postfix/dovecot, other domain is using our server to send spam











up vote
-3
down vote

favorite












Our server is being used to send spam from an account that doesn't belong to our domain. This account is sending emails to other domains and it is affecting our IP reputation.



log:



Nov 20 06:31:42 mydomain postfix/qmgr[5177]: 8C5C921014: from=<info3@samrexindia.com>, size=327666, nrcpt=1 (queue active)

Nov 20 06:31:42 mydomain opendkim[1017]: BA73821F61: no signing table match for 'info3@samrexindia.com'

Nov 20 06:31:42 mydomain postfix/qmgr[5177]: BA73821F61: from=<info3@samrexindia.com>, size=327674, nrcpt=1 (queue active)

Nov 20 06:31:42 mydomain postfix/smtp[5214]: 61964220B8: to=<info3@samrexindia.com>, relay=aspmx.l.google.com[74.125.192.26]:25, delay=0.45, delays=0.01/0/0.34/0.1, dsn=5.7.1, status=bounced (host aspmx.l.google.com[74.125.192.26] said: 550-5.7.1 [67.205.151.88      12] Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1  https://support.google.com/mail/?p=UnsolicitedMessageError 550 5.7.1  for more information. e12si9806509qvj.70 - gsmtp (in reply to end of DATA command))


I am trying to block these emails by using this configuration in the file main.cf of postfix:



"smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination"


but it didn't work. How can I stop this type of open relay?



postconf - output 



alias_database = hash:/etc/aliases

alias_maps = hash:/etc/aliases

anvil_rate_time_unit = 60s

body_checks = regexp:/etc/postfix/body_checks

broken_sasl_auth_clients = yes

command_directory = /usr/sbin

config_directory = /etc/postfix

daemon_directory = /usr/libexec/postfix

data_directory = /var/lib/postfix

debug_peer_level = 2

debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5

disable_vrfy_command = yes

dovecot_destination_recipient_limit = 1

header_checks = regexp:/etc/postfix/header_checks

html_directory = no

inet_interfaces = all

inet_protocols = all

invalid_hostname_reject_code = 554

mail_owner = postfix

mailq_path = /usr/bin/mailq.postfix

manpage_directory = /usr/share/man

message_size_limit = 30720000

milter_default_action = accept

milter_protocol = 2

mua_client_restrictions = permit_sasl_authenticated, reject

mua_helo_restrictions = permit_sasl_authenticated, reject

mua_sender_restrictions = permit_sasl_authenticated, reject

multi_recipient_bounce_reject_code = 554

mydestination = localhost, localhost.localdomain

myhostname = tboxplanet.com

mynetworks = 127.0.0.0/8 10.136.0.0/16

newaliases_path = /usr/bin/newaliases.postfix

non_fqdn_reject_code = 554

non_smtpd_milters = $smtpd_milters

proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $virtual_mailbox_limit_maps

queue_directory = /var/spool/postfix

readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES

relay_domains = proxy:mysql:/etc/postfix/mysql-relay_domains_maps.cf

relay_domains_reject_code = 554

sample_directory = /usr/share/doc/postfix-2.10.1/samples

sendmail_path = /usr/sbin/sendmail.postfix

setgid_group = postdrop

smtp_tls_security_level = may

smtpd_client_message_rate_limit = 0

smtpd_client_recipient_rate_limit = 0

smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031

smtpd_helo_required = yes

smtpd_milters = inet:127.0.0.1:8891

smtpd_recipient_limit = 5000

smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, reject_unknown_recipient_domain, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, permit

smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination

smtpd_sasl_auth_enable = yes

smtpd_sasl_authenticated_header = yes

smtpd_sasl_path = private/auth

smtpd_sasl_type = dovecot

smtpd_sender_restrictions = reject_non_fqdn_sender, permit_mynetworks, permit_sasl_authenticated, reject_sender_login_mismatch, reject_unlisted_sender, check_sender_access pcre:/etc/postfix/access, permit

