote:
Originally Posted by till View Post
Then either someone got the login details of the account over a unencrypted connection or the computer of the user has been hacked. In any case, you will have to change the password of the account to stop the spam.



The user may use any sender address, after authentication.

Last edited by iceget; 3rd June 2014 at 15:42.
Reply With Quote
  #10  
Old 4th June 2014, 10:46
iceget iceget is offline
Member
 
Join Date: Feb 2008
Posts: 77
Thanks: 2
Thanked 0 Times in 0 Posts
 
Default

So i have added the function without any Problems (http://bugtracker.ispconfig.org/inde...s&task_id=3161)

now nobody can send emails with another E-Mail address.

but i have one Problem; if i Forward e-mails from an external (like Exchange online from Microsoft) Mailbox like Office@test.com to an in ispconfig created Mailbox like to test@test.com i get the following error back:

test@test.com
mail01.server.com
Remote Server returned '553 5.7.1 <office@test.com>: Sender address rejected: not logged in'

can anybody help me?

thanks

Quote:
Originally Posted by iceget View Post
hey,

can i detect if any authenticated user try sends a mail from another email address so that i can do an Action before we are on a blacklist?
so i mean the postfix option reject_sender_login_mismatch?


i have added reject_sender_login_mismatch to smtpd_sender_restrictions (before check_sender_access) but if i restart postfix, i get this error with each user...

Jun 3 14:34:27 mail01 postfix/smtpd[29615]: NOQUEUE: reject: RCPT from ***: 553 5.7.1 <yy@cc.xx>: Sender address rejected: not owned by user USER@domain; from=<test@microsoft.com> to=<to@email.com> proto=ESMTP helo=<ul.raving.at>
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem access ispconfig url wearth General 1 30th May 2013 14:50
Domain creation problem - OpenVZ DKLeader Installation/Configuration 11 27th October 2012 00:04
ISPConfig Spam before relaying to other mailserver ferryvdijk General 1 26th September 2012 11:01
Disappearing emails ispconfig 2 / postfix DrJohn General 2 14th May 2010 18:21
SP-Server Setup - Ubuntu 5.10 "Breezy Badger" - Page 6 (changes) LuisC-SM HOWTO-Related Questions 0 21st April 2006 16:16


All times are GMT +2. The time now is 11:42.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.