#1  
Old 31st October 2006, 03:51
lyndros lyndros is offline
Senior Member
 
Join Date: Mar 2006
Location: Granada
Posts: 130
Thanks: 5
Thanked 3 Times in 2 Posts
Default using my server for spamming?

hi all, i have notice this mail logs:whats that?

Oct 31 01:21:58 server1 postfix/smtp[31508]: 363B03326D0: to=<nnatbcmejjm@blacks
tockphotos.com>, relay=mailserver.blackstockphotos.com[213.171.216.65], delay=2,
status=bounced (host mailserver.blackstockphotos.com[213.171.216.65] said: 552

Oct 31 00:23:51 server1 postfix/smtp[29728]: 754183326CE: to=<edu@sexyadultworld
.com>, relay=sexyadultworld.com[62.141.48.86], delay=2, status=sent (250 Data re
ceived OK.)

they connect without auth? formmail probably? how can i know if this is from formmail?

thks in advanced
Reply With Quote
Sponsored Links
  #2  
Old 31st October 2006, 09:03
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,483
Thanks: 813
Thanked 5,255 Times in 4,121 Posts
Default

1) Test that your server is not a open relay:

http://www.abuse.net/relay.html

2) If you have a insecure mail form on your server, there is no authentication needed for sending mails trough this form as the origin of the mails is localhost and localhost is a thrusted domain that dont need to authenticate.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 1st November 2006, 16:38
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

Also, what's the output of
Code:
postconf -d|grep mynetworks
and
Code:
postconf -n|grep mynetworks
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #4  
Old 1st November 2006, 21:32
nvn nvn is offline
Member
 
Join Date: Apr 2006
Posts: 46
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi

I have the same problem...

My mailserver is working like hell sending mails..

web1:~ # postconf -d|grep mynetworks
mynetworks = 127.0.0.0/8 192.168.1.0/24
mynetworks_style = subnet
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,perm it_mx_backup_networks,qmqpd_authorized_clients,rel ay_domains,smtpd_access_maps
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetw orks}
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
web1:~ # postconf -n|grep mynetworks
mynetworks_style = subnet
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination
Reply With Quote
  #5  
Old 2nd November 2006, 08:55
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,483
Thanks: 813
Thanked 5,255 Times in 4,121 Posts
Default

Quote:
Originally Posted by nvn
Hi

I have the same problem...

My mailserver is working like hell sending mails..

web1:~ # postconf -d|grep mynetworks
mynetworks = 127.0.0.0/8 192.168.1.0/24
mynetworks_style = subnet
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,perm it_mx_backup_networks,qmqpd_authorized_clients,rel ay_domains,smtpd_access_maps
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetw orks}
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
web1:~ # postconf -n|grep mynetworks
mynetworks_style = subnet
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination
The settings are fine so far. The way to find the origin of the mails is to inspect them with postcat as I described in your other thread:

http://www.howtoforge.com/forums/sho...hlight=postcat

I guess you checked the the spam is not send from your local network "192.168.1.0/24"
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 3rd November 2006, 18:12
lyndros lyndros is offline
Senior Member
 
Join Date: Mar 2006
Location: Granada
Posts: 130
Thanks: 5
Thanked 3 Times in 2 Posts
Default

Quote:
Originally Posted by falko
Also, what's the output of
Code:
postconf -d|grep mynetworks
and
Code:
postconf -n|grep mynetworks
?
This is my output: postconf -d | grep mynetworks

mynetworks = 127.0.0.0/8 192.168.1.0/24
mynetworks_style = subnet
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,perm it_mx_backup_networks,qmqpd_authorized_clients,rel ay_domains,smtpd_access_maps
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetw orks}
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination

postconf -n | grep mynetworks

mynetworks = 127.0.0.0/8
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination

i've checked the server and is not open relay ...

any help would be much appreciated

thks in advanced
Reply With Quote
  #7  
Old 4th November 2006, 16:51
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
 
Default

Quote:
Originally Posted by lyndros
postconf -n | grep mynetworks

mynetworks = 127.0.0.0/8
That's the right setting, so your mail server is no open relay. So I guess Till is right:

Quote:
2) If you have a insecure mail form on your server, there is no authentication needed for sending mails trough this form as the origin of the mails is localhost and localhost is a thrusted domain that dont need to authenticate.
Check your web applications for email forms, guest books, etc. that send emails. Probably a weakness in one of those scripts is used by spammers...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
php Apps email not going through palkat General 8 21st September 2011 05:35
Statistic not working mzo Installation/Configuration 49 20th April 2011 12:19
Setting up a backup mail server setup with two installations of ISPConfig zitch Tips/Tricks/Mods 7 30th December 2006 10:07
Email - Ueb-Miau mazhar Installation/Configuration 5 21st December 2005 10:01
The Perfect Setup Suse 9.3 - Postfix problems new_bee05 HOWTO-Related Questions 20 25th November 2005 02:30


All times are GMT +2. The time now is 09:47.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.