Greetings, helpers of the Netherworlds. The other day, I uncommented a couple lines from my postfix main.cf, and now I'm getting thousands of undeliverable e-mails a day. I just don't understand what I'm doing wrong. I've got a milieu of services running to try and prevent this, and I feel totally helpless and overwhelmed. Please help! How can I diagnose where these messages are coming from, and how can I make sure that I am running a responsible e-mail server, and doing all that I can to prevent spam? Thank you, Adam
Hi Adam, Which server guide you have used? Do you use dovecot or courier as imap and pop3 server Post the error message(s) that you get in the mail log file when the problem occurs. The mail log file is in the folder /var/log/, it is named "mail.log" on Debian and Ubuntu Linux and named "maillog" on other distributions. Br// Srijan
Okay, I'm using Apache2 ISPConfig3 on Ubuntu 13.04. Email setup: Dovecot Mailman Amavis ClamAV-daemon Postgrey Fail2Ban On Digital Ocean, and I think my spf record is correctly configured. I'll see if I can collect some mail.log errors for you.
sent? Can we start with these? Why are these getting sent? Or are they just getting queued? Code: Mar 21 12:02:48 cloud3 postfix/smtp[679]: BB3876DCEA: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=17, delays=7/0/0/10, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 841C16DCF5) Mar 21 12:02:48 cloud3 postfix/smtp[679]: BB3876DCEA: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=17, delays=7/0/0/10, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 841C16DCF5) Mar 21 12:02:48 cloud3 postfix/smtp[679]: BB3876DCEA: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=17, delays=7/0/0/10, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 841C16DCF5) Also, what about this, is this legit? Code: Mar 21 09:26:51 cloud3 postfix/smtp[12483]: 387ED6DA17: to=<[email protected]>, relay=mx3.hotmail.com[xxx.xxx.xxx.xxx]:25, delay=5.7, delays=0.02/0.08/5.4/0.21, dsn=5.0.0, status=bounced (host mx3.hotmail.com[xxx.xxx.xxx.xxx] said: 550 Requested action not taken: mailbox unavailable (in reply to RCPT TO command)) Mar 21 09:26:52 cloud3 postfix/smtp[12483]: 387ED6DA17: to=<[email protected]>, relay=mx3.hotmail.com[xxx.xxx.xxx.xxx]:25, delay=6, delays=0.02/0.08/5.4/0.5, dsn=2.0.0, status=sent (250 <[email protected]> Queued mail for delivery) Mar 21 09:26:52 cloud3 postfix/cleanup[10561]: 409B96D85B: message-id=<[email protected]> Mar 21 09:26:52 cloud3 postfix/qmgr[20377]: 409B96D85B: from=<>, size=3743, nrcpt=1 (queue active) Mar 21 09:26:52 cloud3 postfix/bounce[12488]: 387ED6DA17: sender non-delivery notification: 409B96D85B Mar 21 09:26:52 cloud3 postfix/qmgr[20377]: 387ED6DA17: removed Mar 21 09:26:52 cloud3 dovecot: auth-worker(12492): mysql(localhost): Connected to database dbispconfig Mar 21 09:26:52 cloud3 dovecot: lda([email protected]): sieve: msgid=<[email protected]>: stored mail into mailbox 'INBOX' Mar 21 09:26:52 cloud3 postfix/pipe[12490]: 409B96D85B: to=<[email protected]>, relay=dovecot, delay=0.08, delays=0/0.01/0/0.07, dsn=2.0.0, status=sent (delivered via dovecot service) Mar 21 09:26:52 cloud3 postfix/qmgr[20377]: 409B96D85B: removed I have 22 messages in mailqueue, so I dunno. I think I'm sending spam still.
