1 Topic by kkrzysi0

  • kkrzysi0
  • Member
  • Offline
  • Registered: 2010-06-20
  • Posts: 3

Topic: Problem with SPAM

==== Provide required information to help troubleshoot and get quick answer ====
- iRedMail version:
- Linux/BSD distribution name and version:
- Any related log? Log is helpful for troubleshooting.
==== ==== Provide required information to help troubleshoot and get quick answer ====
- iRedMail version:0.7.4
- Linux/BSD distribution name and version: Debian 6.0
- Any related log? Log is helpful for troubleshooting.
====

Hi

I have a problem with a spam, ex. my domain is test.com. I have user krzysiek@test.com and moto@test.com. When i do test on page https://www.wormly.com/test_smtp_server from moto to krzysiek the mail arrived that i don't want. I've add some logs. I must enable some smtp auth?

Apr 24 22:02:23 test amavis[30738]: (30738-09) Passed SPAM {RelayedTaggedInternal,Quarantined}, LOCAL [24.172.177.98]:1493 [24.172.177.98] <disputedt6640@ef-law.com> -> <krzysiek@test.com>, quarantine: l/spam-lIq9FWNHceNC.gz, Queue-ID: E17FDAE329E, Message-ID: <4572169047.U5CE364E548725@rkwonv.vzwcfzvkvbszqsq.info>, mail_id: lIq9FWNHceNC, Hits: 10.275, size: 2792, queued_as: 3C42EAE32AD, 1160 ms
Apr 24 22:02:23 test postfix/smtpd[4830]: disconnect from localhost[127.0.0.1]
Apr 24 22:02:23 test amavis[32705]: (32705-06) Passed SPAM {RelayedTaggedInternal,Quarantined}, LOCAL [24.172.177.98]:1493 [24.172.177.98] <disputedt6640@ef-law.com> -> <moto@test.com>, quarantine: 6/spam-6O4ljlhg17E3.gz, Queue-ID: E17FDAE329E, Message-ID: <4572169047.U5CE364E548725@rkwonv.vzwcfzvkvbszqsq.info>, mail_id: 6O4ljlhg17E3, Hits: 10.275, size: 2792, queued_as: 404FDAE32DB, 1254 ms
Apr 24 22:02:23 test postfix/smtp[4823]: E17FDAE329E: to=<krzysiek@test.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.7, delays=1.3/0.01/0/1.3, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 3C42EAE32AD)
Apr 24 22:02:23 test postfix/smtp[4824]: E17FDAE329E: to=<moto@test.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.8, delays=1.3/0.02/0/1.4, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 404FDAE32DB)
Apr 24 22:02:23 test postfix/qmgr[6567]: E17FDAE329E: removed
Apr 24 22:02:24 test postfix/pipe[4637]: 3C42EAE32AD: to=<krzysiek@test.com>, relay=dovecot, delay=0.87, delays=0.11/0/0/0.75, dsn=2.0.0, status=sent (delivered via dovecot service)
Apr 24 22:02:24 test postfix/qmgr[6567]: 3C42EAE32AD: removed
Apr 24 22:02:24 test postfix/pipe[4756]: 404FDAE32DB: to=<moto@test.com>, relay=dovecot, delay=0.85, delays=0.1/0/0/0.75, dsn=2.0.0, status=sent (delivered via dovecot service)

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,785

Re: Problem with SPAM

1) I don't know what the smtp test actually does. There's no explanation in that page, and you didn't explain it at all.
2) What do you want to test?
3) What result do you expect?

Paste output of command 'postconf -n' also to help troubleshoot.

3 Reply by kkrzysi0

  • kkrzysi0
  • Member
  • Offline
  • Registered: 2010-06-20
  • Posts: 3

Re: Problem with SPAM

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
delay_warning_time = 0h
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_original_recipient = no
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
maximal_backoff_time = 4000s
maximal_queue_lifetime = 1d
message_size_limit = 15728640
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname
mydomain = test.com
myhostname = mail.test.com
mynetworks = 127.0.0.0/8
mynetworks_style = subnet
myorigin = test.com
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
queue_run_delay = 300s
readme_directory = no
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf, proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf
recipient_delimiter = +
relay_domains = $mydestination, proxy:mysql:/etc/postfix/mysql/relay_domains.cf
relayhost =
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf, proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf
smtp-amavis_destination_recipient_limit = 1
smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 600s
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated, check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777,, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_path = ./dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated
smtpd_tls_CAfile = /etc/ssl/certs/iRedMail_CA.pem
smtpd_tls_cert_file = /etc/ssl/certs/iRedMail_CA.pem
smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
smtpd_tls_loglevel = 0
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf, proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/catchall_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
virtual_gid_maps = static:1002
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 1002
virtual_transport = dovecot
virtual_uid_maps = static:1002
postconf: warning: /etc/postfix/main.cf: unused parameter: policy_time_limit=3600
postconf: warning: /etc/postfix/main.cf: unused parameter: tls_daemon_random_source=dev:/dev/urandom

Test from the Page

Resolving hostname...
Connecting...
SMTP -> FROM SERVER:
220 mail.test.com ESMTP Postfix (Debian/GNU)
SMTP -> FROM SERVER: 
250-mail.test.com
250-PIPELINING
250-SIZE 15728640
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: moto@test.com
SMTP -> FROM SERVER:
250 2.1.0 Ok
RCPT TO: krzysiek@test.com
SMTP -> FROM SERVER:
250 2.1.5 Ok
Sending Mail Message Body...
SMTP -> FROM SERVER:
354 End data with .
SMTP -> FROM SERVER:
250 2.0.0 Ok: queued as F348BAE36FA
Message completed successfully.

I that some kind of bot use that my that my local accounts to put spam in my mailbox. The test shows, there is no password needed to send mail in my mailserver.

I want to block that spam, maybe i must turn on some kind of smtp password or other auth.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,785

Re: Problem with SPAM

You have below settings in Postfix:

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous

So it requires username and password for SMTP auth.

It requires HELO too, but there's no helo command in the testing at all:

smtpd_helo_required = yes

It makes me confused. Is there any firewall/router standing in the front of your mail server?

5 Reply by kkrzysi0

  • kkrzysi0
  • Member
  • Offline
  • Registered: 2010-06-20
  • Posts: 3

Re: Problem with SPAM

It's only my local firewall in iptables.

I found a reason for that. I've got my server on domain oldtest.com the master accounts is on oldtest.com, but i have added a domain  test.com and forwards that mails test.com => oldtest.com, to the oldtest there's no need smtpauth, but for master domain oldtest.com is needed.

 Resolving hostname...
Connecting...
SMTP -> FROM SERVER:
220 mail.oldtest.com ESMTP Postfix (Debian/GNU)
SMTP -> FROM SERVER: 
250-mail.oldtest.com
250-PIPELINING
250-SIZE 15728640
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: moto@oldtest.com
SMTP -> FROM SERVER:
250 2.1.0 Ok
RCPT TO: krzysiek@oldtest.com
SMTP -> FROM SERVER:
553 5.7.1 : Sender address rejected: not logged in
SMTP -> ERROR: RCPT not accepted from server: 553 5.7.1 : Sender address rejected: not logged in

Message sending failed.