Hi, I am running Ispconfig 2 on Debian. I found out that the server is misused for spam sending. What I have checked is: - port 25 is closed from external, only connections from localhost/127.0.0.1 are allowed So this system is not a open relay. But still there are many mails popping up in the queue. this is one message: Code: May 13 10:27:50 ip2 postfix/pickup[23062]: 42EC21076B: uid=33 from=<[email protected]> May 13 10:27:50 ip2 postfix/cleanup[22917]: 42EC21076B: message-id=<[email protected]> May 13 10:27:50 ip2 postfix/qmgr[21855]: 42EC21076B: from=<[email protected]>, size=661, nrcpt=1 (queue active) May 13 10:27:50 ip2 postfix/smtp[23124]: 42EC21076B: to=<[email protected]>, relay=gateway[x.x.x.22]:25, delay=0.03, delays=0.01/0/0.02/0, dsn=5.0.0, status=bounced (host gateway[x.x.x.22] said: 550 Sender is not allowed. (in reply to MAIL FROM command)) May 13 10:27:50 ip2 postfix/bounce[23114]: 42EC21076B: sender non-delivery notification: 49A211080E May 13 10:27:50 ip2 postfix/qmgr[21855]: 42EC21076B: removed I don't understand where the messages come from, where/how they are generated. When I look at the "/etc/passwd" file the id 33 is this: So this means that the webserver is generating all these mails? Can you help me?
do you have php enabled on web server? It seems some script is sending those mails. I'd recommend using suphp or similar so yo can determine wich website is doing so. Another thing you can do is to change default smtp server for de php mail function, and point it to a more restricted postfix.