New Jargon from the Server! Code: Out: 220 cloud3.megabotix.com ESMTP Postfix (Ubuntu) In: EHLO localhost Out: 250-cloud3.megabotix.com Out: 250-PIPELINING Out: 250-SIZE Out: 250-VRFY Out: 250-ETRN Out: 250-STARTTLS Out: 250-AUTH PLAIN LOGIN Out: 250-AUTH=PLAIN LOGIN Out: 250-ENHANCEDSTATUSCODES Out: 250-8BITMIME Out: 250 DSN In: MAIL FROM:<[email protected]> BODY=7BIT Out: 250 2.1.0 Ok In: RCPT TO:<[email protected]> ORCPT=rfc822;[email protected] Out: 250 2.1.5 Ok In: RCPT TO:<[email protected]> ORCPT=rfc822;[email protected] Out: 250 2.1.5 Ok In: RCPT TO:<[email protected]> ORCPT=rfc822;[email protected] Out: 250 2.1.5 Ok In: RCPT TO:<[email protected]> ORCPT=rfc822;[email protected] Out: 250 2.1.5 Ok In: RCPT TO:<[email protected]> ORCPT=rfc822;[email protected] Out: 250 2.1.5 Ok In: RCPT TO:<[email protected]> ORCPT=rfc822;[email protected] Out: 250 2.1.5 Ok In: RCPT TO:<[email protected]> ORCPT=rfc822;[email protected] Out: 250 2.1.5 Ok In: DATA Out: 354 End data with <CR><LF>.<CR><LF> Out: 451 4.3.0 Error: queue file write error In: QUIT Out: 221 2.0.0 Bye
This is the kind of message I keep getting returned as undelivered. Why are these even being considered for delivery in the first place? Something is W-R-O-N-G! Thanks for your consideration! Code: Return-Path: <[email protected]> Received: from localhost (localhost [127.0.0.1]) by cloud3.megabotix.com (Postfix) with ESMTP id 039286EE5D; Sun, 23 Mar 2014 17:32:04 -0400 (EDT) X-Virus-Scanned: Debian amavisd-new at cloud3.megabotix.com Received: from cloud3.megabotix.com ([127.0.0.1]) by localhost (megabotix.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lUf4b7QFAr1X; Sun, 23 Mar 2014 17:32:01 -0400 (EDT) Received: from megabotix.com (unknown [195.58.246.26]) (Authenticated sender: [email protected]) by cloud3.megabotix.com (Postfix) with ESMTPA id 962306EE5B; Sun, 23 Mar 2014 17:31:59 -0400 (EDT) From: "matrix5" <[email protected]> To: "anglnurse 86" <[email protected]>, "mavi727" <[email protected]>, "iremsu 60" <[email protected]>, "sude 00 86" <[email protected]> Subject: matrix5 Date: Sat, 23 Mar 2014 10:31:59 +0100 MIME-Version: 1.0 X-mailer: Microsoft Office Outlook, Build 11.0.5510 Reply-To: [email protected] Content-type: multipart/alternative; boundary="----=_NextPart_000_7B6F_02B9D995.56E05387" X-Antivirus: avast! (VPS 140323-1, 23.03.2014), Outbound message X-Antivirus-Status: Clean Message-Id: <[email protected]>
Hi, Can you please include your main.cf ? @indiadamjones please check your maillogs for a mail with id 256546DCAF sent just minutes ago and include the logs in here.
