postfix/dovecot, other domain is using our server to send spam











up vote
-3
down vote

favorite












Our server is being used to send spam from an account that doesn't belong to our domain. This account is sending emails to other domains and it is affecting our IP reputation.



log:



Nov 20 06:31:42 mydomain postfix/qmgr[5177]: 8C5C921014: from=<info3@samrexindia.com>, size=327666, nrcpt=1 (queue active)
Nov 20 06:31:42 mydomain opendkim[1017]: BA73821F61: no signing table match for 'info3@samrexindia.com'
Nov 20 06:31:42 mydomain postfix/qmgr[5177]: BA73821F61: from=<info3@samrexindia.com>, size=327674, nrcpt=1 (queue active)
Nov 20 06:31:42 mydomain postfix/smtp[5214]: 61964220B8: to=<info3@samrexindia.com>, relay=aspmx.l.google.com[74.125.192.26]:25, delay=0.45, delays=0.01/0/0.34/0.1, dsn=5.7.1, status=bounced (host aspmx.l.google.com[74.125.192.26] said: 550-5.7.1 [67.205.151.88 12] Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1 https://support.google.com/mail/?p=UnsolicitedMessageError 550 5.7.1 for more information. e12si9806509qvj.70 - gsmtp (in reply to end of DATA command))


I am trying to block these emails by using this configuration in the file main.cf of postfix:



"smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination"


but it didn't work. How can I stop this type of open relay?



postconf - output



alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
anvil_rate_time_unit = 60s
body_checks = regexp:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = all
invalid_hostname_reject_code = 554
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 30720000
milter_default_action = accept
milter_protocol = 2
mua_client_restrictions = permit_sasl_authenticated, reject
mua_helo_restrictions = permit_sasl_authenticated, reject
mua_sender_restrictions = permit_sasl_authenticated, reject
multi_recipient_bounce_reject_code = 554
mydestination = localhost, localhost.localdomain
myhostname = tboxplanet.com
mynetworks = 127.0.0.0/8 10.136.0.0/16
newaliases_path = /usr/bin/newaliases.postfix
non_fqdn_reject_code = 554
non_smtpd_milters = $smtpd_milters
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $virtual_mailbox_limit_maps
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
relay_domains = proxy:mysql:/etc/postfix/mysql-relay_domains_maps.cf
relay_domains_reject_code = 554
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_security_level = may
smtpd_client_message_rate_limit = 0
smtpd_client_recipient_rate_limit = 0
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
smtpd_helo_required = yes
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_limit = 5000
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, reject_unknown_recipient_domain, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, permit
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_non_fqdn_sender, permit_mynetworks, permit_sasl_authenticated, reject_sender_login_mismatch, reject_unlisted_sender, check_sender_access pcre:/etc/postfix/access, permit
smtpd_tls_CAfile = /etc/letsencrypt/live/mail.tboxplanet.com/fullchain.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.tboxplanet.com/cert.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.tboxplanet.com/privkey.pem
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
virtual_alias_domains =
virtual_alias_maps = hash:/etc/postfix/blacklist, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, regexp:/etc/postfix/virtual_regexp
virtual_gid_maps = static:12
virtual_mailbox_base = /mnt/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains_maps.cf
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
virtual_minimum_uid = 101
virtual_transport = dovecot
virtual_uid_maps = static:101









share|improve this question
























  • Will depend on the rest of your config. Can you post output of postconf -n
    – ivanivan
    Nov 20 at 15:41










  • I edit the question whit the output of postconf -n
    – Snick MB
    Nov 20 at 15:50















up vote
-3
down vote

favorite












Our server is being used to send spam from an account that doesn't belong to our domain. This account is sending emails to other domains and it is affecting our IP reputation.



log:



Nov 20 06:31:42 mydomain postfix/qmgr[5177]: 8C5C921014: from=<info3@samrexindia.com>, size=327666, nrcpt=1 (queue active)
Nov 20 06:31:42 mydomain opendkim[1017]: BA73821F61: no signing table match for 'info3@samrexindia.com'
Nov 20 06:31:42 mydomain postfix/qmgr[5177]: BA73821F61: from=<info3@samrexindia.com>, size=327674, nrcpt=1 (queue active)
Nov 20 06:31:42 mydomain postfix/smtp[5214]: 61964220B8: to=<info3@samrexindia.com>, relay=aspmx.l.google.com[74.125.192.26]:25, delay=0.45, delays=0.01/0/0.34/0.1, dsn=5.7.1, status=bounced (host aspmx.l.google.com[74.125.192.26] said: 550-5.7.1 [67.205.151.88 12] Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1 https://support.google.com/mail/?p=UnsolicitedMessageError 550 5.7.1 for more information. e12si9806509qvj.70 - gsmtp (in reply to end of DATA command))


