Server Ip Address blocked for Spam...Please help me!

Discussion in 'Installation/Configuration' started by emanuelebruno, Dec 12, 2013.

  1. emanuelebruno

    emanuelebruno Member

    Hi to all,
    I use ISPConfig from many years. I have a installation. 2 weeks ago my ISP blocked my ip address 25 smpt port for spam... So I had to move my server to another Ip address and I have changed all email account password because I was scared that somebody had used them to spam without authorization...

    Today, looking to some logs I have read something strange:

    Dec 12 01:39:00 server1 postfix/pickup[18194]: 75D0F361204F: uid=5045 from=<[email protected]>
    Dec 12 01:39:00 server1 postfix/cleanup[21629]: 75D0F361204F: message-id=<[email protected]>
    Dec 12 01:39:00 server1 postfix/qmgr[3816]: 75D0F361204F: from=<[email protected]>, size=1212, nrcpt=1 (queue active)
    Dec 12 01:39:05 server1 postfix/smtpd[21676]: connect from localhost[]
    Dec 12 01:39:05 server1 postfix/smtpd[21676]: 500303612057: client=localhost[]
    Dec 12 01:39:05 server1 postfix/cleanup[21629]: 500303612057: message-id=<[email protected]>
    Dec 12 01:39:05 server1 postfix/smtpd[21676]: disconnect from localhost[]
    Dec 12 01:39:05 server1 postfix/qmgr[3816]: 500303612057: from=<[email protected]>, size=1732, nrcpt=1 (queue active)
    Dec 12 01:39:05 server1 amavis[29901]: (29901-13) Passed CLEAN, <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: tX9YG7IOCRit, Hits: 0.411, size: 1211, queued_as: 500303612057, 4837 ms
    Dec 12 01:39:05 server1 postfix/smtp[21633]: 75D0F361204F: to=<[email protected]>, relay=[]:10024, delay=4.9, delays=0.04/0/0/4.8, dsn=2.0.0, status=sent (250 2.0.0 from MTA([]:10025): 250 2.0.0 Ok: queued as 500303612057)
    Dec 12 01:39:05 server1 postfix/qmgr[3816]: 75D0F361204F: removed
    Dec 12 01:39:09 server1 postfix/smtp[21678]: 500303612057: to=<[email protected]>,[]:25, delay=4.6, delays=0.01/0.01/4.2/0.45, dsn=2.0.0, status=sent (250 OK id=1VqrUr-0002Cd-Oh)
    Dec 12 01:39:09 server1 postfix/qmgr[3816]: 500303612057: removed
    *** is a hosted website that at now it is abandoned by his customer.
    taking a look in to joomla administration panel I discovered that a suspicious guest is registered in that web site and he sent some emails from that.
    How can I avoid to send email from joomla or any other CMS without using SMTP AUTHENTICATION? If you look to the attachment you'll see that at now anybody can send email anonymously.

    Can you help?

    THIS IS A COPY OF /etc/postfix/
    # See /usr/share/postfix/ for a commented, more complete version

    # Debian specific: Specifying a file name will cause the first
    # line of that file to be used as the name. The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname

    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no

    # appending .domain is the MUA's job.
    append_dot_mydomain = no

    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h

    readme_directory = /usr/share/doc/postfix

    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.

    myhostname =
    alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    myorigin = /etc/mailname
    mydestination =, localhost, localhost.localdomain
    relayhost =
    mynetworks = [::1]/128
    mailbox_command = procmail -a "$EXTENSION"
    mailbox_size_limit = 0
    message_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains =
    virtual_alias_maps = proxy:mysql:/etc/postfix/, proxy:mysql:/etc/postfix/, hash:/var/lib/mailman/data/virtual-mailman
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    inet_protocols = all
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/, reject_unauth_destination
    smtpd_tls_security_level = may
    transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/
    relay_domains = mysql:/etc/postfix/
    relay_recipient_maps = mysql:/etc/postfix/
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/
    smtpd_client_message_rate_limit = 100
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = dovecot
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    owner_request_special = no
    dovecot_destination_recipient_limit = 1
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    content_filter = amavis:[]:10024
    receive_override_options = no_address_mappings

    Attached Files:

    Last edited: Dec 13, 2013
  2. emanuelebruno

    emanuelebruno Member

    according to I can disable phpmail function modifing the php.ini file in this way:

    disabled_functions = mail

    doing in this way, my customers are forced to send mail from SMTP server or they can send mail from their web site in another way?

    I'd like that they can send their newsletter only with SMTP authentication (even from their CMS)...

    Is it possible?
  3. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    There are several ways to send mail.
    If you cannot use the "mail" function you can call "sendmail" directly via exec, shell_exec and so on.
    If this is forbidden, too, you can use fsockopen on port 25 (or whatever the local mail server listens on).
    If your mail server is on a different physical server you could disable the postfix daemon on your web server completely.
    Keep in mind that if you forbid the mail function with disable_functions you will render some of the wide-spread cms useless.
    Wordpress is not able to use smtp without plugin and lot's of web software may throw php errors and stop working if mail function is not existing.
  4. emanuelebruno

    emanuelebruno Member

    Thank you for your reply: I'm asking if there is a way to "disable" the "Auth SMTP NO" option because at now any customer that install a CMS can sends email without "SMTP ACCOUNT AUTHENTICATION"...

    I hope I was clear this time
  5. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    I understood what you meant before ;)

    I just wanted to make clear that this will not be possible without blocking mails from several cms completely.
    If you disable unauthenticated mail sending even from the local host, mails that are sent through php mail function etc. are silently bounced and your customers won't even recognize it.
    And, as I said, multiple cms do not offer smtp authed mail sending without extra plugins.
  6. emanuelebruno

    emanuelebruno Member

    Sorry but trying to do that from php settings it doesn't work:

    Attached Files:

  7. emanuelebruno

    emanuelebruno Member

  8. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    It is disable_functions and not disabled_functions.
  9. emanuelebruno

    emanuelebruno Member

    Thank you very much! It works :)

    Now I have to disable "sendmail" ...

    According to it could be disable the "sendmail service" from startup, but I suppose that I have to remove the service "completely" according to this other post ... this procedure is safe for ispconfig ?

    I use roundcube for my customers and if I disable or remove "sendmail service" I suppose that roundcube will not be able to send emails anymore...

    Is it possible to tell roundcube to use postfix or "disable sendmail" is not a good solution?
    Last edited: Dec 15, 2013
  10. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    You could configure roundcube to use smtp during configuration.

    I don't know if removing/disabling sendmail completely will break something else on your server. But I believe it could as sendmail is used for lots of services to send mail.
  11. emanuelebruno

    emanuelebruno Member

    I have done it, but disabling sendmail, roundcube isn't able to send email anymore... it would be great if I can disable sendmail only for "clients-part" (websites only...)

    I have written another post to continue this argument :
    Last edited: Dec 17, 2013

Share This Page