1

Topic: SPAM iredmail

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
======== Required information ====
- iRedMail version (check /etc/iredmail-release): 2.3.1PRO
- Linux/BSD distribution name and version: 12:04LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx):Apache
- Manage mail accounts with iRedAdmin-Pro?YES
- Related log if you're reporting an issue:
====
Hi

My iredapd log.
2015-09-13 02:29:58 INFO Starting iRedAPD (version: 1.6.0, backend: ldap), listening on 127.0.0.1:7777.
2015-09-13 02:29:58 INFO Loading plugin: reject_null_sender
2015-09-13 02:29:58 ERROR Error while loading plugin (reject_sender_login_mismatch): unexpected indent (reject_sender_login_mismatch.py, line 23)
2015-09-13 02:29:58 INFO Loading plugin: amavisd_wblist
2015-09-13 02:29:58 INFO Loading plugin: ldap_maillist_access_policy
2015-09-13 02:29:58 INFO Loading plugin: ldap_amavisd_block_blacklisted_senders
2015-09-13 02:29:58 INFO Loading plugin: ldap_recipient_restrictions
2015-09-13 02:30:11 INFO [99.198.116.38] RCPT, ofhs4t@hotmail.com -> janine_ar@yahoo.com.br, DUNNO
2015-09-13 02:30:11 INFO [99.198.116.38] RCPT, ofhs4t@hotmail.com -> janine_ar@yahoo.com.br, DUNNO
2015-09-13 02:30:13 INFO [99.198.116.38] RCPT, ofhs4t@hotmail.com -> dilenecs@hotmail.com, DUNNO
2015-09-13 02:30:13 INFO [99.198.116.38] RCPT, n8xfag@gmail.com -> lilia_lima88@hotmail.com, OK wblist=(1, 581, 'W')
2015-09-13 02:30:13 INFO [99.198.116.38] RCPT, n8xfag@gmail.com -> lilia_lima88@hotmail.com, OK wblist=(1, 581, 'W')
2015-09-13 02:30:13 INFO [99.198.116.38] RCPT, n8xfag@gmail.com -> boyplanalto@hotmail.com, OK wblist=(1, 581, 'W')
2015-09-13 02:30:14 INFO [99.198.116.38] RCPT, n8xfag@gmail.com -> marcelo.lanzo@hotmail.com, OK wblist=(1, 581, 'W')
2015-09-13 02:30:14 INFO [99.198.116.38] RCPT, ofhs4t@hotmail.com -> mordon_dk_sam@yahoo.com.br, DUNNO
2015-09-13 02:30:14 INFO [99.198.116.38] RCPT, n8xfag@gmail.com -> cmoreira@prservicos.com.br, OK wblist=(1, 581, 'W')
2015-09-13 02:30:14 INFO [99.198.116.38] RCPT, n8xfag@gmail.com -> teacherevandro@hotmail.com, OK wblist=(1, 581, 'W')
2015-09-13 02:30:14 INFO [99.198.116.38] RCPT, n8xfag@gmail.com -> bruno.leitao.oliveira@gmail.com, OK wblist=(1, 581, 'W')
2015-09-13 02:30:14 INFO [99.198.116.38] RCPT, n8xfag@gmail.com -> cirrus_yukon@hotmail.com, OK wblist=(1, 581, 'W')
2015-09-13 02:30:15 INFO [99.198.116.38] RCPT, n8xfag@gmail.com -> kelly.tang.adv@hotmail.com, OK wblist=(1, 581, 'W')
2015-09-13 02:30:15 INFO [99.198.116.38] RCPT, n8xfag@gmail.com -> fran21_santos@hotmail.com, OK wblist=(1, 581, 'W')
2015-09-13 02:30:15 INFO [99.198.116.38] RCPT, n8xfag@gmail.com -> guilierme@bol.com.br, OK wblist=(1, 581, 'W')
2015-09-13 02:30:15 INFO [99.198.116.38] RCPT, ofhs4t@hotmail.com -> wsansacirculando@globofm.com.br, DUNNO
2015-09-13 02:30:16 INFO [99.198.116.38] RCPT, ofhs4t@hotmail.com -> gustavocom@hotmail.com, DUNNO
2015-09-13 02:30:18 INFO [99.198.116.38] RCPT, ofhs4t@hotmail.com -> ewertonruvolo@gmail.com, DUNNO
2015-09-13 02:30:19 INFO [99.198.116.38] RCPT, ofhs4t@hotmail.com -> elisa.alberto@terra.com.br, DUNNO
2015-09-13 02:30:20 INFO [99.198.116.38] RCPT, ofhs4t@hotmail.com -> earrez@hotmail.com, DUNNO
2015-09-13 02:30:21 INFO [99.198.116.38] RCPT, ofhs4t@hotmail.com -> nokiawlotter@bricksmail.com, DUNNO
