my server generates spam

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
26 messages Options
12
Reply | Threaded
Open this post in threaded view
|

my server generates spam

Giuseppe Perna
hy,
i have an old version of postfix.
i have this problem: from my server with sender [hidden email]
leave hundreds of spam messages to the Internet, I analyzed the file /
var / log / maillog and I see this:
BE80AB81E65     3272 Tue May  8 08:18:41  [hidden email]
(host smart-relay.mail.pippo.it[210.91.5.137] said: 451 DNS temporary
error. (in reply to RCPT TO command))
                                         [hidden email]
                                         [hidden email]
                                         [hidden email]
                                         [hidden email]
                                         [hidden email]

how can I check who is the real user who generates envi spam?


thanks
Reply | Threaded
Open this post in threaded view
|

Re: my server generates spam

Bill Weiss-5
Giuseppe Perna([hidden email])@Tue, May 08, 2012 at 11:10:15PM +0200:

> hy,
> i have an old version of postfix.
> i have this problem: from my server with sender [hidden email]
> leave hundreds of spam messages to the Internet, I analyzed the file /
> var / log / maillog and I see this:
> BE80AB81E65     3272 Tue May  8 08:18:41  [hidden email]
> (host smart-relay.mail.pippo.it[210.91.5.137] said: 451 DNS temporary
> error. (in reply to RCPT TO command))
>                                          [hidden email]
>                                          [hidden email]
>                                          [hidden email]
>                                          [hidden email]
>                                          [hidden email]
>
> how can I check who is the real user who generates envi spam?

Look in your server logs for BE80AB81E65 and see who sent.  Hopefully you
have SMTP AUTH turned on, otherwise you'll just get a source IP to track
down.

--
Bill Weiss
Reply | Threaded
Open this post in threaded view
|

Re: my server generates spam

Giuseppe Perna
hello, thanks for rispota.
You please be more specific?
logs to check are / var / log / mailllog right?

how do I check if SMTP AUTH is active?
how do I check the ip who sent this email spam?
thanks




2012/5/9 Bill Weiss <[hidden email]>:

> Giuseppe Perna([hidden email])@Tue, May 08, 2012 at 11:10:15PM +0200:
>> hy,
>> i have an old version of postfix.
>> i have this problem: from my server with sender [hidden email]
>> leave hundreds of spam messages to the Internet, I analyzed the file /
>> var / log / maillog and I see this:
>> BE80AB81E65     3272 Tue May  8 08:18:41  [hidden email]
>> (host smart-relay.mail.pippo.it[210.91.5.137] said: 451 DNS temporary
>> error. (in reply to RCPT TO command))
>>                                          [hidden email]
>>                                          [hidden email]
>>                                          [hidden email]
>>                                          [hidden email]
>>                                          [hidden email]
>>
>> how can I check who is the real user who generates envi spam?
>
> Look in your server logs for BE80AB81E65 and see who sent.  Hopefully you
> have SMTP AUTH turned on, otherwise you'll just get a source IP to track
> down.
>
> --
> Bill Weiss
Reply | Threaded
Open this post in threaded view
|

Re: my server generates spam

Robert Schetterer
Am 09.05.2012 09:01, schrieb Giuseppe Perna:

> hello, thanks for rispota.
> You please be more specific?
> logs to check are / var / log / mailllog right?
>
> how do I check if SMTP AUTH is active?
> how do I check the ip who sent this email spam?
> thanks
>
>
>
>
> 2012/5/9 Bill Weiss <[hidden email]>:
>> Giuseppe Perna([hidden email])@Tue, May 08, 2012 at 11:10:15PM +0200:
>>> hy,
>>> i have an old version of postfix.
>>> i have this problem: from my server with sender [hidden email]
>>> leave hundreds of spam messages to the Internet, I analyzed the file /
>>> var / log / maillog and I see this:
>>> BE80AB81E65     3272 Tue May  8 08:18:41  [hidden email]
>>> (host smart-relay.mail.pippo.it[210.91.5.137] said: 451 DNS temporary
>>> error. (in reply to RCPT TO command))
>>>                                          [hidden email]
>>>                                          [hidden email]
>>>                                          [hidden email]
>>>                                          [hidden email]
>>>                                          [hidden email]
>>>
>>> how can I check who is the real user who generates envi spam?
>>
>> Look in your server logs for BE80AB81E65 and see who sent.  Hopefully you
>> have SMTP AUTH turned on, otherwise you'll just get a source IP to track
>> down.
>>
>> --
>> Bill Weiss

