I have installed webmin on my VPS. I'm hosting only one domain on that vps
I use postfix as MTA
I have this strange issue of unknown users sending emails from my server. The following is sample email headers from unknown senders, How do I stop unknown senders from using my server to send emails. (The amount of emails sent are in thousands)
----------------------------------------------------------------------------------
Received: from User (208-40-36-163.ipv4.firstcomm.com [208.40.36.163])
by control.shanbhags.com (Postfix) with ESMTPA id 00119874C75A;
Fri, 29 Nov 2013 20:34:50 +0000 (GMT)
Reply-To: <[email protected]>
From: "Albert Frank"<[email protected]>
Subject: 29/11/2013.
Date: Fri, 29 Nov 2013 15:34:51 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
-------------------------------------------------------------
My main.cf file
------------------------
# postfix config file
# uncomment for debugging if needed
soft_bounce=yes
# postfix main
setgid_group = postdrop
delay_warning_time = 4
# postfix paths
html_directory = no
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.2.2/samples
readme_directory = /usr/share/doc/postfix-2.2.2/README_FILES
# network settings
mydomain = control.example.com
myhostname = control.example.com
mynetworks = all
relay_domains = proxy:mysql:/etc/zpanel/configs/postfix/mysql-relay_domains_maps.cf
# mail delivery
recipient_delimiter = +
# mappings
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
transport_maps = hash:/etc/postfix/transport
#local_recipient_maps =
# virtual setup
virtual_alias_maps = proxy:mysql:/etc/zpanel/configs/postfix/mysql-virtual_alias_maps.cf,
regexp:/etc/zpanel/configs/postfix/virtual_regexp
virtual_mailbox_base = /var/zpanel/vmail
virtual_mailbox_domains = proxy:mysql:/etc/zpanel/configs/postfix/mysql-virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/zpanel/configs/postfix/mysql-virtual_mailbox_maps.cf
virtual_mailbox_limit_maps = proxy:mysql:/etc/zpanel/configs/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_minimum_uid = 101
virtual_uid_maps = static:101
virtual_gid_maps = static:12
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
# debugging
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
# authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
# tls config
smtp_use_tls = no
smtpd_use_tls = no
#smtp_tls_note_starttls_offer = yes
#smtpd_tls_loglevel = 1
#smtpd_tls_received_header = yes
#smtpd_tls_session_cache_timeout = 3600s
#tls_random_source = dev:/dev/urandom
#smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
# Change mail.example.com.* to your host name
#smtpd_tls_key_file = /etc/pki/tls/private/mail.example.com.key
#smtpd_tls_cert_file = /etc/pki/tls/certs/mail.example.com.crt
# smtpd_tls_CAfile = /etc/pki/tls/root.crt
# rules restrictions
smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces reject_unknown_reverse_client_hostname permit_tls_all_clientcerts
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_recipient_domain reject_rbl_client zen.spamhaus.org reject_rbl_client bl.spamcop.net reject_rbl_client dnsbl.sorbs.net permit_inet_interfaces reject_unknown_reverse_client_hostname
# uncomment for realtime black list checks
smtpd_helo_required = yes
unknown_local_recipient_reject_code = 550
disable_vrfy_command = yes
smtpd_data_restrictions = reject_unauth_pipelining
sender_bcc_maps = hash:/etc/postfix/sender_bcc
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
always_bcc = [my email address]
mynetworks_style = host
deliver_lock_attempts = 5
default_process_limit = 50000
header_size_limit = 2024
duplicate_filter_limit = 50
qmgr_message_active_limit = 500
smtpd_recipient_limit = 20
mydestination = localhost.$mydomain, localhost
default_destination_recipient_limit = 20
maximal_queue_lifetime = 1d
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_unknown_recipient_domain ,reject_rbl_client zen.spamhaus.org ,reject_rbl_client bl.spamcop.net ,reject_rbl_client dnsbl.sorbs.netsmtp_sasl_auth_enable = yes
line_length_limit = 4048
--------------------------------
If you have not already read Postfix SMTP relay and access control, please do so right away. There are a number of guidelines there about making sure that your Postfix server is secured. In particular:
If you have added or removed any restrictions to
smtpd_relay_restrictions
, review them very carefully to make sure that you have not made them more permissive than they need to be.EDIT: In your particular case, this is almost certainly the problem:
The
mynetworks
variable should only contain networks that are under your direct ownership or control, like a LAN in the office where the mail server is installed. See Postfix Configuration Parameters:There may be other issues with your configuration, but this is the one that jumped right out.