2015-09-13 02:30:23 INFO [99.198.116.38] RCPT, ofhs4t@hotmail.com -> gdenckzuk@hotmail.com, DUNNO
2015-09-13 02:30:26 INFO [99.198.116.38] RCPT, vz3u3@gmail.com -> girottocontabil@outlook.com, OK wblist=(1, 581, 'W')
2015-09-13 02:30:26 INFO [99.198.116.38] RCPT, vz3u3@gmail.com -> girottocontabil@outlook.com, OK wblist=(1, 581, 'W')
2015-09-13 02:30:26 INFO [99.198.116.38] RCPT, vz3u3@gmail.com -> ffolyd@msn.com, OK wblist=(1, 581, 'W')
2015-09-13 02:30:27 INFO [99.198.116.38] RCPT, vz3u3@gmail.com -> elypenha@hotmail.com, OK wblist=(1, 581, 'W')
2015-09-13 02:30:27 INFO [99.198.116.38] RCPT, vz3u3@gmail.com -> paulmattos1@gmail.com, OK wblist=(1, 581, 'W')
2015-09-13 02:30:27 INFO [99.198.116.38] RCPT, vz3u3@gmail.com -> ivine.ribeiro@gmail.com, OK wblist=(1, 581, 'W')
2015-09-13 02:30:27 INFO [99.198.116.38] RCPT, vz3u3@gmail.com -> suporte@idaam.com.br, OK wblist=(1, 581, 'W')
2015-09-13 02:30:28 INFO [99.198.116.38] RCPT, vz3u3@gmail.com -> fa.junior@globo.com, OK wblist=(1, 581, 'W')
2015-09-13 02:30:28 INFO [99.198.116.38] RCPT, vz3u3@gmail.com -> eduardosantos2006@yahoo.com.br, OK wblist=(1, 581, 'W')
2015-09-13 02:30:28 INFO [99.198.116.38] RCPT, vz3u3@gmail.com -> evandrofirme@bol.com.br, OK wblist=(1, 581, 'W')
2015-09-13 02:30:28 INFO [99.198.116.38] RCPT, vz3u3@gmail.com -> natalina639@hotmail.com, OK wblist=(1, 581, 'W')
2015-09-13 02:30:39 INFO [99.198.116.38] RCPT, szyshbp@gmail.com -> tillalima@uol.com.br, OK wblist=(1, 581, 'W')
2015-09-13 02:30:39 INFO [99.198.116.38] RCPT, szyshbp@gmail.com -> tillalima@uol.com.br, OK wblist=(1, 581, 'W')
2015-09-13 02:30:39 INFO [99.198.116.38] RCPT, szyshbp@gmail.com -> claudia@linhapura.com.br, OK wblist=(1, 581, 'W')
2015-09-13 02:30:40 INFO [99.198.116.38] RCPT, szyshbp@gmail.com -> didaf123@hotmail.com, OK wblist=(1, 581, 'W')
2015-09-13 02:30:40 INFO [99.198.116.38] RCPT, szyshbp@gmail.com -> jeovah.ferreira@ig.com.br, OK wblist=(1, 581, 'W')
2015-09-13 02:30:40 INFO [99.198.116.38] RCPT, szyshbp@gmail.com -> k.lepard@hotmail.com, OK wblist=(1, 581, 'W')
2015-09-13 02:30:40 INFO [99.198.116.38] RCPT, szyshbp@gmail.com -> rbienes@itaubank.com.br, OK wblist=(1, 581, 'W')
2015-09-13 02:30:41 INFO [99.198.116.38] RCPT, szyshbp@gmail.com -> cmdday@hotmail.com, OK wblist=(1, 581, 'W')
2015-09-13 02:30:41 INFO [99.198.116.38] RCPT, szyshbp@gmail.com -> laly_laismenezes@hotmail.com, OK wblist=(1, 581, 'W')
2015-09-13 02:30:41 INFO [99.198.116.38] RCPT, szyshbp@gmail.com -> claudinhocdc-7@hotmail.com, OK wblist=(1, 581, 'W')
2015-09-13 02:30:41 INFO [99.198.116.38] RCPT, szyshbp@gmail.com -> arthurmangabeira@hotmail.com, OK wblist=(1, 581, 'W')
2015-09-13 02:30:49 INFO [99.198.116.38] RCPT, iom20tue@hotmail.com -> renata100feliz@bol.com.br, DUNNO
2015-09-13 02:30:49 INFO [99.198.116.38] RCPT, iom20tue@hotmail.com -> renata100feliz@bol.com.br, DUNNO
2015-09-13 02:30:50 INFO [99.198.116.38] RCPT, iom20tue@hotmail.com -> rantonioborges@ibest.com.br, DUNNO
2015-09-13 02:30:51 INFO [99.198.116.38] RCPT, iom20tue@hotmail.com -> andreacristinaalves@hotmail.com, DUNNO
2015-09-13 02:30:52 INFO [99.198.116.38] RCPT, iom20tue@hotmail.com -> thomas.poubel@hotmail.com, DUNNO
2015-09-13 02:30:54 INFO [99.198.116.38] RCPT, iom20tue@hotmail.com -> daltonaravestruz@hotmail.com, DUNNO
2015-09-13 02:30:55 INFO [99.198.116.38] RCPT, iom20tue@hotmail.com -> tiagopgadelha@hotmail.com, DUNNO

