Postfix trouble - Debian

This is a discussion on Postfix trouble - Debian ; I need an advice on the following problem: I setup an email server for a small ISP. The server is sarge with postfix as MTA. Unfortunately some of the clients contacted a virus/spambot that is sending spam via my mail ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: Postfix trouble

  1. Postfix trouble

    I need an advice on the following problem:
    I setup an email server for a small ISP. The server is sarge with
    postfix as MTA. Unfortunately some of the clients contacted a
    virus/spambot that is sending spam via my mail server. I want to bloc
    spam that came from $mynetworks but the sender in not in $relay_domains.
    Is such thing possible ?

    Thank you in advance !

    --
    Best regards,
    Adrian Minta


    --
    To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  2. Re: Postfix trouble

    Others will have better insights, but you might consider configuring
    postfix to require authentification before sending mail:

    http://www.postfix.org/SASL_README.html

    You might trim $my_networks to NULL

    You might configure something like amavis/clamav to virus check your
    mail. (though this will do nothing for your SPAM)

    You might get agressive about checking your logs and assist your users
    in virus removal, or use something like iptables to deny access to all
    infected IP#


    ##########
    Adrian Minta wrote:
    > I need an advice on the following problem:
    > I setup an email server for a small ISP. The server is sarge with
    > postfix as MTA. Unfortunately some of the clients contacted a
    > virus/spambot that is sending spam via my mail server. I want to bloc
    > spam that came from $mynetworks but the sender in not in $relay_domains.
    > Is such thing possible ?
    >
    > Thank you in advance !
    >



    --
    To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  3. Re: Postfix trouble

    You might want to ask the postfix mailing list. Your
    configuration can be modified to block certain clients but it is a lot
    of work seeing they will always be changing.

    Here are some of the smtpd_restrictions I use on this box.

    smtpd_recipient_restrictions =

    ####################################
    #used to stop virus infected machines on our net
    ####################################
    reject_invalid_hostname,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unknown_sender_domain,
    reject_unauth_pipelining,
    check_client_access hash:/etc/postfix/badclients,
    check_sender_access hash:/etc/postfix/broken_sender_exception,
    permit_mynetworks,
    reject_unknown_recipient_domain,
    check_client_access hash:/etc/postfix/broken_sender_exception,
    reject_unauth_destination,
    #postgrey
    check_policy_service inet:127.0.0.1:60000,
    reject_non_fqdn_hostname,
    reject_non_fqdn_sender,
    #reject_unknown_client,
    #eject unknown dns --> mailfrom:
    reject_unknown_sender_domain,
    #reject unknown --> rcpt to:
    #bad helo
    #reverse lookup of ip sending
    #version 2 postfix only
    reject_unverified_sender,
    reject_multi_recipient_bounce,
    reject_rbl_client sbl.spamhaus.org,
    reject_rbl_client relays.ordb.org,
    reject_rbl_client opm.blitzed.org,
    reject_rbl_client blackholes.wirehub.net,
    reject_rbl_client dynablock.wirehub.net,
    reject_rbl_client proxies.relays.monkeys.org,
    reject_rbl_client dnsbl.njabl.org,
    #reject_rbl_client list.dsbl.org,
    #reject_rbl_client cbl.abuseat.org,

    #if they get here they are allowd
    permit
    :


    It is easier just to use global spam reduction techniques.

    Here are some simple ways to reduce spam postfix:
    Use RBHL with Postfix.
    Use Postgrey

    Clamd with Amavis will help reduce viruses but it might take a little
    time to figure out how to get Amavis working.

    Amavis is setup in my master.cf not the main.cf.

    Spam-assassin is good but it takes more time than the above
    to setup.

    On 16/09/05 19:22 +0300, Adrian Minta wrote:
    > I need an advice on the following problem:
    > I setup an email server for a small ISP. The server is sarge with
    > postfix as MTA. Unfortunately some of the clients contacted a
    > virus/spambot that is sending spam via my mail server. I want to bloc
    > spam that came from $mynetworks but the sender in not in $relay_domains.
    > Is such thing possible ?
    >
    > Thank you in advance !
    >
    > --
    > Best regards,
    > Adrian Minta
    >
    >
    > --
    > To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
    > with a subject of "unsubscribe". Trouble? Contact
    > listmaster@lists.debian.org
    >


    --
    ------------------------------------------
    Ted Knab
    Stevensville, Maryland 21666 USA
    ------------------------------------------
    Error: Not enough pixels to render your signature.


    --
    To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  4. Re: Postfix trouble

    Thank you all for suggestions !
    I use antivirus and antispam but in case of spam bots on my clients
    machines all those are ineffective
    The simples solution I could find is to use SMTP auth, unfortunately
    will not be so easy to inform all clients about the change and to
    instruct them to change settings.


