Spam on postfix - Centos

April 18, 2013 7.4k views
poudenes
By:
poudenes
Hi All, Did try everything by fine-tine the main.cf file of postfix. Also CSF has been configured correct. But my maillog is growing fast... LOT of connections to send emails to @160bpm.com. What can i do to block those connections? Manual blocking the IP number in CSF.deny is a not done action i think? Here part of the maillog: Apr 18 15:15:50 vps postfix/smtpd[7169]: Anonymous TLS connection established from mail.herontower.com[217.150.111.82]: TLSv1 with cipher AES128-SHA (128/128 bits) Apr 18 15:15:50 vps postfix/smtpd[7197]: setting up TLS connection from ao.openspace.org[69.12.175.114] Apr 18 15:15:50 vps postfix/smtpd[7169]: NOQUEUE: reject: RCPT from mail.herontower.com[217.150.111.82]: 454 4.1.1 : Recipient address rejected: User unknown in virtual mailbox table; from=<> to= proto=ESMTP helo= Apr 18 15:15:50 vps postfix/smtpd[7169]: disconnect from mail.herontower.com[217.150.111.82] Apr 18 15:15:50 vps postfix/smtpd[7197]: Anonymous TLS connection established from ao.openspace.org[69.12.175.114]: TLSv1 with cipher AES128-SHA (128/128 bits) Apr 18 15:15:51 vps postfix/smtpd[7197]: NOQUEUE: reject: RCPT from ao.openspace.org[69.12.175.114]: 454 4.1.1 <819191B48@160bpm.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<819191B48@160bpm.com> proto=ESMTP helo= Apr 18 15:15:51 vps postfix/smtpd[7197]: disconnect from ao.openspace.org[69.12.175.114] Apr 18 15:15:53 vps postfix/smtpd[7178]: connect from static-82-85-239-64.clienti.tiscali.it[82.85.239.64] Apr 18 15:15:53 vps postfix/smtpd[7178]: setting up TLS connection from static-82-85-239-64.clienti.tiscali.it[82.85.239.64] Apr 18 15:15:53 vps postfix/smtpd[7178]: Anonymous TLS connection established from static-82-85-239-64.clienti.tiscali.it[82.85.239.64]: TLSv1 with cipher AES128-SHA (128/128 bits) Apr 18 15:15:53 vps postfix/smtpd[7140]: connect from Exch1.3nerds.net[69.65.19.12] Apr 18 15:15:54 vps postfix/smtpd[7140]: setting up TLS connection from Exch1.3nerds.net[69.65.19.12] Apr 18 15:15:54 vps postfix/smtpd[7178]: NOQUEUE: reject: RCPT from static-82-85-239-64.clienti.tiscali.it[82.85.239.64]: 454 4.1.1 : Recipient address rejected: User unknown in virtual mailbox table; from=<> to= proto=ESMTP helo= Apr 18 15:15:54 vps postfix/smtpd[7140]: Anonymous TLS connection established from Exch1.3nerds.net[69.65.19.12]: TLSv1 with cipher RC4-SHA (128/128 bits) Apr 18 15:15:54 vps postfix/smtpd[7178]: disconnect from static-82-85-239-64.clienti.tiscali.it[82.85.239.64] Apr 18 15:15:54 vps postfix/smtpd[7140]: NOQUEUE: reject: RCPT from Exch1.3nerds.net[69.65.19.12]: 454 4.1.1 <4701728@160bpm.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<4701728@160bpm.com> proto=ESMTP helo= Apr 18 15:15:55 vps postfix/smtpd[7140]: disconnect from Exch1.3nerds.net[69.65.19.12] Apr 18 15:15:55 vps postfix/smtpd[7197]: connect from mail.helvetasnepal.org.np[202.79.37.43] Apr 18 15:15:55 vps postfix/smtpd[7197]: NOQUEUE: reject: RCPT from mail.helvetasnepal.org.np[202.79.37.43]: 454 4.7.1 Service unavailable; Client host [202.79.37.43] blocked using dnsbl.sorbs.net; Currently Sending Spam See: http://www.sorbs.net/lookup.shtml?202.79.37.43; from=<> to=<4A2DF69565@160bpm.com> proto=ESMTP helo= Apr 18 15:15:56 vps postfix/smtpd[7197]: disconnect from mail.helvetasnepal.org.np[202.79.37.43] Apr 18 15:15:56 vps postfix/smtpd[7178]: connect from mail.vapco.net[80.90.161.212] Apr 18 15:15:56 vps postfix/smtpd[7178]: setting up TLS connection from mail.vapco.net[80.90.161.212] Apr 18 15:15:57 vps postfix/smtpd[7197]: connect from mail.belgoflor.be[91.183.44.224] Apr 18 15:15:57 vps postfix/smtpd[7197]: setting up TLS connection from mail.belgoflor.be[91.183.44.224] Apr 18 15:15:57 vps postfix/smtpd[7197]: Anonymous TLS connection established from mail.belgoflor.be[91.183.44.224]: TLSv1 with cipher AES128-SHA (128/128 bits) Apr 18 15:15:57 vps postfix/smtpd[7197]: NOQUEUE: reject: RCPT from mail.belgoflor.be[91.183.44.224]: 454 4.1.1 : Recipient address rejected: User unknown in virtual mailbox table; from=<> to= proto=ESMTP helo= Apr 18 15:15:57 vps postfix/smtpd[7197]: disconnect from mail.belgoflor.be[91.183.44.224]
Log In to Comment
4 Answers
c273e0a17b4d1dd1b0fcfa10c88bad76 April 19, 2013
Here is a good start when it comes to postfix security: http://www.postfix.org/SMTPD_ACCESS_README.html
Reply
poudenes April 19, 2013
Alex: Thank you... I will read this site. Then i will solve my problem i guess... otherwise i'm back here.. If solved i will commend a new post: *SOLVED*
Reply
poudenes April 20, 2013
had add some new restrictions, but didn't work well.. have filter a log where multple time 1 ip came back. This IP have manual blocked in csf.deny with comment # do not delete
Now there is less traffic, csf block the ip before it comes to Postfix.

I'm working to let work the 2 restrictions
# reject_unknown_helo_hostname,
# reject_invalid_helo_hostname,
But when i enable this i can't send emails out as well.
Reply
moisey MOD May 12, 2013
Whats your main.cf look like in terms of mynetworks and mydestinations?

http://www.postfix.org/postconf.5.html#mynetworks

http://www.postfix.org/postconf.5.html#mydestination
Reply
Have another answer? Share your knowledge.