I have set mailjet as relay server. That is working fine. But I am getting notification mail from them like Code: We have received an email from a new sender address using your account : Detected on: 2016-03-19 11:35:46 From: [email protected] Emails sent from this sender will not be sent until you validate this address in your account. Messages will remain in our processing queue for a few days and will be sent as soon as the sender becomes valid. If you have any question about this email, please take a look at our dedicated FAQ: I received an alert for a new sender address: what should I do?. See you soon, The Mailjet Team This domain and user doesn't exist in my server, how it can send mail is worrying me. The contents of my /etc/postfix/main.cf is like this Code: # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = /usr/share/doc/postfix # TLS parameters smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = server1.mywebsolutions.co.in alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases myorigin = /etc/mailname mydestination = server1.mywebsolutions.co.in, localhost, localhost.localdomain relayhost = in-v3.mailjet.com #mynetworks = 127.0.0.0/8 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = inet_interfaces = all html_directory = /usr/share/doc/postfix/html virtual_alias_domains = virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes #smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, #reject_unauth_destination smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_rbl_client zen.spamhaus.org smtpd_tls_security_level = may transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf # /etc/postfix/main.cf # HELO restrictions: #smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = dovecot header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks owner_request_special = no dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings message_size_limit = 20971520 inet_protocols = all smtp_tls_security_level = may smtpd_relay_restrictions = check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = Where and what I need to update to block users which are not created by me.
Till, This is making me scratch my head, how this can happen. Code: We have received an email from a new sender address using your account : Detected on: 2016-03-19 15:03:34 From: [email protected] Emails sent from this sender will not be sent until you validate this address in your account. Messages will remain in our processing queue for a few days and will be sent as soon as the sender becomes valid. If you have any question about this email, please take a look at our dedicated FAQ: I received an alert for a new sender address: what should I do?. See you soon, The Mailjet Team There is nothing like [email protected] - in my mail.log, mail.err or syslog. how this user is trying to send mail using my ip. Thanks.
Search for [email protected] in the mail.log. And emails can get send trough a website as well, so if you host websites and one of thes egit hacked, then it is possible that the email was sent trough that website directly.
Hi Till I have checked the mail.log and checked all the logs using command Code: grep -rlv "peter.dickson@" /var/log but couldn't find a trace of it. Now how can I know from where these mails are being sent. I have around 60-70 website, how can I identify which one is getting exploited.
I was able to find one more user in mail.log which is not in my domain/user list. The logs are like this, just cannot make out where to put a plug to stop this: user - [email protected] Code: Mar 20 18:37:36 server1 postfix/qmgr[3743]: D121D601882: from=<[email protected]>, size=3606, nrcpt=1 (queue active) Mar 20 18:37:37 server1 postfix/smtpd[15274]: disconnect from co1gmehub02.msn.com[65.55.52.230] Mar 20 18:37:44 server1 postfix/smtpd[15287]: connect from localhost.localdomain[127.0.0.1] Mar 20 18:37:44 server1 postfix/smtpd[15287]: CF7DD601CB8: client=localhost.localdomain[127.0.0.1] Mar 20 18:37:44 server1 postfix/cleanup[15281]: CF7DD601CB8: message-id=<[email protected]> Mar 20 18:37:44 server1 postfix/smtpd[15287]: disconnect from localhost.localdomain[127.0.0.1] Mar 20 18:37:44 server1 postfix/qmgr[3743]: CF7DD601CB8: from=<[email protected]>, size=4556, nrcpt=1 (queue active) Mar 20 18:37:44 server1 amavis[6293]: (06293-04) Passed CLEAN, [65.55.52.230] [65.55.52.230] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: Nsb3mNP03fix, Hits: 2.231, size: 3606, queued_as: CF7DD601CB8, [email protected], 8124 ms Mar 20 18:37:44 server1 postfix/smtp[15283]: D121D601882: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=10, delays=2/0.01/0/8.1, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as CF7DD601CB8) Mar 20 18:37:44 server1 postfix/qmgr[3743]: D121D601882: removed Mar 20 18:37:45 server1 postfix/pickup[13305]: 3A69C601CE5: uid=5000 from=<[email protected]> Mar 20 18:37:45 server1 dovecot: lda([email protected]): sieve: msgid=<[email protected]>: forwarded to <[email protected]> Mar 20 18:37:45 server1 postfix/cleanup[15281]: 3A69C601CE5: message-id=<[email protected]> Mar 20 18:37:45 server1 postfix/qmgr[3743]: 3A69C601CE5: from=<[email protected]>, size=4809, nrcpt=1 (queue active) Mar 20 18:37:45 server1 dovecot: lda([email protected]): sieve: msgid=<[email protected]>: stored mail into mailbox 'INBOX' Mar 20 18:37:45 server1 postfix/pipe[15288]: CF7DD601CB8: to=<[email protected]>, relay=dovecot, delay=0.54, delays=0.06/0.01/0/0.48, dsn=2.0.0, status=sent (delivered via dovecot service) Mar 20 18:37:45 server1 postfix/qmgr[3743]: CF7DD601CB8: removed Mar 20 18:37:45 server1 postfix/smtpd[15287]: connect from localhost.localdomain[127.0.0.1] Mar 20 18:37:45 server1 postfix/smtpd[15287]: 737A2601882: client=localhost.localdomain[127.0.0.1] Mar 20 18:37:45 server1 postfix/cleanup[15281]: 737A2601882: message-id=<[email protected]> Mar 20 18:37:45 server1 postfix/smtpd[15287]: disconnect from localhost.localdomain[127.0.0.1] Mar 20 18:37:45 server1 postfix/qmgr[3743]: 737A2601882: from=<[email protected]>, size=4883, nrcpt=1 (queue active) Mar 20 18:37:45 server1 amavis[7178]: (07178-04) Passed CLEAN, [127.0.0.1] [65.55.52.230] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: CvI6V1Vtrn5T, Hits: 2.231, size: 4809, queued_as: 737A2601882, [email protected], 195 ms