i.e try
grep BE80AB81E65 /var/log/mail or /var/log/mail.log

to find out whats going on about that mail

if you have no idea what SMTP AUTH is
you should better shut down the server temp
and read postfix docs about setup/config
and/or get some paid help service
come back here, post your config , ask questions,
fix your setup , turn on the server again

--
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria
Reply | Threaded
Open this post in threaded view
|

Re: my server generates spam

Simone Caruso
> if you have no idea what SMTP AUTH is
> you should better shut down the server temp
> and read postfix docs about setup/config
> and/or get some paid help service
> come back here, post your config , ask questions,
> fix your setup , turn on the server again
>
Dont be so harsh with my contryman :)

--
Simone Caruso
IT Consultant
+39 349 65 90 805

Reply | Threaded
Open this post in threaded view
|

Re: my server generates spam

Robert Schetterer
Am 09.05.2012 09:16, schrieb Simone Caruso:
>> if you have no idea what SMTP AUTH is
>> you should better shut down the server temp
>> and read postfix docs about setup/config
>> and/or get some paid help service
>> come back here, post your config , ask questions,
>> fix your setup , turn on the server again
>>
> Dont be so harsh with my contryman :)

that wasnt my intention, but servers
generate spam are wasting public nets and making hard times to all of us
and you should have have basic knowledge/study
about postfix before turn it on at www
thats what the docs are for, rest
questions and help will be answered here
but mostly nobody has time to teach the very basics
if you are in a urgent time case you should better hire someone
near helping you, while learning more about postfix


--
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria
Reply | Threaded
Open this post in threaded view
|

Re: my server generates spam

Giuseppe Perna
In reply to this post by Robert Schetterer
Thanks Robert for your answer,
but analysis of the log does not show any indication.
in / var / log / maillog there are no indications of ip and user that
generates emails with sender [hidden email]

this is the resulter to grep
I would like to increase the debug log, how do I?

May  9 05:06:02 neruda postfix/smtp[20559]: BE80AB81E65:
to=<[hidden email]>, relay=smart-relay.pippo.xxt.it[210.85.7.10],
delay=74841, status=deferred (host
smart-smart-relay.pippo.xxt.it[210.85.7.10]said: 451 DNS temporary
error. (in reply to RCPT TO command))

2012/5/9 Robert Schetterer <[hidden email]>:

> Am 09.05.2012 09:01, schrieb Giuseppe Perna:
>> hello, thanks for rispota.
>> You please be more specific?
>> logs to check are / var / log / mailllog right?
>>
>> how do I check if SMTP AUTH is active?
>> how do I check the ip who sent this email spam?
>> thanks
>>
>>
>>
>>
>> 2012/5/9 Bill Weiss <[hidden email]>:
>>> Giuseppe Perna([hidden email])@Tue, May 08, 2012 at 11:10:15PM +0200:
>>>> hy,
>>>> i have an old version of postfix.
>>>> i have this problem: from my server with sender [hidden email]
>>>> leave hundreds of spam messages to the Internet, I analyzed the file /
>>>> var / log / maillog and I see this:
>>>> BE80AB81E65     3272 Tue May  8 08:18:41  [hidden email]
>>>> (host smart-relay.mail.pippo.it[210.91.5.137] said: 451 DNS temporary
>>>> error. (in reply to RCPT TO command))
>>>>                                          [hidden email]
>>>>                                          [hidden email]
>>>>                                          [hidden email]
>>>>                                          [hidden email]
>>>>                                          [hidden email]
>>>>
>>>> how can I check who is the real user who generates envi spam?
>>>
>>> Look in your server logs for BE80AB81E65 and see who sent.  Hopefully you
>>> have SMTP AUTH turned on, otherwise you'll just get a source IP to track
>>> down.
>>>
>>> --
>>> Bill Weiss
>
> i.e try
> grep BE80AB81E65 /var/log/mail or /var/log/mail.log
>
> to find out whats going on about that mail
>
> if you have no idea what SMTP AUTH is
> you should better shut down the server temp
> and read postfix docs about setup/config
> and/or get some paid help service
> come back here, post your config , ask questions,
> fix your setup , turn on the server again
>
> --
> Best Regards
>
> MfG Robert Schetterer
>
> Germany/Munich/Bavaria



--
Reply | Threaded
Open this post in threaded view
|

Re: my server generates spam

Ansgar Wiechers
On 2012-05-09 Giuseppe Perna wrote:
> but analysis of the log does not show any indication.
> in / var / log / maillog there are no indications of ip and user that
> generates emails with sender [hidden email]
>
> this is the resulter to grep

Please post the full output of "grep BE80AB81E65 /var/log/maillog". Do
not make assumptions about what is or isn't relevant in that output.

> I would like to increase the debug log, how do I?

You don't, unless someone specifically asks you to. Please follow the
advice in <http://www.postfix.org/DEBUG_README.html#mail>. Particularly
post the output of "postconf -n".

> May  9 05:06:02 neruda postfix/smtp[20559]: BE80AB81E65:
> to=<[hidden email]>, relay=smart-relay.pippo.xxt.it[210.85.7.10],
> delay=74841, status=deferred (host
> smart-smart-relay.pippo.xxt.it[210.85.7.10]said: 451 DNS temporary
> error. (in reply to RCPT TO command))

smart-relay.pippo.xxt.it does not have the IP address 210.85.7.10. Do
not fake or obfuscate log excerpts.

Regards
Ansgar Wiechers
--
"Abstractions save us time working, but they don't save us time learning."
--Joel Spolsky
Reply | Threaded
Open this post in threaded view
|

Re: my server generates spam

Matthew D. Fuller
In reply to this post by Giuseppe Perna
On Wed, May 09, 2012 at 10:53:15AM +0200 I heard the voice of
Giuseppe Perna, and lo! it spake thus:
>
> May  9 05:06:02 neruda postfix/smtp[20559]: BE80AB81E65:
> to=<[hidden email]>, relay=smart-relay.pippo.xxt.it[210.85.7.10],
> delay=74841, status=deferred (host
        ^^^^^

That's almost a full day the mail's been in the queue.  Depending on
your server config and load, maillog may have been rotated since it
first came in, so you may have to check an older log to find the
original submission.


--
Matthew Fuller     (MF4839)   |  [hidden email]
Systems/Network Administrator |  http://www.over-yonder.net/~fullermd/
           On the Internet, nobody can hear you scream.
Reply | Threaded
Open this post in threaded view
|

Re: my server generates spam

/dev/rob0
In reply to this post by Simone Caruso
On Wed, May 09, 2012 at 09:16:35AM +0200, Simone Caruso wrote:
Robert:
> > if you have no idea what SMTP AUTH is
> > you should better shut down the server temp
> > and read postfix docs about setup/config
> > and/or get some paid help service
> > come back here, post your config , ask questions,
> > fix your setup , turn on the server again
> >
> Dont be so harsh with my contryman :)

Robert's advice was spot on. Would you prefer that Giuseppe (who,
incidentally, accepted the advice in the spirit intended) be told
things to make him feel good, while not conveying the urgency and
seriousness of the situation?

Italian ISPs have to deal with abuse complaints, as do all ISPs.
They're not likely to sugar-coat the message when they tell him his
Internet access has been shut off.

Giuseppe needs to know the truth. He has gotten good guidance from
Robert and all others in this thread.

Giuseppe, do what he said. Shut it down NOW, before your ISP does.
--
  http://rob0.nodns4.us/ -- system administration and consulting
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Reply | Threaded
Open this post in threaded view
|

Re: my server generates spam

mouss-4
In reply to this post by Giuseppe Perna
Le 08/05/2012 23:10, Giuseppe Perna a écrit :

> hy,
> i have an old version of postfix.
> i have this problem: from my server with sender [hidden email]
> leave hundreds of spam messages to the Internet, I analyzed the file /
> var / log / maillog and I see this:
> BE80AB81E65     3272 Tue May  8 08:18:41  [hidden email]
> (host smart-relay.mail.pippo.it[210.91.5.137] said: 451 DNS temporary
> error. (in reply to RCPT TO command))
>                                          [hidden email]
>                                          [hidden email]
>                                          [hidden email]
>                                          [hidden email]
>                                          [hidden email]
>
> how can I check who is the real user who generates envi spam?
>

thank you for contacting us.

please read the fine directions described in
        http://www.postfix.org/DEBUG_README.html#mail

there is no chance that we yunderstand what happens in your platform
unless you explain it clearly.

and stating "my server generates spam" won't make it urgent for us.
Reply | Threaded
Open this post in threaded view
|

Re: my server generates spam

Giuseppe Perna
hy,
thanks for replay.
my server postfix use smarthost "smart-relay.mail.inet.it"
the relay has been blocked because the address generated spam from:
[hidden email]

this is log for /var/log/mailllog:
May  8 08:18:41 neruda postfix/smtpd[3062]: BE80AB81E65:
client=localhost[127.0.0.1]
May  8 08:18:43 neruda postfix/cleanup[3208]: BE80AB81E65:
message-id=<62105.176.61.140.133.1336457923.squirrel@176.61.140.133>
May  8 08:18:43 neruda postfix/qmgr[188]: BE80AB81E65:
from=<[hidden email]>, size=3272, nrcpt=900 (queue active)
May  8 08:58:24 neruda postfix/smtp[3628]: BE80AB81E65:
to=<[hidden email]>, relay=smart-relay.mail.inet.it[213.92.5.135],
delay=2383, status=sent (250 ::ffff:212.239.122.39+6qwa3V5oRt Mail
accepted)
May  8 08:58:24 neruda postfix/smtp[3628]: BE80AB81E65:
to=<[hidden email]>,
relay=smart-relay.mail.inet.it[213.92.5.135], delay=2383, status=sent
(250 ::ffff:212.239.122.39+6qwa3V5oRt Mail accepted)
May  8 08:58:24 neruda postfix/smtp[3628]: BE80AB81E65:
to=<[hidden email]>,
relay=smart-relay.mail.inet.it[213.92.5.135], delay=2383, status=sent
(250 ::ffff:212.239.122.39+6qwa3V5oRt Mail accepted)
........


perhaps using the webmail with this ip 176.61.140.133
BE80AB81E65: message-id=<62105.176.61.140.133.1336457923.squirrel@176.61.140.133>


#postconf -n

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_process_limit = 100
defer_transports = uucp
delay_warning_time = 30m
header_checks = regexp:/etc/postfix/header_checks
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/bin/procmail
mailbox_size_limit = 1004800000
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maximal_backoff_time = 2h
maximal_queue_lifetime = 1d
message_size_limit = 102400000
minimal_backoff_time = 1h
mydestination = $mydomain,esempio.it (local domain)
mydomain = esempio.it
myhostname = mail.esempio.it
mynetworks = 192.168.1.0/24
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
queue_run_delay = 10m
readme_directory = /usr/share/doc/postfix-1.1.11/README_FILES
relay_domains = $mydestination
sample_directory = /usr/share/doc/postfix-1.1.11/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
swap_bangpath = no
virtual_mailbox_limit = 1004800000


how can I find the account used to send spam?

thanks








2012/5/9 mouss <[hidden email]>:

> Le 08/05/2012 23:10, Giuseppe Perna a écrit :
>> hy,
>> i have an old version of postfix.
>> i have this problem: from my server with sender [hidden email]
>> leave hundreds of spam messages to the Internet, I analyzed the file /
>> var / log / maillog and I see this:
>> BE80AB81E65     3272 Tue May  8 08:18:41  [hidden email]
>> (host smart-relay.mail.pippo.it[210.91.5.137] said: 451 DNS temporary
>> error. (in reply to RCPT TO command))
>>                                          [hidden email]
>>                                          [hidden email]
>>                                          [hidden email]
>>                                          [hidden email]
>>                                          [hidden email]
>>
>> how can I check who is the real user who generates envi spam?
>>
>
> thank you for contacting us.
>
> please read the fine directions described in
>        http://www.postfix.org/DEBUG_README.html#mail
>
> there is no chance that we yunderstand what happens in your platform
> unless you explain it clearly.
>
> and stating "my server generates spam" won't make it urgent for us.



--
Reply | Threaded
Open this post in threaded view
|

Re: my server generates spam

Wietse Venema
Giuseppe Perna:
> this is log for /var/log/mailllog:
> May  8 08:18:41 neruda postfix/smtpd[3062]: BE80AB81E65:
> client=localhost[127.0.0.1]
> May  8 08:18:43 neruda postfix/cleanup[3208]: BE80AB81E65:
> message-id=<62105.176.61.140.133.1336457923.squirrel@176.61.140.133>
...
> perhaps using the webmail with this ip 176.61.140.133
> BE80AB81E65: message-id=<62105.176.61.140.133.1336457923.squirrel@176.61.140.133>

Look in your webmail logs for activity at that time.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: my server generates spam

Giuseppe Perna
thanks for repaly,
this is log foe webmail:

176.61.140.133 - - [08/May/2012:08:18:41 +0200] "GET
/src/compose.php?mail_sent=yes HTTP/1.1" 200 556825
"https://webmail.esempio.it/src/compose.php" "Opera/9.80 (Windows NT
6.1; U; en) Presto/2.10.229 Version/11.61"
176.61.140.133 - - [08/May/2012:08:18:43 +0200] "POST /src/compose.php
HTTP/1.1" 302 5 "https://webmail.esempio.it/src/compose.php"
"Opera/9.80 (Windows NT 6.1; U; en) Presto/2.10.229 Version/11.61"
176.61.140.133 - - [08/May/2012:08:18:45 +0200] "POST /src/compose.php
HTTP/1.1" 302 5 "https://webmail.esempio.it/src/compose.php"
"Opera/9.80 (Windows NT 6.1; U; en) Presto/2.10.229 Version/11.61"
176.61.140.133 - - [08/May/2012:08:18:47 +0200] "POST /src/compose.php
HTTP/1.1" 302 5 "https://webmail.esempio.it/src/compose.php"
"Opera/9.80 (Windows NT 6.1; U; en) Presto/2.10.229 Version/11.61"
176.61.140.133 - - [08/May/2012:08:18:50 +0200] "POST /src/compose.php
HTTP/1.1" 302 5 "https://webmail.esempio.it/src/compose.php"
"Opera/9.80 (Windows NT 6.1; U; en) Presto/2.10.229 Version/11.61"


how can I find the account used to send spam?

thanks



2012/5/10 Wietse Venema <[hidden email]>:

> Giuseppe Perna:
>> this is log for /var/log/mailllog:
>> May  8 08:18:41 neruda postfix/smtpd[3062]: BE80AB81E65:
>> client=localhost[127.0.0.1]
>> May  8 08:18:43 neruda postfix/cleanup[3208]: BE80AB81E65:
>> message-id=<62105.176.61.140.133.1336457923.squirrel@176.61.140.133>
> ...
>> perhaps using the webmail with this ip 176.61.140.133
>> BE80AB81E65: message-id=<62105.176.61.140.133.1336457923.squirrel@176.61.140.133>
>
> Look in your webmail logs for activity at that time.
>
>        Wietse



--
Reply | Threaded
Open this post in threaded view
|

Re: my server generates spam

Reindl Harald-2


Am 10.05.2012 14:10, schrieb Giuseppe Perna:

