Postfix spam problem

Discussion in 'Installation/Configuration' started by sdi, May 13, 2014.

  1. sdi

    sdi New Member

    Hi, I am running Ispconfig 2 on Debian.

    I found out that the server is misused for spam sending.

    What I have checked is:
    - port 25 is closed from external, only connections from localhost/127.0.0.1 are allowed

    So this system is not a open relay.

    But still there are many mails popping up in the queue.

    this is one message:
    Code:
    May 13 10:27:50 ip2 postfix/pickup[23062]: 42EC21076B: uid=33 from=<[email protected]>
    May 13 10:27:50 ip2 postfix/cleanup[22917]: 42EC21076B: message-id=<[email protected]>
    May 13 10:27:50 ip2 postfix/qmgr[21855]: 42EC21076B: from=<[email protected]>, size=661, nrcpt=1 (queue active)
    May 13 10:27:50 ip2 postfix/smtp[23124]: 42EC21076B: to=<[email protected]>, relay=gateway[x.x.x.22]:25, delay=0.03, delays=0.01/0/0.02/0, dsn=5.0.0, status=bounced (host gateway[x.x.x.22] said: 550 Sender is not allowed. (in reply to MAIL FROM command))
    May 13 10:27:50 ip2 postfix/bounce[23114]: 42EC21076B: sender non-delivery notification: 49A211080E
    May 13 10:27:50 ip2 postfix/qmgr[21855]: 42EC21076B: removed
    
    I don't understand where the messages come from, where/how they are generated.

    When I look at the "/etc/passwd" file the id 33 is this:
    So this means that the webserver is generating all these mails?

    Can you help me?
     
    Last edited: May 13, 2014
  2. MasteRTriX

    MasteRTriX Member

    do you have php enabled on web server? It seems some script is sending those mails. I'd recommend using suphp or similar so yo can determine wich website is doing so. Another thing you can do is to change default smtp server for de php mail function, and point it to a more restricted postfix.
     

Share This Page