    Theodore Knab wrote:

    >You might want to ask the postfix mailing list. Your
    >configuration can be modified to block certain clients but it is a lot
    >of work seeing they will always be changing.
    >
    >Here are some of the smtpd_restrictions I use on this box.
    >
    >smtpd_recipient_restrictions =
    >
    >####################################
    >#used to stop virus infected machines on our net
    >####################################
    > reject_invalid_hostname,
    > reject_non_fqdn_sender,
    > reject_non_fqdn_recipient,
    > reject_unknown_sender_domain,
    > reject_unauth_pipelining,
    > check_client_access hash:/etc/postfix/badclients,
    > check_sender_access hash:/etc/postfix/broken_sender_exception,
    > permit_mynetworks,
    > reject_unknown_recipient_domain,
    > check_client_access hash:/etc/postfix/broken_sender_exception,
    > reject_unauth_destination,
    > #postgrey
    > check_policy_service inet:127.0.0.1:60000,
    > reject_non_fqdn_hostname,
    > reject_non_fqdn_sender,
    > #reject_unknown_client,
    > #eject unknown dns --> mailfrom:
    > reject_unknown_sender_domain,
    > #reject unknown --> rcpt to:
    > #bad helo
    > #reverse lookup of ip sending
    > #version 2 postfix only
    > reject_unverified_sender,
    > reject_multi_recipient_bounce,
    > reject_rbl_client sbl.spamhaus.org,
    > reject_rbl_client relays.ordb.org,
    > reject_rbl_client opm.blitzed.org,
    > reject_rbl_client blackholes.wirehub.net,
    > reject_rbl_client dynablock.wirehub.net,
    > reject_rbl_client proxies.relays.monkeys.org,
    > reject_rbl_client dnsbl.njabl.org,
    > #reject_rbl_client list.dsbl.org,
    > #reject_rbl_client cbl.abuseat.org,
    >
    > #if they get here they are allowd
    > permit
    >:
    >
    >
    >It is easier just to use global spam reduction techniques.
    >
    >Here are some simple ways to reduce spam postfix:
    >Use RBHL with Postfix.
    >Use Postgrey
    >
    >Clamd with Amavis will help reduce viruses but it might take a little
    >time to figure out how to get Amavis working.
    >
    >Amavis is setup in my master.cf not the main.cf.
    >
    >Spam-assassin is good but it takes more time than the above
    >to setup.
    >
    >On 16/09/05 19:22 +0300, Adrian Minta wrote:
    >
    >
    >>I need an advice on the following problem:
    >>I setup an email server for a small ISP. The server is sarge with
    >>postfix as MTA. Unfortunately some of the clients contacted a
    >>virus/spambot that is sending spam via my mail server. I want to bloc
    >>spam that came from $mynetworks but the sender in not in $relay_domains.
    >>Is such thing possible ?
    >>
    >>Thank you in advance !
    >>
    >>--
    >>Best regards,
    >>Adrian Minta
    >>
    >>
    >>--
    >>To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
    >>with a subject of "unsubscribe". Trouble? Contact
    >>listmaster@lists.debian.org
    >>
    >>
    >>

    >
    >
    >



    --
    Best regards,
    Adrian Minta


    --
    To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  5. Re: Postfix trouble

    Adrian Minta wrote:
    > Thank you all for suggestions !
    > I use antivirus and antispam but in case of spam bots on my clients
    > machines all those are ineffective
    > The simples solution I could find is to use SMTP auth, unfortunately
    > will not be so easy to inform all clients about the change and to
    > instruct them to change settings.


    you can run in parallel smptp auth relaying and $mynetworks based
    relaying and just tell them that in ~ 1-2 weeks period only smtp auth
    will work. this should give them enough time to make the switch.


    --
    To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  6. Re: Postfix trouble

    On Fri, Sep 16, 2005 at 07:22:09PM +0300, Adrian Minta wrote:
    > I need an advice on the following problem:
    > I setup an email server for a small ISP. The server is sarge with
    > postfix as MTA. Unfortunately some of the clients contacted a
    > virus/spambot that is sending spam via my mail server. I want to bloc
    > spam that came from $mynetworks but the sender in not in $relay_domains.
    > Is such thing possible ?


    it's probably possible, but not a good idea. since any mail client
    can claim to be sending from any sender address, any kind of relay
    control based on sender address is an open relay or other mess waiting
    to happen.

    spam-filtering on outbound messages is a good thing to do - as others
    have already suggested.

    also, you might want to look at using a policy daemon to rate-limit
    outbound messages.

    debian has one that can do rate-limiting/throttling as well as
    grey-listing. dunno if it's in sarge, but it's definitely in sid. it
    should be easy enough to recompile for sarge if it's not there already
    (or look on backports.org).

    it looks pretty good, but it has the disadvantage of using mysql (i dont
    think that tying any MTA directly to a database server is a good idea)

    Package: postfix-policyd
    Version: 1.55-1
    Depends: libc6 (>= 2.3.2.ds1-21), libmysqlclient12, zlib1g (>= 1:1.2.1)
    Description: anti-spam plugin for Postfix
    Policyd is an anti-spam plugin for Postfix (MySQL based) that
    does Greylisting, Sender-(envelope or SASL)-based throttling
    (on messages and / or volume per defined time unit), Spamtrap
    monitoring / blacklisting and HELO auto blacklisting.


    one big plus for the program is that the author of postfix-policyd is
    a regular on the postfix-users mailing list and has proven to be very
    knowledgeable and helpful.


    craig

    --
    craig sanders (part time cyborg)


    --
    To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

+ Reply to Thread