Mein Mailserver verschickt nur Spam Mails

[biffi]

Mein Mailserver verschickt nur Spam Mails

Woran kann das liegen ?????

 

[BeNe]

Das er vielleicht nicht richtig gesichert ist...
Schon ein OpenRelay test laufen lassen ?

Aber mehr Infos wäre nicht schlecht.
OS ? MTA ? Logs ? usw...


Greez BeNe

 

[blupp1]

Bei dem Post vom Biffi musste ich regelrecht grinsen.

Welcher Mailserver?
Welches OS... usw.

 

[biffi]

Was meinst du mit OpenRelay Test

MTA sagt mir jetz auch nicht direkt was
ich habe Debian Etch

ich poste mal die config von Postfix

die main.cf

#
# Postfix MTA Manager Main Configuration File;
#
# Please do NOT edit this file manually;
#

#
# Postfix directory settings; These are critical for normal Postfix MTA functionallity;
#

command_directory = /usr/sbin
daemon_directory  = /usr/lib/postfix
program_directory = /usr/lib/postfix

#
# Some common configuration parameters;
#

inet_interfaces  = all
mynetworks_style = host

myhostname = 84-16-224-176.internetserviceteam.com
mydomain   = 84-16-224-176.internetserviceteam.com.local
myorigin   = $mydomain

smtpd_banner = $myhostname ISPCP 1.0 Priamos Managed ESMTP 1.0.0 RC2 OMEGA
setgid_group = postdrop

#
# Receiving messages parameters;
#

mydestination       = $myhostname, $mydomain
append_dot_mydomain = no
append_at_myorigin  = yes
local_transport     = local
virtual_transport   = virtual
transport_maps      = hash:/etc/postfix/ispcp/transport

#
# Delivering local messages parameters;
#

mail_spool_directory = /var/mail

# Mailboxquota
# => 0 for unlimited
# => 104857600 for 100 MB
mailbox_size_limit = 0
mailbox_command    = procmail -a "$EXTENSION"

biff = no

alias_database                    = hash:/etc/aliases

local_destination_recipient_limit = 1
local_recipient_maps              = unix:passwd.byname $alias_database

#
# ISPCP Autoresponder parameters;
#

ispcp-arpl_destination_recipient_limit = 1

#
# Delivering virtual messages parameters;
#

virtual_mailbox_base    = /var/mail/virtual
virtual_mailbox_limit   = 0

virtual_mailbox_domains = hash:/etc/postfix/ispcp/domains
virtual_mailbox_maps    = hash:/etc/postfix/ispcp/mailboxes

virtual_alias_maps      = hash:/etc/postfix/ispcp/aliases

virtual_minimum_uid     = 1000
virtual_uid_maps        = static:1000
virtual_gid_maps        = static:8

#
# SASL paramters;
#

smtpd_sasl_auth_enable       = yes
smtpd_sasl2_auth_enable      = yes
smtpd_sasl_security_options  = noanonymous
smtpd_sasl_local_domain      =
broken_sasl_auth_clients     = yes
smtpd_sender_restrictions    = permit_mynetworks,
                               permit_sasl_authenticated,
                               reject_unauth_destination
smtpd_recipient_restrictions = permit_mynetworks,
                               permit_sasl_authenticated,
                               reject_unauth_destination
                               check_policy_service inet:127.0.0.1:60000


#
# TLS parameters; activate, if avaible/used
#

#smtpd_tld_loglevel        = 2
#smtpd_tls_cert_file       = /etc/postfix/cert.pem
#smtpd_tls_key_file        = /etc/postfix/privkey.pem
#smtpd_use_tls             = yes
#smtpd_tls_auth_only       = no
#smtpd_tls_received_header = yes


