My server is sending spam

**AvengerX9** · November 16th, 2012

Okay, I got a phone call from my ISP telling me that my server is sending spam. So I guess someone is using my server to spam. How can I troubleshoot and fix this before they cut me off the net for good?

I appreciate all the help I can get on this matter. Thanks for reading!

**SlugSlug** · November 16th, 2012

Do you have a mail server installed?

Test open relay here

http://www.mailradar.com/openrelay/

**HermanAB** · November 16th, 2012

First kill all email:
iptables -I -i eth0 -p tcp --dport 25 -j DROP

Now you can investigate things at your leasure.

**AvengerX9** · November 16th, 2012

Originally Posted by SlugSlug

Do you have a mail server installed?

Test open relay here

http://www.mailradar.com/openrelay/

It says port 25 is closed and the command does not work. I'm looking in my mail logs and there are lots of stuff. Let me post it for you.

Here is one line out of thousands!

Nov 12 06:44:10 roger-G31T-M7 postfix/error[8030]: 0A417145035: to=<avist@keytown.com>, relay=none, delay=2050, delays=1949/96/0/4.7, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with smtp.nenett.no[81.167.36.150] while sending RCPT TO)

**AvengerX9** · November 16th, 2012

I turned off my postfix mail server. It seems like the mail log have stopped getting new records now. How can I fix this to prevent it from being used to spam again ?

**mlentink** · November 16th, 2012

Do not allow relays.
You might want to read through this for a solid mailserver configuration

**AvengerX9** · November 16th, 2012

how can I disable relays ?

**lisati** · November 16th, 2012

Originally Posted by AvengerX9

how can I disable relays ?

Having something like this in your main.cf file will often be a help:

Code:

smtpd_recipient_restrictions =
    reject_invalid_hostname, 
    reject_non_fqdn_sender, 
    reject_non_fqdn_recipient, 
    reject_unknown_sender_domain, 
    reject_unknown_recipient_domain, 
    reject_unauth_pipelining, 
    permit_mynetworks, 
    reject_unauth_destination, 
    reject_rbl_client bl.spamcop.net 
    permit

The important line is "reject_unauth_destination", which limits the incoming mail that doesn't arrive via your own network to destinations in Postfix's "mydestination =" line in the main.cf file.

**AvengerX9** · November 16th, 2012

Can I just add this to the bottom of my main.cf file or should I place it somewhere else in there ?

**AvengerX9** · November 16th, 2012

Now I'm also getting this in my mail log, but I don't know what it means

postfix/postfix-script[####]warning: not owned by postfix: /var/lib/postfix/./verify_cache

Thread: My server is sending spam

Thread Tools

Display

My server is sending spam

Re: My server is sending spam

Re: My server is sending spam

Re: My server is sending spam

Re: My server is sending spam

Re: My server is sending spam

Re: My server is sending spam

Re: My server is sending spam

Re: My server is sending spam

Re: My server is sending spam

Bookmarks

Bookmarks

Posting Permissions