I thing my e-mail server send spam. My e-mail server (@smiltene.lv)
How to stop SPAM. ?
Any suggestions?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: SPAM iredmail

platpirs wrote:

2015-09-13 02:29:58 ERROR Error while loading plugin (reject_sender_login_mismatch): unexpected indent (reject_sender_login_mismatch.py, line 23)

Did you modify file /opt/iredapd/plugins/reject_sender_login_mismatch.py? There's some syntax error (unexpected indent) which causes this plugin is not applied.

Please download iRedAPD-1.6.0 below, then copy file plugins/reject_sender_login_mismatch.py to /opt/iredapd/plugins/reject_sender_login_mismatch.py (override it), and restart iRedAPDs service:
http://www.iredmail.org/yum/misc/

3

Re: SPAM iredmail

ZhangHuangbin wrote:
platpirs wrote:

2015-09-13 02:29:58 ERROR Error while loading plugin (reject_sender_login_mismatch): unexpected indent (reject_sender_login_mismatch.py, line 23)

Did you modify file /opt/iredapd/plugins/reject_sender_login_mismatch.py? There's some syntax error (unexpected indent) which causes this plugin is not applied.

Yes. I added ALLOWED_LOGIN_MISMATCH_SENDERS .

Please download iRedAPD-1.6.0 below, then copy file plugins/reject_sender_login_mismatch.py to /opt/iredapd/plugins/reject_sender_login_mismatch.py (override it), and restart iRedAPDs service:
http://www.iredmail.org/yum/misc/

I copy new reject_sender_login_mismatch.py.Restart plugin. I copy to /opt/iredapd1.6.0/plugins/reject_sender_login_mismach.py.

2015-09-16 18:53:49 INFO Starting iRedAPD (version: 1.6.0, backend: ldap), listening on 127.0.0.1:7777.
2015-09-16 18:53:49 INFO Loading plugin: reject_null_sender
2015-09-16 18:53:49 INFO Loading plugin: reject_sender_login_mismatch
2015-09-16 18:53:49 INFO Loading plugin: amavisd_wblist
2015-09-16 18:53:49 INFO Loading plugin: ldap_maillist_access_policy
2015-09-16 18:53:49 INFO Loading plugin: ldap_amavisd_block_blacklisted_senders
2015-09-16 18:53:49 INFO Loading plugin: ldap_recipient_restrictions
2015-09-16 18:54:11 INFO [99.198.116.36] RCPT, youiah@uol.com.br -> t-r-v@hotmail.com, DUNNO
2015-09-16 18:54:11 INFO [99.198.116.36] RCPT, youiah@uol.com.br -> t-r-v@hotmail.com, DUNNO
2015-09-16 18:54:12 INFO [99.198.116.36] RCPT, youiah@uol.com.br -> zoop2@hotmail.com, DUNNO
2015-09-16 18:54:13 INFO [99.198.116.36] RCPT, youiah@uol.com.br -> rssmith10@hotmail.com, DUNNO
2015-09-16 18:54:15 INFO [99.198.116.36] RCPT, youiah@uol.com.br -> marcosdterra@hotmail.com, DUNNO
2015-09-16 18:54:16 INFO [99.198.116.36] RCPT, youiah@uol.com.br -> renato_f_7@hotmail.com, DUNNO
2015-09-16 18:54:17 INFO [99.198.116.36] RCPT, youiah@uol.com.br -> nanypachecco@outlook.com, DUNNO
There is no result. SPAM continue.
How to solves this problem?

4

Re: SPAM iredmail

Is youiah@uol.com.br your mail user? If yes, please reset its password immediately.

5

Re: SPAM iredmail

ZhangHuangbin wrote:

Is youiah@uol.com.br your mail user? If yes, please reset its password immediately.

No. youiah@uol.com.br is not my e-mail user. My e-mail server is @smiltene.lv (one domain).

6

Re: SPAM iredmail

Any suggestions?

How to solve the problem?

platpirs wrote:
ZhangHuangbin wrote:

Is youiah@uol.com.br your mail user? If yes, please reset its password immediately.

No. youiah@uol.com.br is not my e-mail user. My e-mail server is @smiltene.lv (one domain).

7

Re: SPAM iredmail

Try this:

*) Download script 'find_top_sasl_usernames.sh' here:
https://bitbucket.org/zhb/iredmail/src/ … ail/tools/

*) Run 'find_top_sasl_usernames.sh':

# bash find_top_sasl_usernames.sh /var/log/mail.log

It will show you sasl usernames (smtp authentication account) with authentication times, pay close attention to the top 1, if it sent out many emails, it might be the mail account which was cracked by spammer, please reset its password immediately and keep monitoring this spam issue.

To reset password, we have a document for you:
http://www.iredmail.org/docs/reset.user.password.html

8

Re: SPAM iredmail

ZhangHuangbin wrote:

Try this:

*) Download script 'find_top_sasl_usernames.sh' here:
https://bitbucket.org/zhb/iredmail/src/ … ail/tools/

*) Run 'find_top_sasl_usernames.sh':

# bash find_top_sasl_usernames.sh /var/log/mail.log

It will show you sasl usernames (smtp authentication account) with authentication times, pay close attention to the top 1, if it sent out many emails, it might be the mail account which was cracked by spammer, please reset its password immediately and keep monitoring this spam issue.

To reset password, we have a document for you:
http://www.iredmail.org/docs/reset.user.password.html




Hi

I run the script 'find_top_sasl_usernames.sh'. These e-mail dont sent out many emails. But for safety  I changed the passwords.
But in the next day SPAM continued.

In my iredapd log I see SPAM events. But in mail.log I dont see SPAM events. why it?

Maybe you can suggest something?