> thanks for repaly,
> this is log foe webmail:
>
> 176.61.140.133 - - [08/May/2012:08:18:41 +0200] "GET
> /src/compose.php?mail_sent=yes HTTP/1.1" 200 556825
> "https://webmail.esempio.it/src/compose.php" "Opera/9.80 (Windows NT
> 6.1; U; en) Presto/2.10.229 Version/11.61"
> 176.61.140.133 - - [08/May/2012:08:18:43 +0200] "POST /src/compose.php
> HTTP/1.1" 302 5 "https://webmail.esempio.it/src/compose.php"
> "Opera/9.80 (Windows NT 6.1; U; en) Presto/2.10.229 Version/11.61"
> 176.61.140.133 - - [08/May/2012:08:18:45 +0200] "POST /src/compose.php
> HTTP/1.1" 302 5 "https://webmail.esempio.it/src/compose.php"
> "Opera/9.80 (Windows NT 6.1; U; en) Presto/2.10.229 Version/11.61"
> 176.61.140.133 - - [08/May/2012:08:18:47 +0200] "POST /src/compose.php
> HTTP/1.1" 302 5 "https://webmail.esempio.it/src/compose.php"
> "Opera/9.80 (Windows NT 6.1; U; en) Presto/2.10.229 Version/11.61"
> 176.61.140.133 - - [08/May/2012:08:18:50 +0200] "POST /src/compose.php
> HTTP/1.1" 302 5 "https://webmail.esempio.it/src/compose.php"
> "Opera/9.80 (Windows NT 6.1; U; en) Presto/2.10.229 Version/11.61"
>
> how can I find the account used to send spam?
only by compare timestamp since your webmail has no useful log
roundcube logs as you can see below the postfix queue-id
_______________

[root@arrakis:~]$ cat /var/log/roundcubemail/sendmail  | grep reindl
[05-Mar-2012 12:53:24 +0100]: User [hidden email] [**.0.0.99]; Message for [hidden email]; 250:
2.0.0 Ok: queued as 3666DA3




signature.asc (270 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: my server generates spam

Wietse Venema
In reply to this post by Giuseppe Perna
Giuseppe Perna:
[ Charset ISO-8859-1 unsupported, converting... ]

> thanks for repaly,
> this is log foe webmail:
>
> 176.61.140.133 - - [08/May/2012:08:18:41 +0200] "GET
> /src/compose.php?mail_sent=yes HTTP/1.1" 200 556825
> "https://webmail.esempio.it/src/compose.php" "Opera/9.80 (Windows NT
> 6.1; U; en) Presto/2.10.229 Version/11.61"
> 176.61.140.133 - - [08/May/2012:08:18:43 +0200] "POST /src/compose.php
> HTTP/1.1" 302 5 "https://webmail.esempio.it/src/compose.php"
> "Opera/9.80 (Windows NT 6.1; U; en) Presto/2.10.229 Version/11.61"
> 176.61.140.133 - - [08/May/2012:08:18:45 +0200] "POST /src/compose.php
> HTTP/1.1" 302 5 "https://webmail.esempio.it/src/compose.php"
> "Opera/9.80 (Windows NT 6.1; U; en) Presto/2.10.229 Version/11.61"
> 176.61.140.133 - - [08/May/2012:08:18:47 +0200] "POST /src/compose.php
> HTTP/1.1" 302 5 "https://webmail.esempio.it/src/compose.php"
> "Opera/9.80 (Windows NT 6.1; U; en) Presto/2.10.229 Version/11.61"
> 176.61.140.133 - - [08/May/2012:08:18:50 +0200] "POST /src/compose.php
> HTTP/1.1" 302 5 "https://webmail.esempio.it/src/compose.php"
> "Opera/9.80 (Windows NT 6.1; U; en) Presto/2.10.229 Version/11.61"
>
>
> how can I find the account used to send spam?

This is the Postfix mailing list.

For questions about your webmail app, ask the appropriate list.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: my server generates spam

Robert Schetterer
In reply to this post by Giuseppe Perna
Am 10.05.2012 11:57, schrieb Giuseppe Perna:
> perhaps using the webmail with this ip 176.61.140.133
> BE80AB81E65: message-id=<62105.176.61.140.133.1336457923.squirrel@176.61.140.133>

your squirrelmail may get hacked by old version bugs and or php bugs
and using binary postfix sendmail for sending out
therefor it does not use some postfix smtp auth mech
for deliver out, you may never find some account in the webmail log
and if you might find , it will not be any help
also you stated before that you have no idea from smtp auth
stop the server, check your whole setup inkl webmail , update all
related software and linux distro,
read postfix docs, perhaps hire somebody near your for help
come back for questions then, after all done start the server again
thank you for using postfix

--
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria
Reply | Threaded
Open this post in threaded view
|

Re: my server generates spam

John Allen
Off topic, but related to this thread.

