postfix how do i stop this

Discussion in 'Installation/Configuration' started by Jshel, Mar 31, 2007.

  1. Jshel

    Jshel New Member

    Mar 30 13:36:19 server dovecot: POP3(joe): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Mar 30 13:36:45 server postfix/smtp[19866]: connect to grudf.com[64.20.43.107]: Connection timed out (port 25)
    Mar 30 13:37:15 server postfix/smtp[19866]: connect to grudf.com[66.45.237.187]: Connection timed out (port 25)
    Mar 30 13:37:15 server postfix/smtp[19866]: A63407F6D7: to=<[email protected]>, relay=none, delay=37856, delays=37766/0.04/90/0, dsn=4.4.1, status=deferred (connect to grudf.com[66.45.237.187]: Connection timed out)
    what is this and where is it coming from also i looks like someone has tried to attack my mail server with a dictionary attack is there any way of stoping this stuff, thank you
    JShel
     
  2. falko

    falko Super Moderator ISPConfig Developer

    So this means you're not sending emails to grudf.com yourself?

    Please check your mail log and your mail queue (
    Code:
    postqueue -p
    ) if you see lots of spam mails.
    Also check that SMTP-AUTH is working and noone can send emails to external accoutns without authentication.
    And finally take a look at http://www.mxtoolbox.com/blacklists.aspx to find out if your server is blacklisted.
     
  3. Jshel

    Jshel New Member

    I am on a few blacklists due to my ISP and the reverse DNS. I'm expecting this tell they get there butts in gear and change somethings but I'm not realy shur how to check smtp-auth other than telnet to port 25 and ehlo localhost and it is there
    250-STARTTLS
    250-AUTH PLAIN LOGIN
    250-AUTH=PLAIN LOGIN
    along with a few others of course, who else should i check it? thank your again
    JShel
     
  4. falko

    falko Super Moderator ISPConfig Developer

    Looks ok. SMTP-AUTH is working.
    What about my other suggestions? Also, what's the value of mynetworks in /etc/postfix/main.cf?
     
  5. Jshel

    Jshel New Member

    mynetworks = 192.168.1.0/24 127.0.0.0/8
    only LAN and local NO WAN
    also I did try your other suggestions I looked at the blacklist but there is nothing I can do tell my ISP clears my IP. but still how is this spam coming through i check my maillog today and yet still more.
    JShel
     
  6. falko

    falko Super Moderator ISPConfig Developer

    Please try
    Code:
    postconf -e 'mynetworks = 127.0.0.0/8'
    /etc/init.d/postfix restart
    Maybe someone from your LAN was abusing your mail server?
     
  7. Jshel

    Jshel New Member

    I wish it was the case of someone on the inside but while i'm bringing this server up I'm the only one on it and the only account. I don't know about you but i'm out of ideas and i just don't know how to stop it.
    JShel
     
  8. falko

    falko Super Moderator ISPConfig Developer

    Another possibility to abuse a server is through web forms (contact forms, guestbooks, etc.) that aren't programmed very well. Bots can abuse them to send spam.
     
  9. Jshel

    Jshel New Member

    Thank you for all your help and suggestions I'm going to remove postfix and reinstall mabye there some hole from an options i did (i don't know) I'm also thinking about trying qmail, but thanks again you guys have been great
    JShel
     

Share This Page