Block unknown outgoing emails

4.6k views Asked by At

I have installed webmin on my VPS. I'm hosting only one domain on that vps

I use postfix as MTA

I have this strange issue of unknown users sending emails from my server. The following is sample email headers from unknown senders, How do I stop unknown senders from using my server to send emails. (The amount of emails sent are in thousands)

----------------------------------------------------------------------------------
Received: from User (208-40-36-163.ipv4.firstcomm.com [208.40.36.163])
     by control.shanbhags.com (Postfix) with ESMTPA id 00119874C75A;
     Fri, 29 Nov 2013 20:34:50 +0000 (GMT)
Reply-To: <[email protected]>
From: "Albert Frank"<[email protected]>
Subject: 29/11/2013.
Date: Fri, 29 Nov 2013 15:34:51 -0500
MIME-Version: 1.0
Content-Type: text/plain;
     charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
-------------------------------------------------------------

My main.cf file

------------------------
# postfix config file

# uncomment for debugging if needed
soft_bounce=yes

# postfix main
setgid_group = postdrop
delay_warning_time = 4

# postfix paths
html_directory = no
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.2.2/samples
readme_directory = /usr/share/doc/postfix-2.2.2/README_FILES

# network settings
mydomain = control.example.com
myhostname = control.example.com
mynetworks = all
relay_domains = proxy:mysql:/etc/zpanel/configs/postfix/mysql-relay_domains_maps.cf

# mail delivery
recipient_delimiter = +

# mappings
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
transport_maps = hash:/etc/postfix/transport
#local_recipient_maps =

# virtual setup
virtual_alias_maps = proxy:mysql:/etc/zpanel/configs/postfix/mysql-virtual_alias_maps.cf,
                     regexp:/etc/zpanel/configs/postfix/virtual_regexp
virtual_mailbox_base = /var/zpanel/vmail
virtual_mailbox_domains = proxy:mysql:/etc/zpanel/configs/postfix/mysql-virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/zpanel/configs/postfix/mysql-virtual_mailbox_maps.cf
virtual_mailbox_limit_maps = proxy:mysql:/etc/zpanel/configs/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_minimum_uid = 101
virtual_uid_maps = static:101
virtual_gid_maps = static:12
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

# debugging
debug_peer_level = 2
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5

# authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

# tls config
smtp_use_tls = no
smtpd_use_tls = no
#smtp_tls_note_starttls_offer = yes
#smtpd_tls_loglevel = 1
#smtpd_tls_received_header = yes
#smtpd_tls_session_cache_timeout = 3600s
#tls_random_source = dev:/dev/urandom
#smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
# Change mail.example.com.* to your host name
#smtpd_tls_key_file = /etc/pki/tls/private/mail.example.com.key
#smtpd_tls_cert_file = /etc/pki/tls/certs/mail.example.com.crt
# smtpd_tls_CAfile = /etc/pki/tls/root.crt

# rules restrictions
smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces reject_unknown_reverse_client_hostname permit_tls_all_clientcerts
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_recipient_domain reject_rbl_client zen.spamhaus.org reject_rbl_client bl.spamcop.net reject_rbl_client dnsbl.sorbs.net permit_inet_interfaces reject_unknown_reverse_client_hostname
# uncomment for realtime black list checks

smtpd_helo_required = yes
unknown_local_recipient_reject_code = 550
disable_vrfy_command = yes
smtpd_data_restrictions = reject_unauth_pipelining

sender_bcc_maps = hash:/etc/postfix/sender_bcc
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
always_bcc = [my email address]
mynetworks_style = host
deliver_lock_attempts = 5
default_process_limit = 50000
header_size_limit = 2024
duplicate_filter_limit = 50
qmgr_message_active_limit = 500
smtpd_recipient_limit = 20
mydestination = localhost.$mydomain, localhost
default_destination_recipient_limit = 20
maximal_queue_lifetime = 1d
smtpd_sender_restrictions = permit_sasl_authenticated,        permit_mynetworks,        reject_unauth_destination,        reject_non_fqdn_sender,        reject_unknown_sender_domain,       reject_non_fqdn_recipient,        reject_unknown_recipient_domain       ,reject_rbl_client zen.spamhaus.org       ,reject_rbl_client bl.spamcop.net       ,reject_rbl_client dnsbl.sorbs.netsmtp_sasl_auth_enable = yes
line_length_limit = 4048
--------------------------------
1

There are 1 answers

4
Tim Pierce On

If you have not already read Postfix SMTP relay and access control, please do so right away. There are a number of guidelines there about making sure that your Postfix server is secured. In particular:

    By default, Postfix has a moderately restrictive approach to mail relaying.
    Postfix forwards mail only from clients in trusted networks, from clients
    that have authenticated with SASL, or to domains that are configured as
    authorized relay destinations.

If you have added or removed any restrictions to smtpd_relay_restrictions, review them very carefully to make sure that you have not made them more permissive than they need to be.

EDIT: In your particular case, this is almost certainly the problem:

    mynetworks = all

The mynetworks variable should only contain networks that are under your direct ownership or control, like a LAN in the office where the mail server is installed. See Postfix Configuration Parameters:

mynetworks (default: see "postconf -d" output)

The list of "trusted" remote SMTP clients that have more privileges than "strangers".

In particular, "trusted" SMTP clients are allowed to relay mail through Postfix.

There may be other issues with your configuration, but this is the one that jumped right out.