Here is the main.cf will post the email info from log file in a few minutes. Thank you. Code: # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = /usr/share/doc/postfix # TLS parameters smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = cloud3.megabotix.com alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases myorigin = /etc/mailname mydestination = $myhostname, localhost.$mydomain, localhost relayhost = mynetworks = 127.0.0.0/8, [::ffff:127.0.0.0]/104, [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all html_directory = /usr/share/doc/postfix/html virtual_alias_domains = virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf, hash:/var/lib/mailman/data/virtual-mailman virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 inet_protocols = all smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023 #smtpd_recipient_restrictions = permit_mynetworkds, permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhause.org, check_policy_service inet:127.0.0.1:10023 smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client_hostname, check_client_access mysql:/etc/postfix/mysql-virtual_client.cf, reject_rbl_client cbl.abuseat.org, reject_rbl_client b.barracudacentral.org smtpd_tls_security_level = may smtpd_tls_protocols = !SSLv2, !SSLv3 transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks smtpd_sender_restrictions = reject_unknown_sender_domain smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client_hostname, check_client_access mysql:/etc/postfix/mysql-virtual_client.cf smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = dovecot header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks owner_request_special = no dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth message_size_limit = 0 smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname smtpd_data_restrictions = reject_unauth_pipelining smtpd_delay_reject = yes #policy-spf_time_limit = 3600s strict_rfc821_envelopes = yes content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings queue_directory = /var/spool/postfix
Hi, smtpd_sender_restrictions seem a bit open to me. In my eyes this seem like an open relay, with some slight restrictions. What exactly did you edit in the main.cf? Currently you seem to allow mails being sent as long as the domain is known to your smtp. Try; Code: smtpd_sender_restrictions = permit_sasl_authenticated reject_unknown_sender_domain instead of; Code: smtpd_sender_restrictions = reject_unknown_sender_domain
Changed, smtpd_sender_restrictions as per you instructions. I've changed quite a few things, and I'm not sure I could tell you what I changed. I mostly tried to follow steps for Hardening email using Dovecot and the services I've listed. Here is the record from the mail you send through. Code: Mar 24 08:30:26 cloud3 postfix/smtpd[12648]: 256546DCAF: client=servernet.se[88.198.51.45] Mar 24 08:30:51 cloud3 postfix/cleanup[12769]: 256546DCAF: message-id=<> Mar 24 08:30:51 cloud3 postfix/qmgr[20377]: 256546DCAF: from=<[email protected]>, size=316, nrcpt=1 (queue active) Mar 24 08:30:52 cloud3 postfix/smtpd[12772]: connect from localhost[127.0.0.1] Mar 24 08:30:52 cloud3 postfix/smtpd[12772]: B92896DCB0: client=localhost[127.0.0.1] Mar 24 08:30:52 cloud3 postfix/cleanup[12769]: B92896DCB0: message-id=<[email protected]> Mar 24 08:30:52 cloud3 postfix/qmgr[20377]: B92896DCB0: from=<[email protected]>, size=1226, nrcpt=1 (queue active) Mar 24 08:30:52 cloud3 postfix/smtpd[12772]: disconnect from localhost[127.0.0.1] Mar 24 08:30:52 cloud3 amavis[21471]: (21471-17) Passed BAD-HEADER-7 {RelayedInbound}, [88.198.51.45]:10389 [88.198.51.45] <[email protected]> -> <[email protected]>, Queue-ID: 256546DCAF, mail_id: 3DgMnohHPA71, Hits: 3.663, size: 316, queued_as: B92896DCB0, 1004 ms Mar 24 08:30:52 cloud3 postfix/smtp[12770]: 256546DCAF: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=139, delays=138/0.01/0/1, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B92896DCB0) Mar 24 08:30:52 cloud3 postfix/qmgr[20377]: 256546DCAF: removed I got a message from myself this morning (I didn't send it), Subject: Ur an open relay, guess that was you! Thanks!
Hi, Yes, that was me running a few tests. I can't get through right now so please keep a close eye on your logs from now on. I can't see any more mails being able to go through without being autenticated. Please ensure that you can send mails as supposed. Code: (to) megabotix.com 25 Trying 192.241.146.73... Connected to megabotix.com. Escape character is '^]'. 220 cloud3.megabotix.com ESMTP Postfix (Ubuntu) HELO megabotix.com 250 cloud3.megabotix.com FROM:<[email protected]> 221 2.7.0 Error: I can break rules, too. Goodbye. Connection closed by foreign host
Great work hunting down that smtpd restriction. I'll keep a close eye on my logs now. I've tested a couple of my email addresses and everything is flowing smoothly. I've been working on this for about three or more weeks, so if this is cleared now, THANK YOU SO MUCH!