I am trying to block these emails by using this configuration in the file main.cf of postfix:



"smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination"


but it didn't work. How can I stop this type of open relay?



postconf - output



alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
anvil_rate_time_unit = 60s
body_checks = regexp:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = all
invalid_hostname_reject_code = 554
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 30720000
milter_default_action = accept
milter_protocol = 2
mua_client_restrictions = permit_sasl_authenticated, reject
mua_helo_restrictions = permit_sasl_authenticated, reject
mua_sender_restrictions = permit_sasl_authenticated, reject
multi_recipient_bounce_reject_code = 554
mydestination = localhost, localhost.localdomain
myhostname = tboxplanet.com
mynetworks = 127.0.0.0/8 10.136.0.0/16
newaliases_path = /usr/bin/newaliases.postfix
non_fqdn_reject_code = 554
non_smtpd_milters = $smtpd_milters
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $virtual_mailbox_limit_maps
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
relay_domains = proxy:mysql:/etc/postfix/mysql-relay_domains_maps.cf
relay_domains_reject_code = 554
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_security_level = may
smtpd_client_message_rate_limit = 0
smtpd_client_recipient_rate_limit = 0
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
smtpd_helo_required = yes
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_limit = 5000
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, reject_unknown_recipient_domain, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, permit
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_non_fqdn_sender, permit_mynetworks, permit_sasl_authenticated, reject_sender_login_mismatch, reject_unlisted_sender, check_sender_access pcre:/etc/postfix/access, permit
smtpd_tls_CAfile = /etc/letsencrypt/live/mail.tboxplanet.com/fullchain.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.tboxplanet.com/cert.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.tboxplanet.com/privkey.pem
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
virtual_alias_domains =
virtual_alias_maps = hash:/etc/postfix/blacklist, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, regexp:/etc/postfix/virtual_regexp
virtual_gid_maps = static:12
virtual_mailbox_base = /mnt/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains_maps.cf
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
virtual_minimum_uid = 101
virtual_transport = dovecot
virtual_uid_maps = static:101









share|improve this question
























  • Will depend on the rest of your config. Can you post output of postconf -n
    – ivanivan
    Nov 20 at 15:41










  • I edit the question whit the output of postconf -n
    – Snick MB
    Nov 20 at 15:50













up vote
-3
down vote

favorite









up vote
-3
down vote

favorite











Our server is being used to send spam from an account that doesn't belong to our domain. This account is sending emails to other domains and it is affecting our IP reputation.



log:



Nov 20 06:31:42 mydomain postfix/qmgr[5177]: 8C5C921014: from=<info3@samrexindia.com>, size=327666, nrcpt=1 (queue active)
Nov 20 06:31:42 mydomain opendkim[1017]: BA73821F61: no signing table match for 'info3@samrexindia.com'
Nov 20 06:31:42 mydomain postfix/qmgr[5177]: BA73821F61: from=<info3@samrexindia.com>, size=327674, nrcpt=1 (queue active)
Nov 20 06:31:42 mydomain postfix/smtp[5214]: 61964220B8: to=<info3@samrexindia.com>, relay=aspmx.l.google.com[74.125.192.26]:25, delay=0.45, delays=0.01/0/0.34/0.1, dsn=5.7.1, status=bounced (host aspmx.l.google.com[74.125.192.26] said: 550-5.7.1 [67.205.151.88 12] Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1 https://support.google.com/mail/?p=UnsolicitedMessageError 550 5.7.1 for more information. e12si9806509qvj.70 - gsmtp (in reply to end of DATA command))


I am trying to block these emails by using this configuration in the file main.cf of postfix:



"smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination"


but it didn't work. How can I stop this type of open relay?