#
# AMaViS parameters; activate, if avaible/used
#

#content_filter = amavis:[127.0.0.1]:10024

#
# Quota support; activate, if avaible/used
#

#virtual_create_maildirsize     = yes
#virtual_mailbox_extended       = yes
#virtual_mailbox_limit_maps     = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
#virtual_mailbox_limit_override = yes
#virtual_maildir_limit_message  = "The user you're trying to reach is over mailbox quota."
#virtual_overquota_bounce       = yes

die master.cf

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
#submission inet n       -       -       -       -       smtpd
#  -o smtpd_enforce_tls=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps     inet  n       -       -       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# For AOL-Accounts
587       inet  n       -       -       -       -       smtpd
   -o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination
#628      inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       -       300     1       qmgr
#qmgr     fifo  n       -       -       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       -       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       -       -       -       smtp
	-o fallback_relay=
#   -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
# ====================================================================
# ISPCP ω OMEGA configuration
# ====================================================================
# AMaViS => Antivir / Antispam
amavis    unix  -       -       n       -       2       smtp
   -o smtp_data_done_timeout=1200
   -o smtp_send_xforward_command=yes
   -o disable_dns_lookups=yes

localhost:10025 inet  n -       n       -      -        smtpd
   -o content_filter=
   -o local_recipient_maps=
   -o relay_recipient_maps=
   -o smtpd_restriction_classes=
   -o smtpd_client_restrictions=
   -o smtpd_helo_restrictions=
   -o smtpd_sender_restrictions=
   -o smtpd_recipient_restrictions=permit_mynetworks,reject
   -o smtpd_override_options=no_address_mappings
   -o mynetworks=127.0.0.0/8
   -o strict_rfc821_envelopes=yes

# ISPCP autoresponder
ispcp-arpl unix  -      n       n       -       -       pipe
  flags=O user=vmail argv=/var/www/ispcp/engine/messager/ispcp-arpl-msgr

# TSL - Activate, if TSL is avaiable/used
smtps     inet  n       -       -       -       -       smtpd
   -o smtpd_tls_wrappermode=yes
   -o smtpd_sasl_auth_enable=yes
#   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
cyrus     unix  -       n       n       -       -       pipe
  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

aus der mail.log konnte ich folgendes entnehmen

Aug  9 15:13:06 84-xx-224-xxx courierpop3login: Connection, ip=[::ffff:83.171.178.76]
Aug  9 15:13:06 84-xx-224-xxx courierpop3login: LOGIN: ip=[::ffff:83.171.178.76], command=AUTH
Aug  9 15:13:06 84-xx-224-xxx courierpop3login: LOGIN: ip=[::ffff:83.171.178.76], command=USER
Aug  9 15:13:06 84-xx-224-xxx courierpop3login: LOGIN: ip=[::ffff:83.171.178.76], command=PASS
Aug  9 15:13:06 84-xx-224-xxx courierpop3login: LOGIN: ip=[::ffff:83.171.178.76], username=info@adresse.de
Aug  9 15:13:06 84-xx-224-xxx courierpop3login: LOGIN, user=info@adresse.de, ip=[::ffff:83.171.178.76]
Aug  9 15:13:06 84-xx-224-xxx courierpop3login: LOGOUT, user=info@adresse.de, ip=[::ffff:83.171.178.76], top=0, retr=0, rcvd=12, sent=39, time=0

 

[Thorsten]

Hallo!

Was meinst du mit OpenRelay Test
MTA sagt mir jetz auch nicht direkt was

Dann bitte dringend nachlesen: Offenes Mail-Relay - Wikipedia, Mail Transfer Agent - Wikipedia

mfG
Thorsten

 

[BeNe]

Du hast also ispCP Omega mit Maia am laufen ?
Sehe ich das richtig ? Die Config ist soweit Ok bis auf den komischen hostname..

Gibt es den Einträge in der mail.err ?
Steht doch sicher noch mehr in der mail.log oder ?

Greez BeNe

 

[NeoXx]

Was läuft auf dem Server?
Apache mit PHP? Hasste da villeicht ne Lücke? -> huschi.net - Über meinen Server werden Spam's verschickt!

Gruß
Daniel

 

[BeNe]

Also ein OpenRelay kann ich mir nicht vorstellen,
da auch die Config passt. ispCP hat zwar PHP aber als FastCGI Mod laufen.
Geht also maximal ein Scripts im jeweiligem Homeverzeichniss - mehr is nicht.

Aber jetzt brauchen wir mal mehr Infos aus den Logs!

Greez BeNe

 

[wstuermer]

Hi,

Ich hoffe vor allem mal, dass du deinen Mailserver erstmal gestoppt hast oder besser noch das gesamte System ins Rescue (sofern vorhanden) gefahren hast.

Oder spammt der immer noch fleissig weiter?


-W