Hello everyone, I am using ISPConfig3 on a Debian Wheezy Apache Server. I set it up with Postfix and Dovecot. Recently I received an email from our CoLocation Company with a Spam Abuse Complaint. It appears someone is sending emails through our server. Yes server1.dhptraining.com is my server. How do I stop this. Our IP has now been blacklisted and there is a chance we can lose the coLocation with all of our websites if we can't solve the problem. I really don't know anything about email servers. I've looked through the forums and through search engines to find out how to fix this but everything I find I just don't understand. Can someone please help me get this setup so that people cannot send ffrom my server but we can still access and send our emails from our locations. The server is in phoenix and we are in new mexico. Here is the header from the person sending the email: Content-Type: message/rfc822 Content-Disposition: inline Return-Path: <[email protected]> Received: from [162.213.40.82] by usgo.net (USGO MTA v5/Hdlc3Rlcm51aW9uQG51aW9uLmNvbT48Z3BoQHVzZmFtaWx5Lm5ldD4-) with SMTP id <20141218023520002756900015> for <[email protected]>; Thu, 18 Dec 2014 02:35:20 -0600 (CST) (envelope-from [email protected]) Received: from localhost (localhost [127.0.0.1]) by server1.dhptraining.com (Postfix) with ESMTP id 0F49336C3417; Thu, 18 Dec 2014 01:35:19 -0700 (MST) X-Virus-Scanned: Debian amavisd-new at server1.dhptraining.com Received: from server1.dhptraining.com ([127.0.0.1]) by localhost (server1.dhptraining.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cLzRD0vMWM_F; Thu, 18 Dec 2014 01:35:09 -0700 (MST) Received: from User (unknown [50.7.255.126]) (Authenticated sender: [email protected]) by server1.dhptraining.com (Postfix) with ESMTPA id D8DE336C347A; Thu, 18 Dec 2014 01:34:59 -0700 (MST)
@deeaamon, Obviously, the first step is to double check that you've performed all the steps in the 'Perfect' guide you followed; correctly. There is a lot to do, and overlooking something is really easy, and hard to find afterwards. Another thing that you should have a look at is setting up your DNS records. Most mail servers aren't setup to rigidly check mail. So everything seems fine until you send mail to gmail, or hotmail, etc. Send too many mails to them and you'll get listed. Fortunately, they will often notify you that your mail couldn't be delivered because it's considered spam. So, in your DNS, you need to have the following records: A, PTR, MX, and SPF. Once you've set these up, send a mail to this address to get a 'health' report: '[email protected]' On my server, I've forced all my clients to authenticate before they can send mail. This is not how mail servers are normally setup. Usually, you only need to authenticate in order to download/read your mail. I'll leave you to read up why this is so. You should get to know what role Postfix plays, what Dovecot does, how Spamassassin works, what amavis can do for you. By understanding the modules, you'll know which part of your system is not configured correctly. There is a lot of information about SMTP setup in the forum here. In addition, here are a few useful links that discuss mail server setup and operation: http://www.howtoforge.com/hardening-postfix-for-ispconfig-3 http://www.postfix.org/SMTPD_ACCESS_README.html https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy I would give serious consideration of whether you want to run your own mail server or use a third party provider. It is a complex subject and a large time sink. Hope this helps. Cheers, Nap PS.. You should post your main.cf and master.cf files here. Without that info....
That is actually what I want is to force all of my users to authenticate before sending. The only users are from my company and we use a third party smtp. This smtp from the server is used only for sending out emails from my php scripts. But someone else is using the smtp. Ill read the articles you mentioned below and give it a try. Thanks for the help. How did you get your users to have to authenticate?
In my main.cf, I've got the following additions/changes: Code: smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf smtpd_sender_restrictions = permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 In my master.cf, I've got the following additions/changes: Code: submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtp_enforce_tls=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject smtps inet n - - - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject cleanup unix n - - - 0 cleanup -o smtpd_client_restrictions=permit_sasl_authenticated,reject I haven't tested my settings against php scripts. You should try to figure out which script is the door they're using and fix it. You should validate that your php scripts are generating the mail appropriately; sender address and other header related fields. And that they are resistant to SQL Injections and Cross-Site Scripting. That is, all your user input fields ($_GET and $_POST on the server side) should be properly filtered before they are used as input to the php. Cheers, Nap
WEll I don't know what I did this time but now I can't receive any emails at all. I followed this article http://www.howtoforge.com/hardening-postfix-for-ispconfig-3 and my idiot self didn't make backups of my files before making the changes. Also when I restart postfix now I get a warning of unused parameter: dovecot_destination_recipient_limit_1 And no one in my company is getting any emails. It cycles through the emails with no error messages but does't get anything. This is what happens when they ask a guy who doesn't know anything about this stuff and is constantly having to wing it.
What you can do is: Setup a virtual machine using VirtualBox. Set the network to use a 'Bridged Network Adaptor'. Install the basic Debian Linux. Whilst logged into the VM, use the 'ifconfig' command to determine its IP address. Once you know its IP, you can use SSH and (S)FTP to access it. Then install everything else, as per the 'Perfect' guide. You can test the web server by putting an entry in your 'hosts' file that maps an arbitrary domain (I use mydomain.int where 'int' means internal) to the IP of the VM. I haven't done this to test emails, but I'm sure you could do that too once you've setup your 'hosts' file and point your mail client to the domain you've setup on the VM. (This is how I'm doing it here.) Once your VM is running satisfactorily, you can copy the setup files from it and put them up on your live server. (Don't forget to incorporate the changes I mentioned in my earlier post.) Hope this lets you see the light at the end of the tunnel. Cheers, Nap
