Spam with Postfix from inexisting mail address from my domain

Discussion in 'Server Operation' started by anthony974, Sep 14, 2016.

  1. anthony974

    anthony974 New Member

    Hello everybody,

    Since one week, i get lot of spams sent from my server, which using Postfix.
    All these spams are sending from an mail address like this :

    XXXXXX@ mywebsite . com

    XXXXXXX = random name
    all these mail addresses didnt exist of course
    but they can send spam (to aol, gmail, etc.)

    I tried to block sending mail from domain, but it didnt work. (it works only when i send the mail from my existing mail address, but the spamers still can send spam...)
    this link : serverfault . com / questions/517945/how-to-block-sending-mail-from-domain-in-postfix



    Here is an extract of my dovecot log :
    Code:
    Sep 10 18:51:04 auth-worker(27351): Info: sql(paula_thomas@ mywebsite . com): unknown user
    each 4-5 minutes


    From my mail.log :


    All mails contains links (porno, poker, etc.)
     
    Last edited: Sep 14, 2016
  2. anthony974

    anthony974 New Member

    Here is my config file : /etc/postfix/main.cf



    Code:
    #######################
    ## GENERALS SETTINGS ##
    #######################
    
    smtpd_banner         = $myhostname ESMTP $mail_name (Debian/GNU)
    biff                 = no
    append_dot_mydomain  = no
    readme_directory     = no
    delay_warning_time   = 4h
    mailbox_command      = procmail -a "$EXTENSION"
    recipient_delimiter  = +
    disable_vrfy_command = yes
    message_size_limit   = 502400000
    mailbox_size_limit   = 1024000000
    
    inet_interfaces = all
    inet_protocols = ipv4
    
    myhostname    = mon.domaine.fr
    myorigin      = mon.domaine.fr
    mydestination = localhost localhost.$mydomain
    mynetworks    = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
    relayhost     =
    
    alias_maps     = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    
    ####################
    ## TLS PARAMETERS ##
    ####################
    # Smtp ( OUTGOING / Client )
    smtp_tls_loglevel            = 1
    smtp_tls_security_level      = may
    #smtp_tls_CAfile              = /etc/ssl/certs/ca.cert.pem
    smtp_tls_protocols           = !SSLv2, !SSLv3
    smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtp_tls_mandatory_ciphers   = high
    smtp_tls_exclude_ciphers     = aNULL, eNULL, EXPORT, DES, 3DES, RC2, RC4, MD5, PSK, SRP, DSS, AECDH, ADH
    smtp_tls_note_starttls_offer = yes
    
    # ---------------------------------------------------------------------------------------------------
    
    # Smtpd ( INCOMING / Server )
    smtpd_tls_loglevel            = 1
    #smtpd_tls_auth_only           = yes
    smtpd_tls_security_level      = may
    smtpd_tls_received_header     = yes
    smtpd_tls_protocols           = !SSLv2, !SSLv3
    smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtpd_tls_mandatory_ciphers   = medium
    
    # Infos (voir : postconf -d)
    # Medium cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@ STRENGTH
    # High cipherlist   = aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@ STRENGTH
    
    # smtpd_tls_exclude_ciphers   = NE PAS modifier cette directive pour des raisons de compatibilité
    #                               avec les autres serveurs de mail afin d'éviter une erreur du type
    #                               "no shared cipher" ou "no cipher overlap" puis un fallback en
    #                               plain/text...
    # smtpd_tls_cipherlist        = Ne pas modifier non plus !
    
