Hi, I've been getting THOUSANDS of emails that says "Undelivered Mail Returned to Sender". Last weekend I got like 24k+ of mails of these things. Most of them has nothing inside it when I open it, it doesn't even have details on it's subject headers. I tried to do some research for prevention of spam emails for my Postfix's main.cf, but I still get these emails. Besides this, I also get emails mostly from a brazilian domain..some of them always mention "Bradesco" which I don't know what that is. And one last weird thing that happens to my mailbox..when I try to send a test mail to my email, I receive it and it seems to look normal in my inbox.. but when I open it, it's a whole different email which isn't the one I sent to myself. My mailq also has been always filled with tons of these mails that delays receiving/sending of "real" emails aswell.. I hope you guys can help me on this..it's been a month and it's driving me crazy. I'm kindof a novice when it comes to this, but I'm willing to learn. My email has catchAll enabled because it's a 'postmaster' account. Thanks in advance. Here's my main.cf Code: myhostname = mail.mydomain.ph alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = $mydomain mydestination = /etc/postfix/local-host-names relayhost = home_mailbox = mynetworks = 127.0.0.0/8, 124.6.144.0/29 mailbox_command = mailbox_size_limit = 0 message_size_limit = 104857600 recipient_delimiter = + inet_interfaces = all inet_protocols = all smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, reject_non_fqdn_hostname, reject_rbl_client zen.spamhaus.org, reject_rbl_client multihop.dsbl.org, reject_rhsbl_sender dsn.fc-ignorant.org, check_policy_service inet:127.0.0.1:60000, permit smtpd_tls_auth_only = no smtp_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom virtual_maps = hash:/etc/postfix/virtusertable #virtual_alias_maps = hash:/etc/postfix/virtual mydomain = immigration.gov.ph smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_data_restrictions = reject_unauth_pipelining, reject_multi_recipient_bounce, permit smtpd_helo_restrictions = reject_unknown_helo_hostname smtpd_sender_restrictions = reject_unknown_address, reject_unknown_sender_domain maximal_queue_lifetime = 1d delay_warning_time = 0h smtpd_helo_required = yes disable_vrfy_command = yes Kindly, DJ Delos Santos
What type of auth do you use ? In your main.cf don't see this line: Code: smtpd_client_restrictions = check_client_access hash:/etc/postfix/access, permit_mynetworks, permit_sasl_authenticated, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org
I have a quite long "smtpd_client_restrictions" line. Did you mean "check_client_access hash:/etc/postfix/access"? What does it do? I don't have a folder named "access" inside postfix, is that ok? Thanks for the response.
check_client_access hash:/etc/postfix/access -- this option is used if you want to ban some ip or domain, insert one line like this in /etc/postfix/access 89.89.89.89 REJECT 84.84.84.84 OK if some ip is blacklisted and you want to accept mail from this ip. See this link http://www.postfix.com/RESTRICTION_CLASS_README.html Can you paste some logs ?