smtpd_tls_CAfile = /etc/letsencrypt/live/mail.tboxplanet.com/fullchain.pem

smtpd_tls_auth_only = yes

smtpd_tls_cert_file = /etc/letsencrypt/live/mail.tboxplanet.com/cert.pem

smtpd_tls_key_file = /etc/letsencrypt/live/mail.tboxplanet.com/privkey.pem

smtpd_tls_loglevel = 1

smtpd_use_tls = yes

strict_rfc821_envelopes = yes

unknown_address_reject_code = 554

unknown_client_reject_code = 554

unknown_hostname_reject_code = 554

unknown_local_recipient_reject_code = 554

unknown_relay_recipient_reject_code = 554

unknown_virtual_alias_reject_code = 554

unknown_virtual_mailbox_reject_code = 554

unverified_recipient_reject_code = 554

unverified_sender_reject_code = 554

virtual_alias_domains =

virtual_alias_maps = hash:/etc/postfix/blacklist, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, regexp:/etc/postfix/virtual_regexp

virtual_gid_maps = static:12

virtual_mailbox_base = /mnt/vmail

virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains_maps.cf

virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf

virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf

virtual_minimum_uid = 101

virtual_transport = dovecot

virtual_uid_maps = static:101





linux email smtp spam-prevention dovecot







share|improve this question
























  • Will depend on the rest of your config. Can you post output of postconf -n
    – ivanivan
    Nov 20 at 15:41










  • I edit the question whit the output of postconf -n
    – Snick MB
    Nov 20 at 15:50















up vote
-3
down vote

favorite












Our server is being used to send spam from an account that doesn't belong to our domain. This account is sending emails to other domains and it is affecting our IP reputation.



log:



Nov 20 06:31:42 mydomain postfix/qmgr[5177]: 8C5C921014: from=<info3@samrexindia.com>, size=327666, nrcpt=1 (queue active)

Nov 20 06:31:42 mydomain opendkim[1017]: BA73821F61: no signing table match for 'info3@samrexindia.com'

Nov 20 06:31:42 mydomain postfix/qmgr[5177]: BA73821F61: from=<info3@samrexindia.com>, size=327674, nrcpt=1 (queue active)

Nov 20 06:31:42 mydomain postfix/smtp[5214]: 61964220B8: to=<info3@samrexindia.com>, relay=aspmx.l.google.com[74.125.192.26]:25, delay=0.45, delays=0.01/0/0.34/0.1, dsn=5.7.1, status=bounced (host aspmx.l.google.com[74.125.192.26] said: 550-5.7.1 [67.205.151.88      12] Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1  https://support.google.com/mail/?p=UnsolicitedMessageError 550 5.7.1  for more information. e12si9806509qvj.70 - gsmtp (in reply to end of DATA command))


I am trying to block these emails by using this configuration in the file main.cf of postfix:



"smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination"


but it didn't work. How can I stop this type of open relay?



postconf - output 



alias_database = hash:/etc/aliases

alias_maps = hash:/etc/aliases

anvil_rate_time_unit = 60s

body_checks = regexp:/etc/postfix/body_checks

broken_sasl_auth_clients = yes

command_directory = /usr/sbin

config_directory = /etc/postfix

daemon_directory = /usr/libexec/postfix

data_directory = /var/lib/postfix

debug_peer_level = 2

debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5

disable_vrfy_command = yes

dovecot_destination_recipient_limit = 1

header_checks = regexp:/etc/postfix/header_checks

html_directory = no

inet_interfaces = all

inet_protocols = all

invalid_hostname_reject_code = 554

mail_owner = postfix

mailq_path = /usr/bin/mailq.postfix

manpage_directory = /usr/share/man

message_size_limit = 30720000

milter_default_action = accept

milter_protocol = 2

mua_client_restrictions = permit_sasl_authenticated, reject

mua_helo_restrictions = permit_sasl_authenticated, reject

mua_sender_restrictions = permit_sasl_authenticated, reject

multi_recipient_bounce_reject_code = 554

mydestination = localhost, localhost.localdomain

myhostname = tboxplanet.com

mynetworks = 127.0.0.0/8 10.136.0.0/16

newaliases_path = /usr/bin/newaliases.postfix

non_fqdn_reject_code = 554

non_smtpd_milters = $smtpd_milters

proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $virtual_mailbox_limit_maps