my Iredapd.log (18.09.2015.)
2015-09-18 14:13:27 INFO [91.216.1.61] RCPT, Zane.Brivmane@lm.gov.lv -> prese@smiltene.lv, DUNNO
2015-09-18 14:14:04 INFO [89.111.5.42] RCPT,  -> prese@smiltene.lv, REJECT Policy rejection
2015-09-18 14:14:35 INFO [127.0.0.1] RCPT, biblioteka@smiltene.lv -> airaistu11@inbox.lv, DUNNO
2015-09-18 14:15:36 INFO [108.163.248.110] RCPT, fijn@hotmail.com -> piresrickser1@ig.com.br, DUNNO
2015-09-18 14:15:36 INFO [108.163.248.110] RCPT, fijn@hotmail.com -> piresrickser1@ig.com.br, DUNNO
2015-09-18 14:15:38 INFO [108.163.248.110] RCPT, fijn@hotmail.com -> teste12.pop3@hotmail.com, REJECT Policy rejection not logged in
2015-09-18 14:15:38 INFO [108.163.248.110] RCPT, fijn@hotmail.com -> teste1000_pop3@yahoo.com.br, DUNNO
2015-09-18 14:15:39 INFO [108.163.248.110] RCPT, fijn@hotmail.com -> piresrickser1@ig.com.br, DUNNO
2015-09-18 14:15:40 INFO [108.163.248.110] RCPT, fijn@hotmail.com -> teste12.pop3@hotmail.com, REJECT Policy rejection not logged in
2015-09-18 14:15:40 INFO [108.163.248.110] RCPT, fijn@hotmail.com -> teste1000_pop3@yahoo.com.br, DUNNO
2015-09-18 14:15:42 INFO [108.163.248.110] RCPT, fijn@hotmail.com -> piresrickser1@ig.com.br, DUNNO
2015-09-18 14:15:43 INFO [108.163.248.110] RCPT, fijn@hotmail.com -> teste12.pop3@hotmail.com, REJECT Policy rejection not logged in
2015-09-18 14:15:43 INFO [108.163.248.110] RCPT, fijn@hotmail.com -> teste1000_pop3@yahoo.com.br, DUNNO
2015-09-18 14:15:44 INFO [108.163.248.110] RCPT, fijn@hotmail.com -> piresrickser1@ig.com.br, DUNNO
2015-09-18 14:16:22 INFO [78.28.242.8] RCPT, ginta.jevtina@vtu-valmiera.lv -> izgl_parvalde@smiltene.lv, DUNNO
2015-09-18 14:18:54 INFO [195.216.236.82] RCPT, inese.asarite@vecpiebalga.lv -> andris.lapins@smiltene.lv, DUNNO
2015-09-18 14:21:01 INFO [127.0.0.1] RCPT, arnita.freiberga@smiltene.lv -> maija.eglite@smiltene.lv, DUNNO
2015-09-18 14:21:13 INFO [10.10.0.1] RCPT, karlis.lapins@smiltene.lv -> dome@smiltene.lv, DUNNO
2015-09-18 14:21:18 INFO [81.198.164.220] RCPT, prvs=1701aec4a8=kase@lnso.lv -> dome@smiltene.lv, DUNNO
2015-09-18 14:23:00 INFO [180.103.216.173] RCPT, wild_duck@hanimail.com -> biblioteka@smiltene.lv, DUNNO
2015-09-18 14:23:51 INFO [159.148.65.77] RCPT, info@vas.gov.lv -> aurika.zivere@smiltene.lv, DUNNO
2015-09-18 14:23:52 INFO [159.148.65.77] RCPT, info@vas.gov.lv -> dome@smiltene.lv, DUNNO
2015-09-18 14:23:53 INFO [159.148.65.77] RCPT, info@vas.gov.lv -> karlis.lapins@smiltene.lv, DUNNO
2015-09-18 14:23:56 INFO [194.152.32.81] RCPT, grundzales.pagasts@inbox.lv -> grundzale@smiltene.lv, DUNNO
2015-09-18 14:23:58 INFO [194.152.32.83] RCPT, bilskas.pagasts@inbox.lv -> bilska@smiltene.lv, DUNNO
2015-09-18 14:23:58 INFO [194.152.32.84] RCPT, pagastsbranti@inbox.lv -> branti@smiltene.lv, DUNNO
2015-09-18 14:23:59 INFO [194.152.32.82] RCPT, blomespagasts@inbox.lv -> blome@smiltene.lv, DUNNO
2015-09-18 14:24:00 INFO [10.10.0.1] RCPT, karlis.lapins@smiltene.lv -> dome@smiltene.lv, DUNNO
2015-09-18 14:25:47 INFO [127.0.0.1] RCPT, dome@smiltene.lv -> kac.valka@vzd.gov.lv, DUNNO
2015-09-18 14:26:17 INFO [127.0.0.1] RCPT, ilona.cekalina@smiltene.lv -> julija.egle@smiltene.lv, DUNNO
2015-09-18 14:26:26 INFO [127.0.0.1] RCPT, dome@smiltene.lv -> kac.valka@vzd.gov.lv, DUNNO
2015-09-18 14:26:26 INFO [127.0.0.1] RCPT, dome@smiltene.lv -> ilze.rusina@smiltene.lv, DUNNO
2015-09-18 14:26:51 INFO [159.148.79.214] RCPT, metrija@inbox.lv -> topo@smiltene.lv, DUNNO
2015-09-18 14:26:56 INFO [127.0.0.1] RCPT, dome@smiltene.lv -> ilze.rusina@smiltene.lv, DUNNO
2015-09-18 14:26:58 INFO [195.244.155.185] RCPT, webmaster@mk.gov.lv -> laima.smite@smiltene.lv, DUNNO
2015-09-18 14:29:50 INFO [178.16.20.92] RCPT, info@inetarudzite.lv -> s3pp@smiltene.lv, DUNNO
2015-09-18 14:31:16 INFO [127.0.0.1] RCPT, inese.lazdina@smiltene.lv -> ieva.kalnina_1988@inbox.lv, DUNNO
2015-09-18 14:31:16 INFO [127.0.0.1] RCPT, inese.lazdina@smiltene.lv -> alda.zunde@smiltene.lv, DUNNO
2015-09-18 14:31:17 INFO [127.0.0.1] RCPT, inese.lazdina@smiltene.lv -> andris.sinka@smiltene.lv, DUNNO
2015-09-18 14:31:18 INFO [127.0.0.1] RCPT, inese.lazdina@smiltene.lv -> ilze.rusina@smiltene.lv, DUNNO
2015-09-18 14:31:20 INFO [194.152.32.84] RCPT, draugs-sd@inbox.lv -> maris.rungulis@smiltene.lv, DUNNO
2015-09-18 14:32:51 INFO [127.0.0.1] RCPT, arnis.platpirs@smiltene.lv -> elvijs.ivans@smiltene.lv, DUNNO
2015-09-18 14:36:40 INFO [81.198.164.220] RCPT, prvs=1701aec4a8=kase@lnso.lv -> dome@smiltene.lv, DUNNO
2015-09-18 14:37:05 INFO [127.0.0.1] RCPT, izgl_parvalde@smiltene.lv -> info@sii.lv, DUNNO
2015-09-18 14:37:26 INFO [127.0.0.1] RCPT, larisa.podoprosvetova@smiltene.lv -> sandra.lavina@smiltene.lv, DUNNO
2015-09-18 14:41:42 INFO [61.12.76.10] RCPT, cgcpu@boussac.com -> lita.licite@smiltene.lv, DUNNO
2015-09-18 14:41:42 INFO [61.12.76.10] RCPT, cgcpu@boussac.com -> piladzitis@smiltene.lv, DUNNO
2015-09-18 14:43:33 INFO [195.244.155.185] RCPT, Baiba.Jakovleva@mk.gov.lv -> dome@smiltene.lv, DUNNO
2015-09-18 14:43:33 INFO [195.244.155.185] RCPT, Baiba.Jakovleva@mk.gov.lv -> iepirkumi@smiltene.lv, DUNNO
2015-09-18 14:44:04 INFO [89.111.5.42] RCPT,  -> prese@smiltene.lv, REJECT Policy rejection