Im sorry for being too novice about this, just to make it clearer for me. ..this is for me to block the .br domains that keep sending me stuff, right? Is /etc/postfix/access a file I can write on? I don't seem to have that under my /etc/postfix/ folder. Anyway here's my mail.log after I put check_client_access hash:/etc/postfix/access.. Code: May 28 14:47:43 mail postfix/master[16730]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling May 28 14:48:43 mail postfix/smtpd[21373]: warning: database /etc/postfix/virtusertable.db is older than source file /etc/postfix/virtusertable May 28 14:48:43 mail postfix/smtpd[21373]: fatal: open database /etc/postfix/access.db: No such file or directory May 28 14:48:44 mail postfix/master[16730]: warning: process /usr/lib/postfix/smtpd pid 21373 exit status 1 May 28 14:48:44 mail postfix/master[16730]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling May 28 14:49:44 mail postfix/smtpd[21388]: warning: database /etc/postfix/virtusertable.db is older than source file /etc/postfix/virtusertable May 28 14:49:44 mail postfix/smtpd[21388]: fatal: open database /etc/postfix/access.db: No such file or directory May 28 14:49:45 mail postfix/master[16730]: warning: process /usr/lib/postfix/smtpd pid 21388 exit status 1 May 28 14:49:45 mail postfix/master[16730]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling May 28 14:50:45 mail postfix/smtpd[21403]: warning: database /etc/postfix/virtusertable.db is older than source file /etc/postfix/virtusertable May 28 14:50:45 mail postfix/smtpd[21403]: fatal: open database /etc/postfix/access.db: No such file or directory May 28 14:50:46 mail postfix/master[16730]: warning: process /usr/lib/postfix/smtpd pid 21403 exit status 1 May 28 14:50:46 mail postfix/master[16730]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling May 28 14:51:46 mail postfix/smtpd[21433]: warning: database /etc/postfix/virtusertable.db is older than source file /etc/postfix/virtusertable May 28 14:51:46 mail postfix/smtpd[21433]: fatal: open database /etc/postfix/access.db: No such file or directory May 28 14:51:47 mail postfix/master[16730]: warning: process /usr/lib/postfix/smtpd pid 21433 exit status 1 May 28 14:51:47 mail postfix/master[16730]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling May 28 14:52:47 mail postfix/smtpd[21448]: warning: database /etc/postfix/virtusertable.db is older than source file /etc/postfix/virtusertable May 28 14:52:47 mail postfix/smtpd[21448]: fatal: open database /etc/postfix/access.db: No such file or directory May 28 14:52:48 mail postfix/master[16730]: warning: process /usr/lib/postfix/smtpd pid 21448 exit status 1 May 28 14:52:48 mail postfix/master[16730]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling May 28 14:53:48 mail postfix/smtpd[21465]: warning: database /etc/postfix/virtusertable.db is older than source file /etc/postfix/virtusertable May 28 14:53:48 mail postfix/smtpd[21465]: fatal: open database /etc/postfix/access.db: No such file or directory May 28 14:53:49 mail postfix/master[16730]: warning: process /usr/lib/postfix/smtpd pid 21465 exit status 1 May 28 14:53:49 mail postfix/master[16730]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling May 28 14:54:49 mail postfix/smtpd[21487]: warning: database /etc/postfix/virtusertable.db is older than source file /etc/postfix/virtusertable May 28 14:54:49 mail postfix/smtpd[21487]: fatal: open database /etc/postfix/access.db: No such file or directory May 28 14:54:50 mail pop3d: Connection, ip=[::ffff:119.111.72.126] May 28 14:54:50 mail postfix/master[16730]: warning: process /usr/lib/postfix/smtpd pid 21487 exit status 1 May 28 14:54:50 mail postfix/master[16730]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling May 28 14:54:52 mail pop3d: LOGIN, user=web1_binoc, ip=[::ffff:119.111.72.126], port=[5022] May 28 14:54:55 mail pop3d: LOGOUT, user=web1_binoc, ip=[::ffff:119.111.72.126], port=[5022], top=0, retr=0, rcvd=24, sent=2999, time=3 May 28 14:55:50 mail postfix/smtpd[21505]: warning: database /etc/postfix/virtusertable.db is older than source file /etc/postfix/virtusertable May 28 14:55:50 mail postfix/smtpd[21505]: fatal: open database /etc/postfix/access.db: No such file or directory May 28 14:55:51 mail postfix/master[16730]: warning: process /usr/lib/postfix/smtpd pid 21505 exit status 1 May 28 14:55:51 mail postfix/master[16730]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling May 28 14:56:35 mail pop3d: Connection, ip=[::ffff:203.177.28.67] May 28 14:56:35 mail pop3d: Connection, ip=[::ffff:203.177.28.67] May 28 14:56:35 mail pop3d: LOGIN, user=web1_postmaster, ip=[::ffff:203.177.28.67], port=[46410] May 28 14:56:35 mail pop3d: LOGIN, user=web1_anarciso, ip=[::ffff:203.177.28.67], port=[46411] May 