I come a few days being listed in the Spamhaus CBL. CBL list reports that I have a virus on the network and that is sending emails as "localhost.localdomain". I do not know where to be coming this "localhost.localdomain" because my relay is closed, and my HELO is mail.domainclient.com.br.. I found no viruses on workstations or any traffic destined for port 25 passing through the server.
We had a compromised account, but already changed her password. Still every day I am listed on http://www.abuseat.org/.
Below I detail my settings to an aid in finding the cause of the problem.
iptables:
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
7501 1076K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
17175 23M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
189 10216 ACCEPT tcp -- * * 0.0.0.0/0 IP_SERVER1 tcp spts:1024:65535 dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0 IP_SERVER1 tcp spt:25 dpts:1024:65535
0 0 ACCEPT udp -- * * IP_SERVER1 0.0.0.0/0 udp spt:53 dpt:53
0 0 ACCEPT udp -- * eth2 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `OUTPUT: '
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
7501 1076K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
176 15768 ACCEPT udp -- eth3 * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194
0 0 ACCEPT udp -- tun+ * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194
17117 1628K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
152 8052 ACCEPT tcp -- * * 0.0.0.0/0 IP_SERVER1 tcp spts:1024:65535 dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0 IP_SERVER1 tcp spt:25 dpts:1024:65535
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
11 703 ACCEPT udp -- * * 192.168.1.0/24 0.0.0.0/0 udp dpt:53
126 9546 ACCEPT udp -- * * 0.0.0.0/0 IP SERVER udp spts:1024:65535 dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0 IP SERVER udp spt:53 dpt:53
0 0 ACCEPT udp -- * * 192.168.1.0/24 0.0.0.0/0 udp spt:67 dpt:68
130 7520 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
3 120 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222
0 0 ACCEPT tcp -- * * 192.168.1.0/24 0.0.0.0/0 tcp dpt:3128
4 208 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
0 0 DROP all -- * * 210.51.184.41 0.0.0.0/0
300 17819 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `INPUT: '
Master.cf
smtp inet n - - - - smtpd
-o smtpd_tls_security_level=none
-o smtpd_sasl_auth_enable=no
# -o content_filter=filter:dummy
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
cleanup25 unix n - n - 0 cleanup
-o header_checks=pcre:/etc/postfix/header_checks_submission
main.cf
body_checks = regexp:/etc/postfix/body_checks
header_checks = regexp:/etc/postfix/header_checks
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
readme_directory = no
sender_bcc_maps = hash:/etc/postfix/sender_bcc
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
debug_peer_level = 2
debug_peer_list = domainclient.com.br
myhostname = mail.domainclient.com.br
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = mail.domainclient.com.br
mydestination = mail.domainclient.com.br, domainclient.com.br
relayhost =
##mynetworks = 127.0.0.0/8, 192.168.1.0/24, IP_SERVER1, IP_SERVER2, hash:/var/lib/pop-before-smtp/hosts
mynetworks = 127.0.0.0/8, 192.168.1.0/24, IPSERVER1, IPSERVER2, hash:/var/lib/pop-before-smtp/hosts
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
home_mailbox = Maildir/
alias_maps = mysql:/etc/postfix/mysql-aliases.cf
transport_maps = mysql:/etc/postfix/mysql-transport.cf
virtual_maps = mysql:/etc/postfix/mysql-aliases.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-aliases.cf
virtual_mailbox_base = /var/mail/virtual
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_mailbox_limit = 51200000
virtual_uid_maps = mysql:/etc/postfix/mysql-virtual-uid.cf
virtual_gid_maps = mysql:/etc/postfix/mysql-virtual-gid.cf
unknown_local_recipient_reject_code = 500
unknown_address_reject_code = 554
unknown_hostname_reject_code = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code = 554
strict_rfc821_envelopes = yes
smtpd_delay_reject = yes
smtp_destination_concurrency_limit = 7
smtp_destination_recipient_limit = 10
smtpd_hard_error_limit = 3
smtpd_soft_error_limit = 1
smtpd_client_connection_count_limit = 10
smtpd_client_message_rate_limit = 25
smtpd_error_sleep_time = 20
smtpd_junk_command_limit = 1
maps_rbl_domains =
xbl.spamhaus.org,
relays.ordb.org,
list.dsbl.org,
dun.dnsrbl.net,
spam.dnsrbl.net,
cbl.abuseat.org,
sbl-xbl.spamhaus.org,
bl.spamcop.net,
dns.rfc-ignorant.org
smtpd_helo_required = yes
smtp_helo_timeout = 60s
header_checks = regexp:/etc/postfix/header_checks
message_size_limit = 36214400
local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname
smtpd_sasl_auth_enable = yes
# SASL Authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_path = private/auth
smtpd_sasl_application_name = smtpd
smtpd_tls_auth_only = yes
bounce_queue_lifetime = 1d
maximal_queue_lifetime = 1d
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions =
smtpd_etrn_restrictions =
#check_sender_access mysql:/etc/postfix/mysql_virtual_mysenders_maps.cf
#check_sender_access cidr:/etc/postfix/cidr_koreia_china_nets
smtpd_helo_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
check_helo_access regexp:/etc/postfix/regras_ehlo,
reject_invalid_hostname,
reject_unauth_pipelining
reject_rhsbl_sender dsn.rfc-ignorant.org,
reject_rbl_client maps_rbl_domains,
#reject_non_fqdn_hostname
smtpd_client_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
# check_client_access hash:/etc/postfix/ip-access,
reject_unauth_pipelining,
reject_rbl_client maps_rbl_domains
smtpd_sender_restrictions =
permit_sasl_authenticated,
check_sender_access hash:/etc/postfix/sender_block,
reject_unknown_sender_domain,
reject_unauth_pipelining,
#reject_non_fqdn_sender,
reject_authenticated_sender_login_mismatch,
reject_unauthenticated_sender_login_mismatch,
#reject_sender_login_mismatch,
reject_non_fqdn_sender,
reject_unlisted_sender,
reject_unauth_pipelining
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_client_access hash:/etc/postfix/whitelist-ips,
#reject_non_fqdn_hostname,
reject_unauth_destination,
#reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
#reject_non_fqdn_sender,
reject_unknown_recipient_domain,
reject_unknown_sender_domain,
reject_invalid_hostname,
reject_unknown_hostname,
reject_rbl_client bl.spamcop.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client b.barracudacentral.org,
#check_sender_access hash:/etc/postfix/sender_access,
# check_policy_service unix:private/spfcheck,
check_policy_service unix:private/policy,
permit
# hostname servermail-gw01
# cat /etc/mailname mail.domainclient.com.br
# cat /etc/hosts
127.0.0.1 localhost 127.0.1.1 servermail-gw01.domainclient.intra servermail-gw01 IP_SERVER1 domainclient.com.br
Thanks
0 Answers