My mail.log file (18.09.2015.)
Sep 18 14:13:29 mail postfix/qmgr[1444]: E98EE261A001: removed
Sep 18 14:14:04 mail postfix/smtpd[24155]: connect from smtp-03.deac.lv[89.111.5.42]
Sep 18 14:14:04 mail postfix/smtpd[24155]: NOQUEUE: reject: RCPT from smtp-03.deac.lv[89.111.5.42]: 554 5.7.1 <prese@smiltene.lv>: Recipient address rejected: Policy rejection; from=<> to=<prese@smiltene.lv> proto=ESMTP helo=<smtp-03.dea
c.lv>
Sep 18 14:14:04 mail postfix/smtpd[24155]: disconnect from smtp-03.deac.lv[89.111.5.42]
Sep 18 14:14:35 mail postfix/smtpd[24383]: connect from localhost.localdomain[127.0.0.1]
Sep 18 14:14:35 mail postfix/smtpd[24383]: B57482C8B34: client=localhost.localdomain[127.0.0.1], sasl_method=LOGIN, sasl_username=biblioteka@smiltene.lv
Sep 18 14:14:35 mail postfix/cleanup[24131]: B57482C8B34: message-id=<e33058c416bdd7124095cc075120597b@smiltene.lv>
Sep 18 14:14:36 mail postfix/qmgr[1444]: B57482C8B34: from=<biblioteka@smiltene.lv>, size=10633, nrcpt=1 (queue active)
Sep 18 14:14:36 mail roundcube: <0514ntuh> User biblioteka@smiltene.lv [91.200.64.159]; Message for airaistu11@inbox.lv; 250: 2.0.0 Ok: queued as B57482C8B34
Sep 18 14:14:37 mail postfix/smtpd[24383]: disconnect from localhost.localdomain[127.0.0.1]
Sep 18 14:14:41 mail postfix/smtpd[24145]: connect from localhost.localdomain[127.0.0.1]
Sep 18 14:14:41 mail postfix/smtpd[24145]: 25C932C8C29: client=localhost.localdomain[127.0.0.1]
Sep 18 14:14:41 mail postfix/cleanup[24141]: 25C932C8C29: message-id=<e33058c416bdd7124095cc075120597b@smiltene.lv>
Sep 18 14:14:41 mail postfix/smtpd[24145]: disconnect from localhost.localdomain[127.0.0.1]
Sep 18 14:14:41 mail postfix/qmgr[1444]: 25C932C8C29: from=<biblioteka@smiltene.lv>, size=11474, nrcpt=1 (queue active)
Sep 18 14:14:41 mail amavis[7651]: (07651-16) Passed CLEAN, MYNETS/MYUSERS LOCAL [127.0.0.1] [127.0.0.1] <biblioteka@smiltene.lv> -> <airaistu11@inbox.lv>, Message-ID: <e33058c416bdd7124095cc075120597b@smiltene.lv>, mail_id: pTIJNYGW-ZSg
, Hits: -12, size: 10981, queued_as: 25C932C8C29, dkim_id=@smiltene.lv, 4339 ms
Sep 18 14:14:41 mail postfix/smtp[24142]: B57482C8B34: to=<airaistu11@inbox.lv>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.5, delays=1.2/0/0/4.3, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 25C9
32C8C29)
Sep 18 14:14:41 mail postfix/qmgr[1444]: B57482C8B34: removed
Sep 18 14:14:41 mail postfix/smtp[24410]: 25C932C8C29: to=<airaistu11@inbox.lv>, relay=mx1.inbox.lv[194.152.32.74]:25, delay=0.31, delays=0.05/0.01/0.09/0.16, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 68B781FF94)
Sep 18 14:14:41 mail postfix/qmgr[1444]: 25C932C8C29: removed
Sep 18 14:15:36 mail postfix/smtpd[24155]: warning: hostname server02windows.datahop.com does not resolve to address 108.163.248.110
Sep 18 14:15:36 mail postfix/smtpd[24155]: connect from unknown[108.163.248.110]
Sep 18 14:15:36 mail postfix/smtpd[24155]: NOQUEUE: reject: RCPT from unknown[108.163.248.110]: 554 5.7.1 <piresrickser1@ig.com.br>: Relay access denied; from=<fijn@hotmail.com> to=<piresrickser1@ig.com.br> proto=SMTP helo=<mail.smiltene
.lv>
Sep 18 14:15:37 mail postfix/smtpd[24155]: NOQUEUE: reject: RCPT from unknown[108.163.248.110]: 554 5.7.1 <piresrickser1@ig.com.br>: Relay access denied; from=<fijn@hotmail.com> to=<piresrickser1@ig.com.br> proto=SMTP helo=<mail.smiltene
.lv>
Sep 18 14:15:38 mail postfix/smtpd[24155]: NOQUEUE: reject: RCPT from unknown[108.163.248.110]: 554 5.7.1 <teste12.pop3@hotmail.com>: Recipient address rejected: Policy rejection not logged in; from=<fijn@hotmail.com> to=<teste12.pop3@ho
tmail.com> proto=SMTP helo=<mail.smiltene.lv>