postconf - output



alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
anvil_rate_time_unit = 60s
body_checks = regexp:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = all
invalid_hostname_reject_code = 554
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 30720000
milter_default_action = accept
milter_protocol = 2
mua_client_restrictions = permit_sasl_authenticated, reject
mua_helo_restrictions = permit_sasl_authenticated, reject
mua_sender_restrictions = permit_sasl_authenticated, reject
multi_recipient_bounce_reject_code = 554
mydestination = localhost, localhost.localdomain
myhostname = tboxplanet.com
mynetworks = 127.0.0.0/8 10.136.0.0/16
newaliases_path = /usr/bin/newaliases.postfix
non_fqdn_reject_code = 554
non_smtpd_milters = $smtpd_milters
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $virtual_mailbox_limit_maps
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
relay_domains = proxy:mysql:/etc/postfix/mysql-relay_domains_maps.cf
relay_domains_reject_code = 554
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_security_level = may
smtpd_client_message_rate_limit = 0
smtpd_client_recipient_rate_limit = 0
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
smtpd_helo_required = yes
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_limit = 5000
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, reject_unknown_recipient_domain, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, permit
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_non_fqdn_sender, permit_mynetworks, permit_sasl_authenticated, reject_sender_login_mismatch, reject_unlisted_sender, check_sender_access pcre:/etc/postfix/access, permit
smtpd_tls_CAfile = /etc/letsencrypt/live/mail.tboxplanet.com/fullchain.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.tboxplanet.com/cert.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.tboxplanet.com/privkey.pem
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
virtual_alias_domains =
virtual_alias_maps = hash:/etc/postfix/blacklist, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, regexp:/etc/postfix/virtual_regexp
virtual_gid_maps = static:12
virtual_mailbox_base = /mnt/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains_maps.cf
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
virtual_minimum_uid = 101
virtual_transport = dovecot
virtual_uid_maps = static:101









share|improve this question















Our server is being used to send spam from an account that doesn't belong to our domain. This account is sending emails to other domains and it is affecting our IP reputation.



log:



Nov 20 06:31:42 mydomain postfix/qmgr[5177]: 8C5C921014: from=<info3@samrexindia.com>, size=327666, nrcpt=1 (queue active)
Nov 20 06:31:42 mydomain opendkim[1017]: BA73821F61: no signing table match for 'info3@samrexindia.com'
Nov 20 06:31:42 mydomain postfix/qmgr[5177]: BA73821F61: from=<info3@samrexindia.com>, size=327674, nrcpt=1 (queue active)
Nov 20 06:31:42 mydomain postfix/smtp[5214]: 61964220B8: to=<info3@samrexindia.com>, relay=aspmx.l.google.com[74.125.192.26]:25, delay=0.45, delays=0.01/0/0.34/0.1, dsn=5.7.1, status=bounced (host aspmx.l.google.com[74.125.192.26] said: 550-5.7.1 [67.205.151.88 12] Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1 https://support.google.com/mail/?p=UnsolicitedMessageError 550 5.7.1 for more information. e12si9806509qvj.70 - gsmtp (in reply to end of DATA command))


I am trying to block these emails by using this configuration in the file main.cf of postfix:



"smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination"


but it didn't work. How can I stop this type of open relay?



postconf - output



alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
anvil_rate_time_unit = 60s
body_checks = regexp:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = all
invalid_hostname_reject_code = 554
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 30720000
milter_default_action = accept
milter_protocol = 2
mua_client_restrictions = permit_sasl_authenticated, reject
mua_helo_restrictions = permit_sasl_authenticated, reject
mua_sender_restrictions = permit_sasl_authenticated, reject
multi_recipient_bounce_reject_code = 554
mydestination = localhost, localhost.localdomain
myhostname = tboxplanet.com
mynetworks = 127.0.0.0/8 10.136.0.0/16
newaliases_path = /usr/bin/newaliases.postfix
non_fqdn_reject_code = 554
non_smtpd_milters = $smtpd_milters
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $virtual_mailbox_limit_maps
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
relay_domains = proxy:mysql:/etc/postfix/mysql-relay_domains_maps.cf
relay_domains_reject_code = 554
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_security_level = may
smtpd_client_message_rate_limit = 0
smtpd_client_recipient_rate_limit = 0
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
smtpd_helo_required = yes
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_limit = 5000
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, reject_unknown_recipient_domain, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, permit
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_non_fqdn_sender, permit_mynetworks, permit_sasl_authenticated, reject_sender_login_mismatch, reject_unlisted_sender, check_sender_access pcre:/etc/postfix/access, permit
smtpd_tls_CAfile = /etc/letsencrypt/live/mail.tboxplanet.com/fullchain.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.tboxplanet.com/cert.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.tboxplanet.com/privkey.pem
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
virtual_alias_domains =
virtual_alias_maps = hash:/etc/postfix/blacklist, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, regexp:/etc/postfix/virtual_regexp
virtual_gid_maps = static:12
virtual_mailbox_base = /mnt/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains_maps.cf
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
virtual_minimum_uid = 101
virtual_transport = dovecot
virtual_uid_maps = static:101






linux email smtp spam-prevention dovecot






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 20 at 16:19









Worthwelle

2,2593724




2,2593724










asked Nov 20 at 15:30









Snick MB

12




12












  • Will depend on the rest of your config. Can you post output of postconf -n
    – ivanivan
    Nov 20 at 15:41










  • I edit the question whit the output of postconf -n
    – Snick MB
    Nov 20 at 15:50


















  • Will depend on the rest of your config. Can you post output of postconf -n
    – ivanivan
    Nov 20 at 15:41










  • I edit the question whit the output of postconf -n
    – Snick MB
    Nov 20 at 15:50
















Will depend on the rest of your config. Can you post output of postconf -n
– ivanivan
Nov 20 at 15:41




Will depend on the rest of your config. Can you post output of postconf -n
– ivanivan
Nov 20 at 15:41












I edit the question whit the output of postconf -n
– Snick MB
Nov 20 at 15:50




I edit the question whit the output of postconf -n
– Snick MB
Nov 20 at 15:50










2 Answers
2






active

oldest

votes

















up vote
0
down vote













OK, you are using MySQL to store users, domains to service, etc. You'll need to open up one of the mysql conf files, get the username/password and what database is being used, and look through the users and transport maps to figure out exactly who your server is configured to service. Then remove the accounts/domains that do not belong to your company.



Look at the file /etc/postfix/mysql-virtual_mailbox_maps.cf It should have something like



user = mailuser
password = secretword!
hosts = 127.0.0.1
dbname = mail_data
query = SELECT 1 FROM virtual_users WHERE email='%s'


In it. Username, password, and database are all listed there. Use that info to connect via mysql client, or mysql-workbench, etc. to do your exploration.



It appears that your mail server is set up similar to how this tutorial works - https://workaround.org/ispmail/jessie






share|improve this answer





















  • I'm looking for what you said, but this user info3@samrexindia.com doesn't exist in our databases(tables:alias,aliasdomains,address), that's weird in this case because this domain samrexindia.com is unfamiliar for us
    – Snick MB
    Nov 20 at 16:41


















up vote
0
down vote



accepted










After several days without incident i'm find the solution to our problem.



smtpd_relay_restrictions = check_sender_access hash:/etc/postfix/permit_domain


I create a list of domains who can send emails(relay), this list just authorizing mydomain, because the email who are sending spam is under domain gmail






share|improve this answer





















    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "3"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1377012%2fpostfix-dovecot-other-domain-is-using-our-server-to-send-spam%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    0
    down vote













    OK, you are using MySQL to store users, domains to service, etc. You'll need to open up one of the mysql conf files, get the username/password and what database is being used, and look through the users and transport maps to figure out exactly who your server is configured to service. Then remove the accounts/domains that do not belong to your company.



    Look at the file /etc/postfix/mysql-virtual_mailbox_maps.cf It should have something like



    user = mailuser
    password = secretword!
    hosts = 127.0.0.1
    dbname = mail_data
    query = SELECT 1 FROM virtual_users WHERE email='%s'


    In it. Username, password, and database are all listed there. Use that info to connect via mysql client, or mysql-workbench, etc. to do your exploration.



    It appears that your mail server is set up similar to how this tutorial works - https://workaround.org/ispmail/jessie






    share|improve this answer





















    • I'm looking for what you said, but this user info3@samrexindia.com doesn't exist in our databases(tables:alias,aliasdomains,address), that's weird in this case because this domain samrexindia.com is unfamiliar for us
      – Snick MB
      Nov 20 at 16:41















    up vote
    0
    down vote













    OK, you are using MySQL to store users, domains to service, etc. You'll need to open up one of the mysql conf files, get the username/password and what database is being used, and look through the users and transport maps to figure out exactly who your server is configured to service. Then remove the accounts/domains that do not belong to your company.



    Look at the file /etc/postfix/mysql-virtual_mailbox_maps.cf It should have something like



    user = mailuser
    password = secretword!
    hosts = 127.0.0.1
    dbname = mail_data
    query = SELECT 1 FROM virtual_users WHERE email='%s'


    In it. Username, password, and database are all listed there. Use that info to connect via mysql client, or mysql-workbench, etc. to do your exploration.