I/we use Squirrelmail and while we have not had any problems with it I
wonder (and as this is this list seems to be the home of email gurus) if
there are any recommendations as to a better solution, particularly one
that would work in a postfix/dovecote environment.

John A

On 10/05/2012 8:42 AM, Robert Schetterer wrote:

> Am 10.05.2012 11:57, schrieb Giuseppe Perna:
>> perhaps using the webmail with this ip 176.61.140.133
>> BE80AB81E65: message-id=<62105.176.61.140.133.1336457923.squirrel@176.61.140.133>
> your squirrelmail may get hacked by old version bugs and or php bugs
> and using binary postfix sendmail for sending out
> therefor it does not use some postfix smtp auth mech
> for deliver out, you may never find some account in the webmail log
> and if you might find , it will not be any help
> also you stated before that you have no idea from smtp auth
> stop the server, check your whole setup inkl webmail , update all
> related software and linux distro,
> read postfix docs, perhaps hire somebody near your for help
> come back for questions then, after all done start the server again
> thank you for using postfix
>
Reply | Threaded
Open this post in threaded view
|

Re: my server generates spam

Robert Schetterer
Am 10.05.2012 19:09, schrieb john:
> Off topic, but related to this thread.
>
> I/we use Squirrelmail and while we have not had any problems with it I
> wonder (and as this is this list seems to be the home of email gurus) if
> there are any recommendations as to a better solution, particularly one
> that would work in a postfix/dovecote environment.
>
> John A

everything is ok with squirrelmail, alternatives i.e are roundcube or
horde imp,
but you should configure squirrelmail with smtp auth, and have always
latest php,apache,squirrelmail version, using https only should be a
good choice too

to start apache and postfix on www means you are host/web/postmaster
so you have to care about your systems up2date and configured secure
read carefully docs about all software you use , dont trust defaults be
secure in any case
the internet is no peacefull area, bots are always searching for
vulnerables to i.e to send spam etc
so looking in logs etc is daily work, if you dont want this
you better use supported mail/web services by isps etc

there is alway the choice to learn more i.e on intranet servers
no problem these days with i.e free virtual machine services on your
localhost
there a books of postfix and apache , open source meetings etc
the most you have to invest is time, but its mostly fun
by learning more give back to others

>
> On 10/05/2012 8:42 AM, Robert Schetterer wrote:
>> Am 10.05.2012 11:57, schrieb Giuseppe Perna:
>>> perhaps using the webmail with this ip 176.61.140.133
>>> BE80AB81E65:
>>> message-id=<62105.176.61.140.133.1336457923.squirrel@176.61.140.133>
>> your squirrelmail may get hacked by old version bugs and or php bugs
>> and using binary postfix sendmail for sending out
>> therefor it does not use some postfix smtp auth mech
>> for deliver out, you may never find some account in the webmail log
>> and if you might find , it will not be any help
>> also you stated before that you have no idea from smtp auth
>> stop the server, check your whole setup inkl webmail , update all
>> related software and linux distro,
>> read postfix docs, perhaps hire somebody near your for help
>> come back for questions then, after all done start the server again
>> thank you for using postfix
>>


--
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria
Reply | Threaded
Open this post in threaded view
|

Re: my server generates spam

Kadlecsik József
On Thu, 10 May 2012, Robert Schetterer wrote:

> Am 10.05.2012 19:09, schrieb john:
> >
> > I/we use Squirrelmail and while we have not had any problems with it I
> > wonder (and as this is this list seems to be the home of email gurus) if
> > there are any recommendations as to a better solution, particularly one
> > that would work in a postfix/dovecote environment.
>
> everything is ok with squirrelmail

I dunno. We had the newest squirrelmail (1.4.22) and still two times user
sessions were hijacked and used for spamming. The users could not recall
what they exactly did, unfortunately.

Best regards,
Jozsef
-
E-mail  : [hidden email], [hidden email]
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
          H-1525 Budapest 114, POB. 49, Hungary
12