Sep 18 14:15:39 mail postfix/smtpd[24155]: NOQUEUE: reject: RCPT from unknown[108.163.248.110]: 554 5.7.1 <teste1000_pop3@yahoo.com.br>: Relay access denied; from=<fijn@hotmail.com> to=<teste1000_pop3@yahoo.com.br> proto=SMTP helo=<mail.
smiltene.lv>
Sep 18 14:15:40 mail postfix/smtpd[24155]: NOQUEUE: reject: RCPT from unknown[108.163.248.110]: 554 5.7.1 <piresrickser1@ig.com.br>: Relay access denied; from=<fijn@hotmail.com> to=<piresrickser1@ig.com.br> proto=SMTP helo=<mail.smiltene
.lv>
Sep 18 14:15:40 mail postfix/smtpd[24155]: NOQUEUE: reject: RCPT from unknown[108.163.248.110]: 554 5.7.1 <teste12.pop3@hotmail.com>: Recipient address rejected: Policy rejection not logged in; from=<fijn@hotmail.com> to=<teste12.pop3@ho
tmail.com> proto=SMTP helo=<mail.smiltene.lv>
Sep 18 14:15:42 mail postfix/smtpd[24155]: NOQUEUE: reject: RCPT from unknown[108.163.248.110]: 554 5.7.1 <teste1000_pop3@yahoo.com.br>: Relay access denied; from=<fijn@hotmail.com> to=<teste1000_pop3@yahoo.com.br> proto=SMTP helo=<mail.
smiltene.lv>
Sep 18 14:15:43 mail postfix/smtpd[24155]: NOQUEUE: reject: RCPT from unknown[108.163.248.110]: 554 5.7.1 <piresrickser1@ig.com.br>: Relay access denied; from=<fijn@hotmail.com> to=<piresrickser1@ig.com.br> proto=SMTP helo=<mail.smiltene
.lv>
Sep 18 14:15:43 mail postfix/smtpd[24155]: NOQUEUE: reject: RCPT from unknown[108.163.248.110]: 554 5.7.1 <teste12.pop3@hotmail.com>: Recipient address rejected: Policy rejection not logged in; from=<fijn@hotmail.com> to=<teste12.pop3@ho
tmail.com> proto=SMTP helo=<mail.smiltene.lv>
Sep 18 14:15:44 mail postfix/smtpd[24155]: NOQUEUE: reject: RCPT from unknown[108.163.248.110]: 554 5.7.1 <teste1000_pop3@yahoo.com.br>: Relay access denied; from=<fijn@hotmail.com> to=<teste1000_pop3@yahoo.com.br> proto=SMTP helo=<mail.
smiltene.lv>
Sep 18 14:15:45 mail postfix/smtpd[24155]: NOQUEUE: reject: RCPT from unknown[108.163.248.110]: 554 5.7.1 <piresrickser1@ig.com.br>: Relay access denied; from=<fijn@hotmail.com> to=<piresrickser1@ig.com.br> proto=SMTP helo=<mail.smiltene
.lv>
Sep 18 14:15:48 mail postfix/smtpd[24155]: warning: non-SMTP command from unknown[108.163.248.110]: From: "Tatianna Castro" <6kbn@honnonji.or.jp>
Sep 18 14:15:49 mail postfix/smtpd[24155]: disconnect from unknown[108.163.248.110]
Sep 18 14:16:05 mail postfix/smtpd[24155]: connect from task01.tasksistemas.com.br[187.0.195.34]
Sep 18 14:16:06 mail postfix/smtpd[24155]: NOQUEUE: reject: RCPT from task01.tasksistemas.com.br[187.0.195.34]: 550 5.1.1 <aiga.sorokina@smiltene.lv>: Recipient address rejected: User unknown in virtual mailbox table; from=<fletcher.h@tr
adetraffic.com> to=<aiga.sorokina@smiltene.lv> proto=ESMTP helo=<task01.tasksistemas.com.br>
Sep 18 14:16:06 mail postfix/smtpd[24155]: disconnect from task01.tasksistemas.com.br[187.0.195.34]
Sep 18 14:16:22 mail postfix/smtpd[24155]: connect from mail.valmiera.lv[78.28.242.8]
Sep 18 14:16:22 mail cbpolicyd[9148]: module=Greylisting, action=pass, host=78.28.242.8, helo=mail.valmiera.lv, from=ginta.jevtina@vtu-valmiera.lv, to=izgl_parvalde@smiltene.lv, reason=authenticated
Sep 18 14:16:22 mail postfix/smtpd[24155]: CA5382C8B34: client=mail.valmiera.lv[78.28.242.8]
Sep 18 14:16:22 mail postfix/cleanup[24604]: CA5382C8B34: message-id=<55FBF289.5080208@vtu-valmiera.lv>
Sep 18 14:16:24 mail opendkim[1328]: /var/log/dkim-filter/dkim-stats: fopen(): Permission denied
Sep 18 14:16:24 mail opendkim[1328]: statistics recording failed
Sep 18 14:16:24 mail postfix/qmgr[1444]: CA5382C8B34: from=<ginta.jevtina@vtu-valmiera.lv>, size=277195, nrcpt=1 (queue active)
Sep 18 14:16:24 mail postfix/smtpd[24155]: disconnect from mail.valmiera.lv[78.28.242.8]
Sep 18 14:16:25 mail postfix/smtpd[24614]: connect from localhost.localdomain[127.0.0.1