queue_directory = /var/spool/postfix

readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES

relay_domains = proxy:mysql:/etc/postfix/mysql-relay_domains_maps.cf

relay_domains_reject_code = 554

sample_directory = /usr/share/doc/postfix-2.10.1/samples

sendmail_path = /usr/sbin/sendmail.postfix

setgid_group = postdrop

smtp_tls_security_level = may

smtpd_client_message_rate_limit = 0

smtpd_client_recipient_rate_limit = 0

smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031

smtpd_helo_required = yes

smtpd_milters = inet:127.0.0.1:8891

smtpd_recipient_limit = 5000

smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, reject_unknown_recipient_domain, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, permit

smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination

smtpd_sasl_auth_enable = yes

smtpd_sasl_authenticated_header = yes

smtpd_sasl_path = private/auth

smtpd_sasl_type = dovecot

smtpd_sender_restrictions = reject_non_fqdn_sender, permit_mynetworks, permit_sasl_authenticated, reject_sender_login_mismatch, reject_unlisted_sender, check_sender_access pcre:/etc/postfix/access, permit

smtpd_tls_CAfile = /etc/letsencrypt/live/mail.tboxplanet.com/fullchain.pem

smtpd_tls_auth_only = yes

smtpd_tls_cert_file = /etc/letsencrypt/live/mail.tboxplanet.com/cert.pem

smtpd_tls_key_file = /etc/letsencrypt/live/mail.tboxplanet.com/privkey.pem

smtpd_tls_loglevel = 1

smtpd_use_tls = yes

strict_rfc821_envelopes = yes

unknown_address_reject_code = 554

unknown_client_reject_code = 554

unknown_hostname_reject_code = 554

unknown_local_recipient_reject_code = 554

unknown_relay_recipient_reject_code = 554

unknown_virtual_alias_reject_code = 554

unknown_virtual_mailbox_reject_code = 554

unverified_recipient_reject_code = 554

unverified_sender_reject_code = 554

virtual_alias_domains =

virtual_alias_maps = hash:/etc/postfix/blacklist, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, regexp:/etc/postfix/virtual_regexp

virtual_gid_maps = static:12

virtual_mailbox_base = /mnt/vmail

virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains_maps.cf

virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf

virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf

virtual_minimum_uid = 101

virtual_transport = dovecot

virtual_uid_maps = static:101





linux email smtp spam-prevention dovecot







share|improve this question
























  • Will depend on the rest of your config. Can you post output of postconf -n
    – ivanivan
    Nov 20 at 15:41










  • I edit the question whit the output of postconf -n
    – Snick MB
    Nov 20 at 15:50













up vote
-3
down vote

favorite









up vote
-3
down vote

favorite











Our server is being used to send spam from an account that doesn't belong to our domain. This account is sending emails to other domains and it is affecting our IP reputation.



log:



Nov 20 06:31:42 mydomain postfix/qmgr[5177]: 8C5C921014: from=<info3@samrexindia.com>, size=327666, nrcpt=1 (queue active)

Nov 20 06:31:42 mydomain opendkim[1017]: BA73821F61: no signing table match for 'info3@samrexindia.com'

Nov 20 06:31:42 mydomain postfix/qmgr[5177]: BA73821F61: from=<info3@samrexindia.com>, size=327674, nrcpt=1 (queue active)

Nov 20 06:31:42 mydomain postfix/smtp[5214]: 61964220B8: to=<info3@samrexindia.com>, relay=aspmx.l.google.com[74.125.192.26]:25, delay=0.45, delays=0.01/0/0.34/0.1, dsn=5.7.1, status=bounced (host aspmx.l.google.com[74.125.192.26] said: 550-5.7.1 [67.205.151.88      12] Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1  https://support.google.com/mail/?p=UnsolicitedMessageError 550 5.7.1  for more information. e12si9806509qvj.70 - gsmtp (in reply to end of DATA command))


I am trying to block these emails by using this configuration in the file main.cf of postfix:



"smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination"


but it didn't work. How can I stop this type of open relay?



postconf - output 



alias_database = hash:/etc/aliases

alias_maps = hash:/etc/aliases

anvil_rate_time_unit = 60s

body_checks = regexp:/etc/postfix/body_checks

broken_sasl_auth_clients = yes

command_directory = /usr/sbin

config_directory = /etc/postfix

daemon_directory = /usr/libexec/postfix

data_directory = /var/lib/postfix

debug_peer_level = 2

debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5

disable_vrfy_command = yes

dovecot_destination_recipient_limit = 1

header_checks = regexp:/etc/postfix/header_checks

html_directory = no

inet_interfaces = all

inet_protocols = all

invalid_hostname_reject_code = 554

mail_owner = postfix

mailq_path = /usr/bin/mailq.postfix

manpage_directory = /usr/share/man

message_size_limit = 30720000

milter_default_action = accept

milter_protocol = 2

mua_client_restrictions = permit_sasl_authenticated, reject

mua_helo_restrictions = permit_sasl_authenticated, reject

mua_sender_restrictions = permit_sasl_authenticated, reject

multi_recipient_bounce_reject_code = 554

mydestination = localhost, localhost.localdomain

myhostname = tboxplanet.com

mynetworks = 127.0.0.0/8 10.136.0.0/16

newaliases_path = /usr/bin/newaliases.postfix

non_fqdn_reject_code = 554

non_smtpd_milters = $smtpd_milters

proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $virtual_mailbox_limit_maps

queue_directory = /var/spool/postfix

readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES

relay_domains = proxy:mysql:/etc/postfix/mysql-relay_domains_maps.cf

relay_domains_reject_code = 554

sample_directory = /usr/share/doc/postfix-2.10.1/samples

sendmail_path = /usr/sbin/sendmail.postfix

setgid_group = postdrop

smtp_tls_security_level = may

smtpd_client_message_rate_limit = 0

smtpd_client_recipient_rate_limit = 0

smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031

smtpd_helo_required = yes

smtpd_milters = inet:127.0.0.1:8891

smtpd_recipient_limit = 5000

smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, reject_unknown_recipient_domain, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, permit

smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination

smtpd_sasl_auth_enable = yes

smtpd_sasl_authenticated_header = yes

smtpd_sasl_path = private/auth

smtpd_sasl_type = dovecot

smtpd_sender_restrictions = reject_non_fqdn_sender, permit_mynetworks, permit_sasl_authenticated, reject_sender_login_mismatch, reject_unlisted_sender, check_sender_access pcre:/etc/postfix/access, permit

smtpd_tls_CAfile = /etc/letsencrypt/live/mail.tboxplanet.com/fullchain.pem

smtpd_tls_auth_only = yes

smtpd_tls_cert_file = /etc/letsencrypt/live/mail.tboxplanet.com/cert.pem

smtpd_tls_key_file = /etc/letsencrypt/live/mail.tboxplanet.com/privkey.pem

smtpd_tls_loglevel = 1

smtpd_use_tls = yes

strict_rfc821_envelopes = yes

unknown_address_reject_code = 554

unknown_client_reject_code = 554

unknown_hostname_reject_code = 554

unknown_local_recipient_reject_code = 554

unknown_relay_recipient_reject_code = 554

unknown_virtual_alias_reject_code = 554

unknown_virtual_mailbox_reject_code = 554

unverified_recipient_reject_code = 554

unverified_sender_reject_code = 554

virtual_alias_domains =

virtual_alias_maps = hash:/etc/postfix/blacklist, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, regexp:/etc/postfix/virtual_regexp

virtual_gid_maps = static:12

virtual_mailbox_base = /mnt/vmail

virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains_maps.cf

virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf

virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf

virtual_minimum_uid = 101

virtual_transport = dovecot

virtual_uid_maps = static:101





linux email smtp spam-prevention dovecot







share|improve this question















Our server is being used to send spam from an account that doesn't belong to our domain. This account is sending emails to other domains and it is affecting our IP reputation.



log:



Nov 20 06:31:42 mydomain postfix/qmgr[5177]: 8C5C921014: from=<info3@samrexindia.com>, size=327666, nrcpt=1 (queue active)

Nov 20 06:31:42 mydomain opendkim[1017]: BA73821F61: no signing table match for 'info3@samrexindia.com'

Nov 20 06:31:42 mydomain postfix/qmgr[5177]: BA73821F61: from=<info3@samrexindia.com>, size=327674, nrcpt=1 (queue active)

Nov 20 06:31:42 mydomain postfix/smtp[5214]: 61964220B8: to=<info3@samrexindia.com>, relay=aspmx.l.google.com[74.125.192.26]:25, delay=0.45, delays=0.01/0/0.34/0.1, dsn=5.7.1, status=bounced (host aspmx.l.google.com[74.125.192.26] said: 550-5.7.1 [67.205.151.88      12] Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1  https://support.google.com/mail/?p=UnsolicitedMessageError 550 5.7.1  for more information. e12si9806509qvj.70 - gsmtp (in reply to end of DATA command))


I am trying to block these emails by using this configuration in the file main.cf of postfix:



"smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination"


but it didn't work. How can I stop this type of open relay?



postconf - output 



alias_database = hash:/etc/aliases

alias_maps = hash:/etc/aliases

anvil_rate_time_unit = 60s

body_checks = regexp:/etc/postfix/body_checks

broken_sasl_auth_clients = yes

command_directory = /usr/sbin

config_directory = /etc/postfix

daemon_directory = /usr/libexec/postfix

data_directory = /var/lib/postfix

debug_peer_level = 2

debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5

disable_vrfy_command = yes

dovecot_destination_recipient_limit = 1

header_checks = regexp:/etc/postfix/header_checks

html_directory = no

inet_interfaces = all

inet_protocols = all

invalid_hostname_reject_code = 554

mail_owner = postfix

mailq_path = /usr/bin/mailq.postfix

manpage_directory = /usr/share/man

message_size_limit = 30720000

milter_default_action = accept

milter_protocol = 2

mua_client_restrictions = permit_sasl_authenticated, reject

mua_helo_restrictions = permit_sasl_authenticated, reject

mua_sender_restrictions = permit_sasl_authenticated, reject

multi_recipient_bounce_reject_code = 554

mydestination = localhost, localhost.localdomain

myhostname = tboxplanet.com

mynetworks = 127.0.0.0/8 10.136.0.0/16

newaliases_path = /usr/bin/newaliases.postfix

non_fqdn_reject_code = 554

non_smtpd_milters = $smtpd_milters

proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $virtual_mailbox_limit_maps

queue_directory = /var/spool/postfix

readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES

relay_domains = proxy:mysql:/etc/postfix/mysql-relay_domains_maps.cf

relay_domains_reject_code = 554

sample_directory = /usr/share/doc/postfix-2.10.1/samples

sendmail_path = /usr/sbin/sendmail.postfix

setgid_group = postdrop

smtp_tls_security_level = may

smtpd_client_message_rate_limit = 0

smtpd_client_recipient_rate_limit = 0

smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031

smtpd_helo_required = yes

smtpd_milters = inet:127.0.0.1:8891

smtpd_recipient_limit = 5000

smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, reject_unknown_recipient_domain, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, permit

smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination

smtpd_sasl_auth_enable = yes

smtpd_sasl_authenticated_header = yes

smtpd_sasl_path = private/auth

smtpd_sasl_type = dovecot

smtpd_sender_restrictions = reject_non_fqdn_sender, permit_mynetworks, permit_sasl_authenticated, reject_sender_login_mismatch, reject_unlisted_sender, check_sender_access pcre:/etc/postfix/access, permit

