Hi, I followed the "perfect install" guide for CentOS (4.4 with ISPConfig 2.2.7). I recently received a SPAM, and it appears to have come through my server ??? Code: Delivered-To: root AT vps.linickx DOTy co DOTy uk Received: from 70A0802596.wbb.net.cable.rogers.com (70A0802596.wbb.net.cable.rogers.com [74.210.9.137]) by vps.linickx.co.uk (Postfix) with SMTP id 67251BE390A for <support AT oakfarmpreschool DOTy com>; Tue, 13 Feb 2007 17:28:40 +0000 (GMT) To: support AT oakfarmpreschool DOTy com Message-Id: <[email protected] DOTy co DOTyuk> Date: Tue, 13 Feb 2007 17:28:40 +0000 (GMT) From: support AT oakfarmpreschool DOTy com but (a) this address shouldn't exist Code: ################################### # # ISPConfig virtusertable Configuration File # Version 1.0 # ################################### admin AT www.oakfarmpreschool DOTy com user28_oakfarm user28_oakfarm AT www.oakfarmpreschool DOTy com user28_oakfarm admin AT oakfarmpreschool DOTy com user28_oakfarm user28_oakfarm AToakfarmpreschool DOTy com user28_oakfarm and (b) my understanding of is that this email should get authenticated as it's from a domain I'm hosting ? Can anyone shed any light on the matter ? If it helps support@ does exist under other domains hosted on the same box. Many Thanks Nick
The mail was sent from to your server, not through your server. If you send to a domain hosted on the server, you don't need authentication. Also take a look here: http://www.howtoforge.com/forums/showpost.php?p=16205&postcount=34
Hi Falko, Thanks for the response; what confuses me is that "support AT oakfarmpreschool DOTy com" shouldn't exist (see above virtusertable), any thoughts ? cheers, Nick
The email address "support AT oakfarmpreschool DOTy com" is the sender address, it is not nescessary that this address exists. Spammers are often using non existant fake addresses as sender.
yeah that makes sense, but wasn't it was also the to..... that's why I'm thinking it should have been rejected (as support isn't on the oakfarm domain) rather than delivered to root. no ?
Ah, yes, that explains it, I've never used that file b4 Is it safe to comment stuff out without effecting the running of ISPConfig ? (and associated services ) ... the man pages suggest it's a send mail file, so I think I'm ok as I'm using postfix. Thanks !
I want to comment out this rubbish at the bottom, as they're common spam victims. Code: newsadm: news newsadmin: news usenet: news ftpadm: ftp ftpadmin: ftp ftp-adm: ftp ftp-admin: ftp www: webmaster webmaster: root noc: root security: root hostmaster: root info: postmaster marketing: postmaster sales: postmaster support: postmaster Do you think that will cause any problems with the ISPConfig Magic ?
These entries are not from ISPConfig, so you can remove them sfaely and then run the command "newaliases".
