I'm getting hit continuously with blocks where SPAM mail is being sent from the server. How can I stop this from happening? Does ISP Config have any modules or methods to stop SPAM mail being sent?
Check your mail.log to find out who or what I sending out the spam. If it's a SMTP user, see https://www.howtoforge.com/community/threads/reset-postfix-installation.87859/#post-428532 I would also recommend disabling mail() for PHP so all sites need to use SMTP.
1- I'm having difficulty reading who/which mail is sending out the spam. see log below 2- how do i disable PHP sending? Code: seems there is spam [root@server1 log]# tail -25 maillog Mar 11 07:14:15 server1 postfix/smtp[613980]: 24BA37E1B94: to=<[email protected]>, relay=none, delay=145614, delays=145583/1.4/30/0, dsn=4.4.1, status=deferred (connect to mailserver.bates-and.co.uk[217.40.134.217]:25: Connection timed out) Mar 11 07:14:15 server1 postfix/smtp[613943]: connect to andersonsstore.com[199.191.50.51]:25: Connection timed out Mar 11 07:14:15 server1 postfix/smtp[613943]: 22A4C7E1C7C: to=<[email protected]>, relay=none, delay=128813, delays=128781/1.4/30/0, dsn=4.4.1, status=deferred (connect to andersonsstore.com[199.191.50.51]:25: Connection timed out) Mar 11 07:14:15 server1 postfix/smtpd[486999]: disconnect from unknown[87.246.7.246] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4 Mar 11 07:14:15 server1 postfix/smtp[614011]: connect to misco.es[75.2.19.86]:25: Connection timed out Mar 11 07:14:15 server1 postfix/smtp[614011]: 55E897E1C80: to=<[email protected]>, relay=none, delay=112012, delays=111981/1.3/30/0, dsn=4.4.1, status=deferred (connect to misco.es[75.2.19.86]:25: Connection timed out) Mar 11 07:14:15 server1 postfix/smtp[613945]: connect to meltzermandl.com[52.71.57.184]:25: Connection timed out Mar 11 07:14:16 server1 postfix/smtp[613942]: connect to affina.com[3.64.163.50]:25: Connection timed out Mar 11 07:14:16 server1 postfix/smtp[613949]: connect to integradev.com[3.94.41.167]:25: Connection timed out Mar 11 07:14:16 server1 postfix/smtp[613942]: 6C2417E54A0: to=<[email protected]>, relay=none, delay=378573, delays=378540/0.82/31/0, dsn=4.4.1, status=deferred (connect to affina.com[3.64.163.50]:25: Connection timed out) Mar 11 07:14:16 server1 postfix/smtp[613978]: connect to mail.itascachicago.com[128.199.196.173]:25: Connection timed out Mar 11 07:14:16 server1 postfix/smtp[613978]: 766927E58FC: to=<[email protected]>, relay=none, delay=334723, delays=334691/1.9/30/0, dsn=4.4.1, status=deferred (connect to mail.itascachicago.com[128.199.196.173]:25: Connection timed out) Mar 11 07:14:16 server1 postfix/smtp[614001]: connect to seniorsfirstonline.com[204.11.56.48]:25: Connection timed out Mar 11 07:14:16 server1 postfix/smtp[614001]: 72BB47E5B0D: to=<[email protected]>, relay=none, delay=311267, delays=311235/1.9/30/0, dsn=4.4.1, status=deferred (connect to seniorsfirstonline.com[204.11.56.48]:25: Connection timed out) Mar 11 07:14:16 server1 postfix/smtp[613997]: connect to awesomenet.com[45.33.2.79]:25: No route to host Mar 11 07:14:16 server1 postfix/smtp[613997]: connect to awesomenet.com[45.33.23.183]:25: No route to host Mar 11 07:14:16 server1 postfix/smtp[613999]: connect to intxxnet.com[52.86.6.113]:25: Connection timed out Mar 11 07:14:16 server1 postfix/smtp[614009]: connect to intxxnet.com[52.71.57.184]:25: Connection timed out Mar 11 07:14:16 server1 postfix/smtp[613974]: connect to mail.scott.co.nz[203.167.143.103]:25: Connection timed out Mar 11 07:14:16 server1 postfix/smtp[613974]: 2A2087E5B03: to=<[email protected]>, relay=none, delay=311345, delays=311313/1.6/31/0, dsn=4.4.1, status=deferred (connect to mail.scott.co.nz[203.167.143.103]:25: Connection timed out) Mar 11 07:14:17 server1 postfix/smtpd[488203]: warning: hostname ip246.tervelnet.com does not resolve to address 87.246.7.246 Mar 11 07:14:17 server1 postfix/smtpd[488203]: connect from unknown[87.246.7.246] Mar 11 07:14:19 server1 postfix/smtpd[488203]: discarding EHLO keywords: CHUNKING Mar 11 07:14:19 server1 postfix/smtp[614008]: connect to alion.com[35.189.86.133]:25: Connection timed out Mar 11 07:14:19 server1 postfix/smtp[614008]: 75F367E54D2: to=<[email protected]>, relay=none, delay=378635, delays=378600/2/33/0, dsn=4.4.1, status=deferred (connect to alion.com[35.189.86.133]:25: Connection timed out) [root@server1 log]#
The log you shared does not tells us anything but recent retries. Check your mailq to find a spam message and find all info for that message. Add mail to disable_funtions in your php.ini.
If the message is still in queue you can examine info about it with postcat, eg postcat -q 24BA37E1B94
If you don't have a copy of the message hanging around, all you have left to work from is the log entries.
