Good evening, I've been running virtualmin for years without issues or much tweeking to postfix, and everything was fine. I recently renewed my Pro subscription, and my server started sending and relaying spam. What is the best setup to avoid mail forwardin and relaying? Not that familiar with linux, so I've been mostly using webmin settings.

Is there a best practice setup for Postfix? I only want to received and send mail for the few domains on the server.

Status: 
Closed (fixed)

Comments

Howdy -- thanks for contacting us!

By default, Postfix should be secure. It should only be able to send email on behalf of authenticated users.

We do frequently see issues though where if a web app is compromised, it can then be used to send out mass amounts of spam.

However, just to review some settings -- what is the output of these commands:

postconf -n
mailq | tail -10
root@vminsrv:~# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_percent_hack = no
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
compatibility_level = 2
deliver_lock_delay = 5s
fork_delay = 5s
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
mydestination = $myhostname, vminsrv.osidagroup.net, localhost.osidagroup.net, , localhost
myhostname = vminsrv.osidagroup.net
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
sender_bcc_maps = hash:/etc/postfix/bcc
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_helo_required = yes
smtpd_recipient_limit = 200
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtual
root@vminsrv:~#

root@vminsrv:~# mailq | tail -10

1A30EBEEE0 4486 Tue Apr 9 18:32:41 MAILER-DAEMON (host mail2.sperry-marine.com[81.145.35.105] refused to talk to me: 554 Blocked - see https://ipcheck.proofpoint.com/?ip=45.55.167.159) jeff_joseph1@sperry-marine.com

A8435BEF40 6133 Tue Apr 9 19:11:47 MAILER-DAEMON (connect to coolwallpaper.com[198.46.84.70]:25: Connection refused) mmt@coolwallpaper.com

-- 47 Kbytes in 10 Requests.

Thanks for the quick response, I currently have postfx and dovecut shutdown till resolved.

Hmm, I'm not immediately seeing anything unusual there. At first look your config appears normal, and we also aren't seeing a large amount of messages in the email queue, which is common in cases where a server is being taken advantage of.

Do you have an example of one of the problem emails that you felt indicated there was an issue with your Postfix setup?

I'd be interested in seeing the headers from the email, and if possible the related email log messages.

I flushed the mail queue and turned postfix off. I will turn it back on, and wail for fill up.

If you find that enabling Postfix causes the mail queue to fill up -- you don't have to wait long, try running "mailq | tail -50" after there's 50ish messages and we can review what's in there.

Thank you so much for the quick response. Upon further investigation, I have determined the sources for the mail issues. Two sites that uses WordPress were compromised by the response and email option, I shut the sites down till they can be fixed. Thanks again.