    It appears that your mail server is set up similar to how this tutorial works - https://workaround.org/ispmail/jessie






    share|improve this answer





















    • I'm looking for what you said, but this user info3@samrexindia.com doesn't exist in our databases(tables:alias,aliasdomains,address), that's weird in this case because this domain samrexindia.com is unfamiliar for us
      – Snick MB
      Nov 20 at 16:41













    up vote
    0
    down vote










    up vote
    0
    down vote









    OK, you are using MySQL to store users, domains to service, etc. You'll need to open up one of the mysql conf files, get the username/password and what database is being used, and look through the users and transport maps to figure out exactly who your server is configured to service. Then remove the accounts/domains that do not belong to your company.



    Look at the file /etc/postfix/mysql-virtual_mailbox_maps.cf It should have something like



    user = mailuser
    password = secretword!
    hosts = 127.0.0.1
    dbname = mail_data
    query = SELECT 1 FROM virtual_users WHERE email='%s'


    In it. Username, password, and database are all listed there. Use that info to connect via mysql client, or mysql-workbench, etc. to do your exploration.



    It appears that your mail server is set up similar to how this tutorial works - https://workaround.org/ispmail/jessie






    share|improve this answer












    OK, you are using MySQL to store users, domains to service, etc. You'll need to open up one of the mysql conf files, get the username/password and what database is being used, and look through the users and transport maps to figure out exactly who your server is configured to service. Then remove the accounts/domains that do not belong to your company.



    Look at the file /etc/postfix/mysql-virtual_mailbox_maps.cf It should have something like



    user = mailuser
    password = secretword!
    hosts = 127.0.0.1
    dbname = mail_data
    query = SELECT 1 FROM virtual_users WHERE email='%s'


    In it. Username, password, and database are all listed there. Use that info to connect via mysql client, or mysql-workbench, etc. to do your exploration.



    It appears that your mail server is set up similar to how this tutorial works - https://workaround.org/ispmail/jessie







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Nov 20 at 15:56









    ivanivan

    1,12617




    1,12617












    • I'm looking for what you said, but this user info3@samrexindia.com doesn't exist in our databases(tables:alias,aliasdomains,address), that's weird in this case because this domain samrexindia.com is unfamiliar for us
      – Snick MB
      Nov 20 at 16:41


















    • I'm looking for what you said, but this user info3@samrexindia.com doesn't exist in our databases(tables:alias,aliasdomains,address), that's weird in this case because this domain samrexindia.com is unfamiliar for us
      – Snick MB
      Nov 20 at 16:41
















    I'm looking for what you said, but this user info3@samrexindia.com doesn't exist in our databases(tables:alias,aliasdomains,address), that's weird in this case because this domain samrexindia.com is unfamiliar for us
    – Snick MB
    Nov 20 at 16:41




    I'm looking for what you said, but this user info3@samrexindia.com doesn't exist in our databases(tables:alias,aliasdomains,address), that's weird in this case because this domain samrexindia.com is unfamiliar for us
    – Snick MB
    Nov 20 at 16:41












    up vote
    0
    down vote



    accepted










    After several days without incident i'm find the solution to our problem.



    smtpd_relay_restrictions = check_sender_access hash:/etc/postfix/permit_domain


    I create a list of domains who can send emails(relay), this list just authorizing mydomain, because the email who are sending spam is under domain gmail






    share|improve this answer

























      up vote
      0
      down vote



      accepted










      After several days without incident i'm find the solution to our problem.



      smtpd_relay_restrictions = check_sender_access hash:/etc/postfix/permit_domain


      I create a list of domains who can send emails(relay), this list just authorizing mydomain, because the email who are sending spam is under domain gmail






      share|improve this answer























        up vote
        0
        down vote



        accepted







        up vote
        0
        down vote



        accepted






        After several days without incident i'm find the solution to our problem.



        smtpd_relay_restrictions = check_sender_access hash:/etc/postfix/permit_domain


        I create a list of domains who can send emails(relay), this list just authorizing mydomain, because the email who are sending spam is under domain gmail






        share|improve this answer












        After several days without incident i'm find the solution to our problem.



        smtpd_relay_restrictions = check_sender_access hash:/etc/postfix/permit_domain


        I create a list of domains who can send emails(relay), this list just authorizing mydomain, because the email who are sending spam is under domain gmail







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 23 at 15:42









        Snick MB

        12




        12






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Super User!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1377012%2fpostfix-dovecot-other-domain-is-using-our-server-to-send-spam%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Plaza Victoria

            Puebla de Zaragoza

            Musa