Page 8 of 8 FirstFirst ... 678
Results 71 to 79 of 79

Thread: My server is sending spam

  1. #71
    Join Date
    Nov 2008
    Location
    Maine
    Beans
    1,125
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: My server is sending spam

    what firewall do you use?
    evaluate how compromised your computer is. is it worth saving or should you start clean?
    (choosing save the system
    First: backup all your logs (and hope they didnt cook the logs)
    2nd: disable outgoing and incoming connections on all ports (except what you need)
    3: identify the services you should be running, and disable everything else.
    4. harden / secure those services.

    you can get many pointers on system hardening on this forum if you tell us more about what services you should be running
    ~Conradin~

  2. #72
    Join Date
    Sep 2008
    Beans
    193
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: My server is sending spam

    I use iptables which I manager from within webmin. I also have a router where I manually forward the ports I need to use to this server. By starting over do you mean remove the postfix and do a new install of it ? Cause I dont think the rest of the computer is compromised. The spamming ended short time after I made the first post. The problem now is that I can't receive emails, just send them out.

  3. #73
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    9,987
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: My server is sending spam

    Is the machine's IP address 79.161.88.51? Or is that an upstream router? Right now your mynetworks directive only allows mail sent from that address and the localhost address. If you have an Internet-facing machine, I believe you need to use 0/0 for mynetworks to accept mail from all Internet addresses. If you do that, you must make sure that you only accept mail for your own domain and no others. Otherwise you will be running an open relay that spammers can exploit. Have you read this page of documentation thoroughly?
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  4. #74
    Join Date
    Nov 2009
    Location
    Segur De Calafell, Spain
    Beans
    11,906
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: My server is sending spam

    I'm no expert for the mail server but from networking point of view I also have problems with this: 79.161.88.51/24. If you use /24 that means it covers 256 addresses, and the most usual way to use it is replacing the whole range for the last section of the IP. Like 192.168.1.0/24 is the whole range 192.168.1.1 to 192.168.1.254.

    I guess that is why the warning suggested maybe you should use 79.161.88.0/24.

    I guess you put the /24 there by default but if you want to single out only one single IP, your IP, it would be like 79.161.88.51/32 I believe.

    Anyway with what Sensei said you should use something like 0/0 so the discussion about the above is pointless.
    Darko.
    -----------------------------------------------------------------------
    Ubuntu 14.04 LTS 64bit & Windows 7 Ultimate 64bit

  5. #75
    Join Date
    Sep 2008
    Beans
    193
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: My server is sending spam

    Quote Originally Posted by SeijiSensei View Post
    Is the machine's IP address 79.161.88.51? Or is that an upstream router? Right now your mynetworks directive only allows mail sent from that address and the localhost address. If you have an Internet-facing machine, I believe you need to use 0/0 for mynetworks to accept mail from all Internet addresses. If you do that, you must make sure that you only accept mail for your own domain and no others. Otherwise you will be running an open relay that spammers can exploit. Have you read this page of documentation thoroughly?
    Thats the upstream router. There are multiple machines here and Im using port forward to the server on the router

  6. #76
    Join Date
    Sep 2008
    Beans
    193
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: My server is sending spam

    Quote Originally Posted by darkod View Post
    I'm no expert for the mail server but from networking point of view I also have problems with this: 79.161.88.51/24. If you use /24 that means it covers 256 addresses, and the most usual way to use it is replacing the whole range for the last section of the IP. Like 192.168.1.0/24 is the whole range 192.168.1.1 to 192.168.1.254.

    I guess that is why the warning suggested maybe you should use 79.161.88.0/24.

    I guess you put the /24 there by default but if you want to single out only one single IP, your IP, it would be like 79.161.88.51/32 I believe.

    Anyway with what Sensei said you should use something like 0/0 so the discussion about the above is pointless.
    I changed to 79.161.88.0/24 now and I received some emails that were sent from the router. Still can't receive my test mails from gmail though. So we have moved a step forward

  7. #77
    Join Date
    Nov 2009
    Location
    Segur De Calafell, Spain
    Beans
    11,906
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: My server is sending spam

    I would also try with the exact IP without the /24 part. That way you limit it to that IP only. Since that's your upstream router as you now explained, that should be fine.

    What does the returned mail on gmail say? Usually undelivered mails have a good explanation message with error code you can google, etc.
    Darko.
    -----------------------------------------------------------------------
    Ubuntu 14.04 LTS 64bit & Windows 7 Ultimate 64bit

  8. #78
    Join Date
    Sep 2008
    Beans
    193
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: My server is sending spam

    This is what I get in return on gmail

    THIS IS A WARNING MESSAGE ONLY.

    YOU DO NOT NEED TO RESEND YOUR MESSAGE.

    Delivery to the following recipient has been delayed:

    roger@truckstop24.no

    Message will be retried for 2 more day(s)

    Technical details of temporary failure:
    Google tried to deliver your message, but it was rejected by the server for the recipient domain truckstop24.no by mail.truckstop24.no. [79.161.88.51].

    The error that the other server returned was:
    451 4.3.0 <roger@truckstop24.no>: Temporary lookup failure

    ----- Original message -----

    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
    d=gmail.com; s=20120113;
    h=mime-version-received:date:message-id:subject:from:to
    :content-type;
    bh=8IE5bH9zm+hgNducuxWFTS0mVHTRxClKMYkuXHGbgOY
    b=TANng1yjkjF0ScllUcVeH+Vs5UX0I2UC/lAPAVX1v8E3hCgZvoTn068doFqNH9ZRuv
    GER9EOjdI+BtsdJ7quGaEM811xcVQ+i4oTuFC8ZxbFW7PxC0V5 dV0EVm3Tto9QWkwTwy
    HzqPB/sTgyL9xrJBpNauEHFrdLwUkWDwpgRhsWe8DZ+UXwIPvf3rn6uX Qw1XVv6wfRKu
    8zfmx/QtppbwySonoD36kDEED0Cs1MB6hRzv+9J2OPjxXV7KmpdvTRSL X8a0v4fe+5ts
    dPgD9/IcxHfg+DUezE+oQ/bHosyD9p0E7J9LNugtq71h1o7Lv5YSLGj5WV8vajBGnD8f
    6irQ==
    MIME-Version: 1.0
    X-Received: by 10.15.45.136 with SMTP id b8mr1085725eew.11.1365035544800; Wed,
    03 Apr 2013 17:32:24 -0700 (PDT)
    Received: by 10.15.25.5 with HTTP; Wed, 3 Apr 2013 17:32:24 -0700 (PDT)
    Date: Thu, 4 Apr 2013 02:32:24 +0200
    Message-ID: <CALtvZM_73i1B0BxhtvT-PjrQofLp+ZsvxaMmO1hkNvyRvODrVQ@mail.gmail.com>
    Subject: hei roger
    From: Roger Andersen <roger.andersen@gmail.com>
    To: "roger@truckstop24.no" <roger@truckstop24.no>
    Content-Type: multipart/alternative; boundary=089e016284a6c113e504d97e1a4d

  9. #79
    Join Date
    Sep 2008
    Beans
    193
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: My server is sending spam

    I changed mynetworks to this and it works now.

    Code:
    mynetworks = 127.0.0.0/8 79.161.88.0/32

Page 8 of 8 FirstFirst ... 678

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •