hi, not sure if this has anything to do with ISPconfig but, I don't have any catchalls in place but I'm still getting spam mail in my root that is originally addressed to a bogus address. i.e. [email protected]. I don't have an [email protected]. Could anyone help explain? Thanks!
Nope. Just my regular ole email addresses. no catchalls. I've been noticing a bunch of junk in my root mail so I started sending it to a different user so I could view it in a mail client and see what's what. under aliases I set root to send to web11_daisy so I could get a better look at it. i start really looking at this spam mail and it's being sent to [email protected]. I have 8 domains and it's getting sent to all of them. [email protected], [email protected], [email protected]. it's all being sent to root. I pulled this from the end of root's mail. Ignore the cron job thingy. Code: From [email protected] Fri Jul 13 04:36:19 2007 Return-Path: <[email protected]> X-Original-To: [email protected] Delivered-To: [email protected] Received: from domain1.com (domain1.com [127.0.0.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by domain1.com (Postfix) with ESMTP id 97C52168045 for <[email protected]>; Fri, 13 Jul 2007 04:36:19 -0500 (CDT) Received: (from root@localhost) by domain1.com (8.13.8/8.13.8/Submit) id l6D9ZdiH006355; Fri, 13 Jul 2007 04:35:39 -0500 Date: Fri, 13 Jul 2007 04:35:39 -0500 Message-Id: <[email protected]> From: [email protected] (Cron Daemon) To: [email protected] Subject: Cron <root@domain1> run-parts /etc/cron.daily Content-Type: text/plain; charset=UTF-8 Auto-Submitted: auto-generated X-Cron-Env: <SHELL=/bin/bash> X-Cron-Env: <PATH=/sbin:/bin:/usr/sbin:/usr/bin> X-Cron-Env: <MAILTO=root> X-Cron-Env: <HOME=/> X-Cron-Env: <LOGNAME=root> X-Cron-Env: <USER=root> /etc/cron.daily/0logwatch: Use of uninitialized value in numeric le (<=) at /etc/cron.daily/0logwatch line 798. Use of uninitialized value in numeric le (<=) at /etc/cron.daily/0logwatch line 798. Use of uninitialized value in numeric le (<=) at /etc/cron.daily/0logwatch line 798. Use of uninitialized value in numeric le (<=) at /etc/cron.daily/0logwatch line 798. Use of uninitialized value in numeric le (<=) at /etc/cron.daily/0logwatch line 798. From [email protected] Fri Jul 13 09:09:12 2007 Return-Path: <[email protected]> X-Original-To: [email protected] Delivered-To: [email protected] Received: from [61.252.108.88] (unknown [61.252.108.88]) by domain1.com (Postfix) with ESMTP id 5CAD61680A9 for <[email protected]>; Fri, 13 Jul 2007 09:09:06 -0500 (CDT) Received: from [61.252.108.88] by scan.aetat.no; Fri, 13 Jul 2007 14:09:14 -0900 Date: Fri, 13 Jul 2007 14:09:14 -0900 From: "Derrick Caudill" <[email protected]> X-Mailer: The Bat! (v3.0) Home Reply-To: [email protected] X-Priority: 3 (Normal) Message-ID: <[email protected]> To: [email protected] Subject: Re: Hi MIME-Version: 1.0 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE></TITLE> </HEAD> <BODY> Hello! I am bored today. I am nice girl that would like to chat with you. Email me at [email protected] only. I will reply with my pics </BODY></HTML> From [email protected] Fri Jul 13 09:20:58 2007 Return-Path: <[email protected]> X-Original-To: [email protected] Delivered-To: [email protected] Received: from [80.254.98.50] (lin50.adsl-pool.donpac.ru [80.254.98.50]) by domain1.com (Postfix) with ESMTP id 7B80A1680A9 for <[email protected]>; Fri, 13 Jul 2007 09:20:57 -0500 (CDT) Received: from [80.254.98.50] by mail.abacahotel.com; Fri, 13 Jul 2007 14:21:24 -0300 Date: Fri, 13 Jul 2007 14:21:24 -0300 From: "Ida Doran" <[email protected]> X-Mailer: The Bat! (v2.01) Educational Reply-To: [email protected] X-Priority: 3 (Normal) Message-ID: <[email protected]> To: [email protected] Subject: Re: Hallo! MIME-Version: 1.0 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE></TITLE> </HEAD> <BODY> Hello! I am tired this evening. I am nice girl that would like to chat with you. Email me at [email protected] only. To see some pictures of me. </BODY></HTML> Suggestions?
There is nothing with the word info in virtusertable Code: info: postmaster Is this the one that's causing all the problems? What about all this other crap like NOC and whatnot? Code: # Basic system aliases -- these MUST be present. mailer-daemon: postmaster postmaster: root # General redirections for pseudo accounts. bin: root daemon: root adm: root lp: root sync: root shutdown: root halt: root mail: root news: root uucp: root operator: root games: root gopher: root ftp: root nobody: root radiusd: root nut: root dbus: root vcsa: root canna: root wnn: root rpm: root nscd: root pcap: root apache: root webalizer: root dovecot: root fax: root quagga: root radvd: root pvm: root amanda: root privoxy: root ident: root named: root xfs: root gdm: root mailnull: root postgres: root sshd: root smmsp: root postfix: root netdump: root ldap: root squid: root ntp: root mysql: root desktop: root rpcuser: root rpc: root nfsnobody: root ingres: root system: root toor: root manager: root dumper: root abuse: root newsadm: news newsadmin: news usenet: news ftpadm: ftp ftpadmin: ftp ftp-adm: ftp ftp-admin: ftp www: webmaster webmaster: root noc: root security: root hostmaster: root info: postmaster marketing: postmaster sales: postmaster support: postmaster # trap decode to catch security attacks decode: root # Person who should get root's mail root: web11_daisy Code: queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_owner = postfix inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost unknown_local_recipient_reject_code = 550 alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.2.8/samples readme_directory = /usr/share/doc/postfix-2.2.8/README_FILES smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtpd_tls_auth_only = no smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom virtual_maps = hash:/etc/postfix/virtusertable mydestination = /etc/postfix/local-host-names smtpd_helo_required = yes disable_vrfy_command = yes invalid_hostname_reject_code = 554 multi_recipient_bounce_reject_code = 554 non_fqdn_reject_code = 554 relay_domains_reject_code = 554 unknown_address_reject_code = 554 unknown_client_reject_code = 554 unknown_hostname_reject_code = 554 unknown_local_recipient_reject_code = 554 unknown_relay_recipient_reject_code = 554 unknown_sender_reject_code = 554 unknown_virtual_alias_reject_code = 554 unknown_virtual_mailbox_reject_code = 554 unverified_recipient_reject_code = 554 unverified_sender_reject_code = 554 smtpd_recipient_restrictions = reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org, permit
Yes. Do you have a user called info in /etc/passwd? If so, delete it with the userdel command and remove the info line from /etc/aliases. Run Code: newaliases afterwards and restart Postfix.
