Unable to stop postfix spam

Discussion in 'Server Operation' started by netfix, Jun 7, 2017.

  1. netfix

    netfix New Member

    Hi to all,
    I have a debian 8 with ipconfig. I have a spam problem but unable to find source of spam.
    I ask your help to solve this problem.
    This is a typical email that outgoing:

    postcat -q F03E3B033B1
    *** ENVELOPE RECORDS deferred/F/F03E3B033B1 ***
    message_size:            1849             666               1               0            1849
    message_arrival_time: Wed Jun  7 23:01:55 2017
    create_time: Wed Jun  7 23:01:55 2017
    named_attribute: log_ident=F03E3B033B1
    named_attribute: rewrite_context=local
    sender: [email protected]
    named_attribute: encoding=7bit
    named_attribute: log_client_name=localhost.localdomain
    named_attribute: log_client_address=
    named_attribute: log_client_port=43815
    named_attribute: log_message_origin=localhost.localdomain[]
    named_attribute: log_helo_name=localhost
    named_attribute: log_protocol_name=ESMTP
    named_attribute: client_name=localhost.localdomain
    named_attribute: reverse_client_name=localhost.localdomain
    named_attribute: client_address=
    named_attribute: client_port=43815
    named_attribute: helo_name=localhost
    named_attribute: protocol_name=ESMTP
    named_attribute: client_address_type=2
    named_attribute: dsn_orig_rcpt=rfc822;[email protected]
    original_recipient: [email protected]
    recipient: [email protected]
    *** MESSAGE CONTENTS deferred/F/F03E3B033B1 ***
    Received: from localhost (localhost.localdomain [])
        by web.nebenet.it (Postfix) with ESMTP id F03E3B033B1
        for <[email protected]>; Wed,  7 Jun 2017 23:01:55 +0200 (CEST)
    X-Virus-Scanned: Debian amavisd-new at web.nebenet.it
    Received: from web.nebenet.it ([])
        by localhost (web.nebenet.it []) (amavisd-new, port 10026)
        with ESMTP id iXsrPnhWrrSF for <[email protected]>;
        Wed,  7 Jun 2017 23:01:55 +0200 (CEST)
    Received: from perseosport.com (localhost.localdomain [])
        by web.nebenet.it (Postfix) with ESMTPS id 3BF87B033B4
        for <[email protected]>; Wed,  7 Jun 2017 23:01:55 +0200 (CEST)
    MIME-Version: 1.0
    Date: Wed, 7 Jun 2017 23:01:55 +0200
    Message-ID: <[email protected]>
    Subject: Stoney phallus for a long time
    From: web10[email protected]
    Reply-To: [email protected]
    To: [email protected]
    X-Priority: 3 (Normal)
    X-Mailer: ESMTP 1.1
    Content-Type: multipart/alternative;
    Content-Type: text/plain; charset=UTF-8
    Content-Transfer-Encoding: quoted-printable
    Gift exultation to dear woman! Faster get ClALlS!
    You can get more details please read here.
    see you!
    Content-Type: text/html; charset=UTF-8
    Content-Transfer-Encoding: quoted-printable
    <head><meta http-equiv=3D'content-type' content=3D'text/html; charset=3Dutf=
    Gift exultation to dear woman! Faster get ClALlS!<br>
    <a href=3D'http://www.as-photo.it/wp-content/themes/mobiletu/p3/'>You can g=
    et more details please read here.</a><br>
    see you!
    *** HEADER EXTRACTED deferred/F/F03E3B033B1 ***
    named_attribute: encoding=7bit
    *** MESSAGE FILE END deferred/F/F03E3B033B1 ***
    ls -alh /var/www/perseosport.com
    lrwxrwxrwx 1 root root 31 May 22 22:28 /var/www/perseosport.com -> /var/www/clients/client1/web28/

    There is not a user with name "web108". I don't understand where is problem. I block web access to this website but problem persists.
  2. netfix

    netfix New Member

    I solved. Sender "web108" is the user who spamming on old server and new (it was moved from a old server), but in new it has a new username. I don't now because on log I have this unknown user.

Share This Page