smtpd_tls_CAfile = /etc/letsencrypt/live/mail.tboxplanet.com/fullchain.pem

smtpd_tls_auth_only = yes

smtpd_tls_cert_file = /etc/letsencrypt/live/mail.tboxplanet.com/cert.pem

smtpd_tls_key_file = /etc/letsencrypt/live/mail.tboxplanet.com/privkey.pem

smtpd_tls_loglevel = 1

smtpd_use_tls = yes

strict_rfc821_envelopes = yes

unknown_address_reject_code = 554

unknown_client_reject_code = 554

unknown_hostname_reject_code = 554

unknown_local_recipient_reject_code = 554

unknown_relay_recipient_reject_code = 554

unknown_virtual_alias_reject_code = 554

unknown_virtual_mailbox_reject_code = 554

unverified_recipient_reject_code = 554

unverified_sender_reject_code = 554

virtual_alias_domains =

virtual_alias_maps = hash:/etc/postfix/blacklist, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, regexp:/etc/postfix/virtual_regexp

virtual_gid_maps = static:12

virtual_mailbox_base = /mnt/vmail

virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains_maps.cf

virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf

virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf

virtual_minimum_uid = 101

virtual_transport = dovecot

virtual_uid_maps = static:101





linux email smtp spam-prevention dovecot




linux email smtp spam-prevention dovecot






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 20 at 16:19









Worthwelle

2,2593724




2,2593724










asked Nov 20 at 15:30









Snick MB

12




12












  • Will depend on the rest of your config. Can you post output of postconf -n
    – ivanivan
    Nov 20 at 15:41










  • I edit the question whit the output of postconf -n
    – Snick MB
    Nov 20 at 15:50


















  • Will depend on the rest of your config. Can you post output of postconf -n
    – ivanivan
    Nov 20 at 15:41










  • I edit the question whit the output of postconf -n
    – Snick MB
    Nov 20 at 15:50
















Will depend on the rest of your config. Can you post output of postconf -n
– ivanivan
Nov 20 at 15:41




Will depend on the rest of your config. Can you post output of postconf -n
– ivanivan
Nov 20 at 15:41












I edit the question whit the output of postconf -n
– Snick MB
Nov 20 at 15:50




I edit the question whit the output of postconf -n
– Snick MB
Nov 20 at 15:50










2 Answers
2






active

oldest

votes

















up vote
0
down vote













OK, you are using MySQL to store users, domains to service, etc. You'll need to open up one of the mysql conf files, get the username/password and what database is being used, and look through the users and transport maps to figure out exactly who your server is configured to service. Then remove the accounts/domains that do not belong to your company.



Look at the file /etc/postfix/mysql-virtual_mailbox_maps.cf It should have something like



user = mailuser

password = secretword!

hosts = 127.0.0.1

dbname = mail_data

query = SELECT 1 FROM virtual_users WHERE email='%s'


In it. Username, password, and database are all listed there. Use that info to connect via mysql client, or mysql-workbench, etc. to do your exploration.



It appears that your mail server is set up similar to how this tutorial works - https://workaround.org/ispmail/jessie






share|improve this answer





















  • I'm looking for what you said, but this user info3@samrexindia.com doesn't exist in our databases(tables:alias,aliasdomains,address), that's weird in this case because this domain samrexindia.com is unfamiliar for us
    – Snick MB
    Nov 20 at 16:41


















up vote
0
down vote



accepted










After several days without incident i'm find the solution to our problem.



smtpd_relay_restrictions = check_sender_access hash:/etc/postfix/permit_domain


I create a list of domains who can send emails(relay), this list just authorizing mydomain, because the email who are sending spam is under domain gmail






share|improve this answer





















    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "3"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1377012%2fpostfix-dovecot-other-domain-is-using-our-server-to-send-spam%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    0
    down vote













    OK, you are using MySQL to store users, domains to service, etc. You'll need to open up one of the mysql conf files, get the username/password and what database is being used, and look through the users and transport maps to figure out exactly who your server is configured to service. Then remove the accounts/domains that do not belong to your company.



    Look at the file /etc/postfix/mysql-virtual_mailbox_maps.cf It should have something like



    user = mailuser
    
password = secretword!
    
hosts = 127.0.0.1
    
dbname = mail_data
    
query = SELECT 1 FROM virtual_users WHERE email='%s'


    In it. Username, password, and database are all listed there. Use that info to connect via mysql client, or mysql-workbench, etc. to do your exploration.