28 14:56:35 mail pop3d: LOGOUT, user=web1_anarciso, ip=[::ffff:203.177.28.67], port=[46411], top=0, retr=0, rcvd=12, sent=39, time=0 May 28 14:56:35 mail pop3d: LOGOUT, user=web1_postmaster, ip=[::ffff:203.177.28.67], port=[46410], top=0, retr=0, rcvd=12, sent=39, time=0 May 28 14:56:51 mail postfix/smtpd[21527]: warning: database /etc/postfix/virtusertable.db is older than source file /etc/postfix/virtusertable May 28 14:56:51 mail postfix/smtpd[21527]: fatal: open database /etc/postfix/access.db: No such file or directory May 28 14:56:52 mail postfix/master[16730]: warning: process /usr/lib/postfix/smtpd pid 21527 exit status 1 May 28 14:56:52 mail postfix/master[16730]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling May 28 14:57:52 mail postfix/smtpd[21546]: warning: database /etc/postfix/virtusertable.db is older than source file /etc/postfix/virtusertable May 28 14:57:52 mail postfix/smtpd[21546]: fatal: open database /etc/postfix/access.db: No such file or directory May 28 14:57:53 mail postfix/master[16730]: warning: process /usr/lib/postfix/smtpd pid 21546 exit status 1 May 28 14:57:53 mail postfix/master[16730]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling my log doesn't look good I know, hope we can fix this. Thanks Btw, another problem, my domain seems to be blocked by Yahoo. It gives out this error: Code: May 28 11:16:49 mail postfix/smtp[5951]: 1F6F0D1BF4: to=<[email protected]>, relay=in32.mxauth.yahoo.com[202.86.5.24]:25, delay=63162, delays=63162/0.01/0.61/0, dsn=4.7.1, status=deferred (host in32.mxauth.yahoo.com[202.86.5.24] refused to talk to me: 421 4.7.1 [TS03] All messages from 124.6.144.118 will be permanently deferred; Retrying will NOT succeed. This maybe one of the reasons why I'm getting "Undelivered Mail Returned to Sender" emails. Thanks again
For this problem After you edit file /etc/postfix/virtusertable you MUST type the command Code: postmap /etc/postfix/virtusertable with this command you will solve this problem. You can create the file /etc/postfix/access, and after you will create this file or modify do NOT forget to run command: Code: postmap /etc/postfix/access For problem with yahoo check if your port 25 in your server mail is filtred or DROP on chain FORWARD in iptables. Check wich user send more mail, with you, or spam. Check your ip if it's blacklisted, see this link: http://www.mxtoolbox.com/SuperTool.aspx
IP blacklisted? I checked the link you gave me http://www.mxtoolbox.com/SuperTool.aspx and my IP is blocked on two(2) lists! Dunno how this happened because our email is a legit government email. So this is probably why our mails to yahoo is being deffered. Please help..thanks
Make sure that you are no open relay ( http://www.spamhelp.org/shopenrelay/ ) and then contact the blacklist maintainers and ask them to remove your IP.
Dealing with Blacklists can be very frustrating, but that is where we can help! If you are having problems sending to major ISPs, we would recommend checking: Blacklists - Choose the Detail button next to any that you are listed on for more details. If you need more info on what a Blacklist is, read this blog post. MX Records Reverse DNS records SMTP Diagnostics - this tool checks for Open Relay, HELO response and more. This is a great start to make sure that your mail is being delivered accurately and on time. Keep in mind that while you may pass all of these tests each recipient server administrator can adjust their mail filters however they like, which might end up putting your mail in the Junk folder. It is really up to the users of the system to give feedback to their administrators so that filters can be adjusted accordingly. @MxToolBox
Blacklist Hi, The tests seem normal..no open relays as well. But my IP is still blacklisted on two lists, SORBS-SPAM and UCEPROTECTL1. SORBS-SPAM is even asking money for them to remove us from their list. I'm unable to determine now if what's still wrong or if there's still really a problem with my server. I'm completely lost now on what to do next. Hope you guys can help me on this. I'm now considering changing the IP of my mail server if it will solve it. But if there is still a way to solve this, I will rather cross that path. Thanks guys. Kindly, DJ Delos Santos
To remove your ip from SORBS-SPAM request that your ISP to request to remove from this blacklist. Or request to change your ISP to change your IP. Be sure to DROP your port 25 in firewall chain FORWARD. iptables -A FORWARD -p tcp --dport -j DROP
Should I change my IP first before I do "iptables -A FORWARD -p tcp --dport -j DROP"? And can I ask what does this code do and what importance does it serve? According to SORBS-SPAM they will not remove me from the list unless I pay a "donation". Thanks for the reply.