9

Re: SPAM iredmail

I didn't find obvious spamming according to your log, because Postfix rejected them, so there's nothing to worry about.

Also, if you're pasting log content in different log files, please always post logs which happen in the same time. e.g. your iRedAPD log is 14:37:xx, but Postfix log is 'Sep 18 14:16:xx'. It doesn't help troubleshoot.

platpirs wrote:

Sep 18 14:16:24 mail opendkim[1328]: /var/log/dkim-filter/dkim-stats: fopen(): Permission denied
Sep 18 14:16:24 mail opendkim[1328]: statistics recording failed

Your OpenDKIM is not running. Maybe you should fix it?

10

Re: SPAM iredmail

ZhangHuangbin wrote:

I didn't find obvious spamming according to your log, because Postfix rejected them, so there's nothing to worry about.

Also, if you're pasting log content in different log files, please always post logs which happen in the same time. e.g. your iRedAPD log is 14:37:xx, but Postfix log is 'Sep 18 14:16:xx'. It doesn't help troubleshoot.

platpirs wrote:

Sep 18 14:16:24 mail opendkim[1328]: /var/log/dkim-filter/dkim-stats: fopen(): Permission denied
Sep 18 14:16:24 mail opendkim[1328]: statistics recording failed

Your OpenDKIM is not running. Maybe you should fix it?

But 
Spam comes from three different ranges of addresses.
Like in 2015-09-16.
2015-09-16 18:54:11 INFO [99.198.116.36] RCPT, youiah@uol.com.br -> t-r-v@hotmail.com, DUNNO.

I have three drop laws in my main router for these different ranges of addresses.
These laws drops every day thease action from these different ranges of addresses.
Not much drops but every day.
How do I find the cause in my log files ?
See no reason for that cause it.
Maybe you can suggest something?

OK. I will fix OpenDKIM.

11

Re: SPAM iredmail

Please check Postfix log file /var/log/mail.log to find log related to these spams.