    #smtpd_tls_CAfile              = $smtp_tls_CAfile
    #smtpd_tls_cert_file           = /etc/ssl/certs/mailserver.crt
    #smtpd_tls_key_file            = /etc/ssl/private/mailserver.key
    smtp_tls_CAfile                 = /etc/letsencrypt/live/myhostname. fr/chain.pem
    smtpd_tls_cert_file             = /etc/letsencrypt/live/myhostname. fr/cert.pem
    smtpd_tls_key_file              = /etc/letsencrypt/live/myhostname. fr/privkey.pem
    smtpd_tls_dh1024_param_file   = $config_directory/dh2048.pem
    smtpd_tls_dh512_param_file    = $config_directory/dh512.pem
    
    tls_preempt_cipherlist = yes
    tls_random_source      = dev:/dev/urandom
    
    smtp_tls_session_cache_database  = btree:${data_directory}/smtp_scache
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    lmtp_tls_session_cache_database  = btree:${data_directory}/lmtp_scache
    
    # ----------------------------------------------------------------------
    
    #####################
    ## SASL PARAMETERS ##
    #####################
    
    smtpd_sasl_auth_enable          = yes
    #smtp_sasl_auth_enable          = yes
    smtpd_sasl_type                 = dovecot
    smtpd_sasl_path                 = private/auth
    smtpd_sasl_security_options     = noanonymous
    smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
    smtpd_sasl_local_domain         = $mydomain
    smtpd_sasl_authenticated_header = yes
    
    broken_sasl_auth_clients = yes
    
    ##############################
    ## VIRTUALS MAPS PARAMETERS ##
    ##############################
    
    virtual_uid_maps        = static:5000
    virtual_gid_maps        = static:5000
    virtual_minimum_uid     = 5000
    virtual_mailbox_base    = /var/mail
    virtual_transport       = lmtp:unix:private/dovecot-lmtp
    virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
    virtual_mailbox_maps    = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
    virtual_alias_maps      = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
    
    ######################
    ## ERRORS REPORTING ##
    ######################
    ######################
    
    # notify_classes = bounce, delay, resource, software
    notify_classes = resource, software
    
    error_notice_recipient     = me@ gmail. com
    # delay_notice_recipient   = admin@ domain. tld
    # bounce_notice_recipient  = admin@ domain. tld
    # 2bounce_notice_recipient = admin@ domain. tld
    
    ##################
    ## RESTRICTIONS ##
    ##################
    
    smtpd_recipient_restrictions =
         check_sender_access hash:/etc/postfix/rejected-recipient,
         reject_invalid_hostname,
         reject_unauth_pipelining,
         # permit_mynetworks,
         permit_sasl_authenticated,
         reject_non_fqdn_recipient,
         reject_unauth_destination,
         reject_unknown_recipient_domain,
         reject_rbl_client zen.spamhaus. org
    
    smtpd_helo_restrictions =
         permit_mynetworks,
         permit_sasl_authenticated,
         reject_invalid_helo_hostname,
         reject_non_fqdn_helo_hostname
         # reject_unknown_helo_hostname
    
    smtpd_client_restrictions =
         permit_mynetworks,
         permit_inet_interfaces,
         permit_sasl_authenticated,
         # reject_plaintext_session,
         # reject_unauth_pipelining
    
    smtpd_sender_restrictions =
         check_sender_access hash:/etc/postfix/rejected-recipient,
         reject_non_fqdn_sender,
         reject_unknown_sender_domain
         #reject_sender_login_mismatch
    
    smtpd_milters = unix:/opendkim/opendkim.sock, unix:/opendmarc/opendmarc.sock, unix:/clamav/clamav-milter.ctl
    mime_header_checks = regexp:/etc/postfix/header_checks
    header_checks = regexp:/etc/postfix/header_checks
    
     
  3. anthony974

    anthony974 New Member

    In this config, i have updated to this configuration (just added reject_rbl options) :
    this link : howtoforge . com/block_spam_at_mta_level_postfix

    So i have added :



    It was working perfectly but now, the spammers use mail address :
    XXXXXXX@ mywebsite . fr (instead of mywebsite . com) !

    dovecot log :

    Please, do you have any solution for me ?
     
  4. florian030

    florian030 Well-Known Member HowtoForge Supporter

Share This Page