    It appears that your mail server is set up similar to how this tutorial works - https://workaround.org/ispmail/jessie






    share|improve this answer





















    • I'm looking for what you said, but this user info3@samrexindia.com doesn't exist in our databases(tables:alias,aliasdomains,address), that's weird in this case because this domain samrexindia.com is unfamiliar for us
      – Snick MB
      Nov 20 at 16:41















    up vote
    0
    down vote













    OK, you are using MySQL to store users, domains to service, etc. You'll need to open up one of the mysql conf files, get the username/password and what database is being used, and look through the users and transport maps to figure out exactly who your server is configured to service. Then remove the accounts/domains that do not belong to your company.



    Look at the file /etc/postfix/mysql-virtual_mailbox_maps.cf It should have something like



    user = mailuser
    
password = secretword!
    
hosts = 127.0.0.1
    
dbname = mail_data
    
query = SELECT 1 FROM virtual_users WHERE email='%s'


    In it. Username, password, and database are all listed there. Use that info to connect via mysql client, or mysql-workbench, etc. to do your exploration.



    It appears that your mail server is set up similar to how this tutorial works - https://workaround.org/ispmail/jessie






    share|improve this answer





















    • I'm looking for what you said, but this user info3@samrexindia.com doesn't exist in our databases(tables:alias,aliasdomains,address), that's weird in this case because this domain samrexindia.com is unfamiliar for us
      – Snick MB
      Nov 20 at 16:41













    up vote
    0
    down vote










    up vote
    0
    down vote









    OK, you are using MySQL to store users, domains to service, etc. You'll need to open up one of the mysql conf files, get the username/password and what database is being used, and look through the users and transport maps to figure out exactly who your server is configured to service. Then remove the accounts/domains that do not belong to your company.



    Look at the file /etc/postfix/mysql-virtual_mailbox_maps.cf It should have something like



    user = mailuser
    
password = secretword!
    
hosts = 127.0.0.1
    
dbname = mail_data
    
query = SELECT 1 FROM virtual_users WHERE email='%s'


    In it. Username, password, and database are all listed there. Use that info to connect via mysql client, or mysql-workbench, etc. to do your exploration.



    It appears that your mail server is set up similar to how this tutorial works - https://workaround.org/ispmail/jessie






    share|improve this answer












    OK, you are using MySQL to store users, domains to service, etc. You'll need to open up one of the mysql conf files, get the username/password and what database is being used, and look through the users and transport maps to figure out exactly who your server is configured to service. Then remove the accounts/domains that do not belong to your company.



    Look at the file /etc/postfix/mysql-virtual_mailbox_maps.cf It should have something like



    user = mailuser
    
password = secretword!
    
hosts = 127.0.0.1
    
dbname = mail_data
    
query = SELECT 1 FROM virtual_users WHERE email='%s'


    In it. Username, password, and database are all listed there. Use that info to connect via mysql client, or mysql-workbench, etc. to do your exploration.



    It appears that your mail server is set up similar to how this tutorial works - https://workaround.org/ispmail/jessie







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Nov 20 at 15:56









    ivanivan

    1,12617




    1,12617












    • I'm looking for what you said, but this user info3@samrexindia.com doesn't exist in our databases(tables:alias,aliasdomains,address), that's weird in this case because this domain samrexindia.com is unfamiliar for us
      – Snick MB
      Nov 20 at 16:41


















    • I'm looking for what you said, but this user info3@samrexindia.com doesn't exist in our databases(tables:alias,aliasdomains,address), that's weird in this case because this domain samrexindia.com is unfamiliar for us
      – Snick MB
      Nov 20 at 16:41
















    I'm looking for what you said, but this user info3@samrexindia.com doesn't exist in our databases(tables:alias,aliasdomains,address), that's weird in this case because this domain samrexindia.com is unfamiliar for us
    – Snick MB
    Nov 20 at 16:41




    I'm looking for what you said, but this user info3@samrexindia.com doesn't exist in our databases(tables:alias,aliasdomains,address), that's weird in this case because this domain samrexindia.com is unfamiliar for us
    – Snick MB
    Nov 20 at 16:41












    up vote
    0
    down vote



    accepted










    After several days without incident i'm find the solution to our problem.