I had an IP blacklist the Sorbs, and solutions was to request the ISP to do that, and solve the problem. This rule in firewall is a MUST (my opinion) on mail server: iptables -A FORWARD -p tcp --dport -j DROP If the mail server is behind a network, and a computer is virus spam trafic on port 25. I'll have problems with blacklist spam. For more info read this: block port 25
Is this applicable for me? because the ISP only provides us DNS, and all the rest is here in our in-house servers. And I'm using a public IP. And I'm figuring maybe even if I change or request a new IP, it will be solved for the meantime but sooner or later it may be blacklisted again. Because just recently Gmail refused connections from my IP, meaning there's still wrong and my configuration isn't still fixed. I don't know if there's still missing or wrong with my posfix main.cf or any other configuration that's still causing or allowing this to happen. I need to track down which is causing my IP to be blacklisted. Is there a possibility that one of our user's computer has a virus that makes their email client send spam -- therefore makes us blacklisted? But if so, it would impossible and difficult to check/scan all their computers one by one. And so if my assumption is true, how can I filter outgoing mail from spam? How would I know which users are sending spam and how can I stop it? Like I said, it's just an assumption..if I'm wrong, pls suggest other causes and solutions. Thanks so much. Here's my main.cf Code: # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # TLS parameters smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = mail.mydomain.com mydomain = mydomain.com myorigin = $mydomain alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydestination = /etc/postfix/local-host-names relayhost = home_mailbox = mynetworks = 127.0.0.0/8, 124.6.144.0/29 mailbox_command = mailbox_size_limit = 0 message_size_limit = 104857600 recipient_delimiter = + inet_interfaces = all inet_protocols = all smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination, reject_invalid_hostname, reject_non_fqdn_hostname, reject_rbl_client zen.spamhaus.org, reject_rhsbl_sender dsn.fc-ignorant.org, check_policy_service inet:127.0.0.1:60000, permit soft_bounce = yes smtpd_tls_auth_only = no smtp_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom virtual_maps = hash:/etc/postfix/virtusertable smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_data_restrictions = reject_unauth_pipelining, reject_multi_recipient_bounce, permit smtpd_helo_restrictions = permit_mynetworks, reject_unknown_helo_hostname, permit smtpd_sender_restrictions = reject_unknown_address, reject_unknown_sender_domain maximal_queue_lifetime = 1d delay_warning_time = 0h smtpd_helo_required = yes disable_vrfy_command = yes smtpd_reject_unlisted_recipient = yes milter_default_action = accept milter_protocol = 2 smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891 Thanks again
Well, you've been looking at firewall rules, dns stuff, block lists and i see you have dkim-filter installed .. i'd suggest you take a few steps back and start with a clean postfix install and work your way up from there again.
Why, because you're kind of stuck and i doubt you actually know what you're doing ;-) I've learned all this by just .. install .. config .. mess up .. reinstall.. rinse and repeat ;-) Setting up postfix with (virt)users/domains etc etc should take up to 30mins to set up and test. Ow and looking at your config files, i also noticed you installed greylisten (port 60000? ;-) I'm running multiple mailservers that get more that 500k+ mails each day, try adding these rbl checks in your main.cf Code: smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination reject_invalid_hostname, reject_rbl_client virbl.dnsnl.bit.nl, reject_rbl_client cbl.abuseat.org, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl-xbl.spamhaus.org
Yes that's correct I'm already lost and I don't know what I'm doing anymore LOL.. My only basis are the stuff I read online..It's been a total crash course for me. That's why I'm very anxious about doing it all over again. But I really want to learn this. About the greylist, I got this from of the tutorials here..isn't it supposed to be 60000? Sorry..What number should I put there? Thanks for the tips, you've been helpful.
Well from my understanding, you want to set up a mailserver .. using ispconfig3 would make your life easier with handling users/groups etc etc .. so i suggest you follow this tutorial: http://www.howtoforge.org/perfect-server-debian-lenny-ispconfig3 gl!