    smtpd_relay_restrictions = check_sender_access hash:/etc/postfix/permit_domain


    I create a list of domains who can send emails(relay), this list just authorizing mydomain, because the email who are sending spam is under domain gmail






    share|improve this answer

























      up vote
      0
      down vote



      accepted










      After several days without incident i'm find the solution to our problem.



      smtpd_relay_restrictions = check_sender_access hash:/etc/postfix/permit_domain


      I create a list of domains who can send emails(relay), this list just authorizing mydomain, because the email who are sending spam is under domain gmail






      share|improve this answer























        up vote
        0
        down vote



        accepted







        up vote
        0
        down vote



        accepted






        After several days without incident i'm find the solution to our problem.



        smtpd_relay_restrictions = check_sender_access hash:/etc/postfix/permit_domain


        I create a list of domains who can send emails(relay), this list just authorizing mydomain, because the email who are sending spam is under domain gmail






        share|improve this answer












        After several days without incident i'm find the solution to our problem.



        smtpd_relay_restrictions = check_sender_access hash:/etc/postfix/permit_domain


        I create a list of domains who can send emails(relay), this list just authorizing mydomain, because the email who are sending spam is under domain gmail







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 23 at 15:42









        Snick MB

        12




        12






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Super User!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1377012%2fpostfix-dovecot-other-domain-is-using-our-server-to-send-spam%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Plaza Victoria

            Image
            Plaza Victoria Plaza Victoria en 2017 Otros nombres Plaza de La Victoria Localización El Almendral, Valparaíso, Chile Vías adyacentes Chacabuco, Molina, Plaza Victoria y Edwards Creación 1841 Metro Bellavista Ubicación 33°02′46″S 71°37′11″O  /  -33.04624167, -71.61980833 Coordenadas: 33°02′46″S 71°37′11″O  /  -33.04624167, -71.61980833 [editar datos en Wikidata] La Plaza Victoria , también llamada Plaza de la Victoria , [ 1 ] ​ es una plaza ubicada en el sector El Almendral del plan de la ciudad de Valparaíso, Chile, de importancia patrimonial, que incluye valiosas estatuas y especies vegetales. [ 2 ] ​ La plaza se creó como tal en la primera mitad del siglo XIX, tomando previamente los nombres de Plaza Nueva y Plaza de Orrego . Si bien desde sus inicios tuvo relevancia histórica, no fue sino a partir de fines de los años 1860 cuando comenzó a cobrar mayor importancia y se convirtió en uno de los principales centros sociales de l
            Read more

            In PowerPoint, is there a keyboard shortcut for bulleted / numbered list?

            Image
            .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 2 OneNote has two useful keyboard shortcuts for bulleted and numbered lists, namely Ctrl + . and Ctrl + - . Is there something similar for PowerPoint where the work with lists is also very common? Haven't found anything here: Use keyboard shortcuts in PowerPoint. keyboard-shortcuts microsoft-powerpoint share | improve this question edited Aug 14 '14 at 14:49 Linger 2,826 10 28 40
            Read more

            How to put 3 figures in Latex with 2 figures side by side and 1 below these side by side images but in...

            Image
            1 0 I want to put 3 images in LateX such as 2 figures are side by side horizotally and 3rd figure below these 2 side by side figures but in middle. I have following code: begin{figure}[H] centering begin{minipage}{.5textwidth} centering includegraphics[width=.50linewidth]{Text/Images/Genelec_8010_AP.jpg} captionof{figure}{Genelec 8010 AP} label{fig:Genelec 8010} end{minipage}% begin{minipage}{.5textwidth} centering includegraphics[width=.69linewidth]{Text/Images/Genelec_8020_CPM.jpg} captionof{figure}{Genelec 8020 CPM} label{fig:Genelec 8020} end{minipage}% end{figure} %%Here is my 3rd picture code begin{figure} centering includegraphics[width=5cm]{Text/Images/Genelec_8030_BPM.jpg} caption{Genelec 8030 BPM} label{fig:Genelec 8030} end{figure} I want to ask ho
            Read more