1 Topic by rderman

  • rderman
  • Member
  • Offline
  • Registered: 2019-04-23
  • Posts: 8

Topic: SPAM problem with my IREDMAIL SERVER

Hi I a having a problem with my IREDMAIL SERVER

Many email accounts are receiving Spam mail, the server is not filtering
I have checked online and active Postscreen but it's worst now ...

Is there a full procedure I can follow to reCheck the configuration of my server ?

Post's attachments

photo_2020-04-30_13-54-50.jpg
photo_2020-04-30_13-54-50.jpg 10.88 kb, file has never been downloaded. 

photo_2020-04-30_13-56-00.jpg
photo_2020-04-30_13-56-00.jpg 49.26 kb, file has never been downloaded. 

photo_2020-04-30_14-18-50.jpg
photo_2020-04-30_14-18-50.jpg 51.63 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: SPAM problem with my IREDMAIL SERVER

- Please show us output of command "postconf -n |grep restrictions"
- Show us some Postfix log related to the spams. Note: the log must contain all log lines related to one single message, starts from the initial smtp connection, ends with disconnection.

3 Reply by rderman

  • rderman
  • Member
  • Offline
  • Registered: 2019-04-23
  • Posts: 8

Re: SPAM problem with my IREDMAIL SERVER

ZhangHuangbin wrote:

postconf -n |grep restrictions

postconf -n |grep restrictions
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777
smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated check_helo_access pcre:/etc/postfix/helo_access.pcre reject_non_fqdn_helo_hostname reject_unknown_helo_hostname
smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_unlisted_recipient check_policy_service inet:127.0.0.1:7777 permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_rbl_client zen.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org
smtpd_sender_restrictions = reject_unknown_sender_domain reject_non_fqdn_sender reject_unlisted_sender permit_mynetworks permit_sasl_authenticated check_sender_access pcre:/etc/postfix/sender_access.pcre

Here is it for the first output

4 Reply by rderman

  • rderman
  • Member
  • Offline
  • Registered: 2019-04-23
  • Posts: 8

Re: SPAM problem with my IREDMAIL SERVER

ZhangHuangbin wrote:

- Show us some Postfix log related to the spams.

Apr 27 14:02:38 hostmail postfix/smtpd[16787]: connect from mail215.atl21.rsgsv.net[205.201.133.215]
Apr 27 14:02:38 hostmail postfix/smtpd[16787]: Anonymous TLS connection established from mail215.atl21.rsgsv.net[205.201.133.215]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Apr 27 14:02:39 hostmail postfix/smtpd[16787]: 499mgg0sNNz10MTN: client=mail215.atl21.rsgsv.net[205.201.133.215]
Apr 27 14:02:39 hostmail postfix/cleanup[16800]: 499mgg0sNNz10MTN: message-id=<2c363ddac25f61764c778228d.9e9e05613a.20200427140105.e77b1d91ad.57527b77@mail215.atl21.rsgsv.net>
Apr 27 14:02:39 hostmail postfix/qmgr[15081]: 499mgg0sNNz10MTN: from=<bounce-mc.us4_129059770.6802609-9e9e05613a@mail215.atl21.rsgsv.net>, size=95145, nrcpt=1 (queue active)
Apr 27 14:02:39 hostmail postfix/smtpd[16787]: disconnect from mail215.atl21.rsgsv.net[205.201.133.215] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Apr 27 14:02:41 hostmail postfix/postscreen[16779]: CONNECT from [18.205.72.90]:13432 to [178.33.20.244]:25
Apr 27 14:02:43 hostmail postfix/10025/smtpd[16811]: connect from #MY_SERVER_ADR[127.0.0.1]
Apr 27 14:02:43 hostmail postfix/10025/smtpd[16811]: 499mgl1ly2z10MV6: client=#MY_SERVER_ADR[127.0.0.1]
Apr 27 14:02:43 hostmail postfix/cleanup[16800]: 499mgl1ly2z10MV6: message-id=<2c363ddac25f61764c778228d.9e9e05613a.20200427140105.e77b1d91ad.57527b77@mail215.atl21.rsgsv.net>
Apr 27 14:02:43 hostmail postfix/10025/smtpd[16811]: disconnect from #MY_SERVER_ADR[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Apr 27 14:02:43 hostmail postfix/qmgr[15081]: 499mgl1ly2z10MV6: from=<bounce-mc.us4_129059770.6802609-9e9e05613a@mail215.atl21.rsgsv.net>, size=95750, nrcpt=1 (queue active)
Apr 27 14:02:43 hostmail amavis[15302]: (15302-01) Passed CLEAN {RelayedInbound}, [205.201.133.215]:3861 [205.201.133.215] <bounce-mc.us4_129059770.6802609-9e9e05613a@mail215.atl21.rsgsv.net> -> <$
Apr 27 14:02:43 hostmail postfix/amavis/smtp[16805]: 499mgg0sNNz10MTN: to=<#MY_CLT_EMAIL_ADR>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.5, delays=0.66/0.01/0.01/3.8, dsn=2.0.0, status=sent (2$
Apr 27 14:02:43 hostmail postfix/qmgr[15081]: 499mgg0sNNz10MTN: removed
Apr 27 14:02:43 hostmail postfix/pipe[16812]: 499mgl1ly2z10MV6: to=<#MY_CLT_EMAIL_ADR>, relay=dovecot, delay=0.11, delays=0.05/0.02/0/0.05, dsn=2.0.0, status=sent (delivered via dovecot servic$
Apr 27 14:02:43 hostmail postfix/qmgr[15081]: 499mgl1ly2z10MV6: removed

Here's some output for the logs

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: SPAM problem with my IREDMAIL SERVER

Please show us output of command:

ls -dl /opt/iredapd
grep '^plugins' /opt/iredapd/settings.py

6 Reply by rderman

  • rderman
  • Member
  • Offline
  • Registered: 2019-04-23
  • Posts: 8

Re: SPAM problem with my IREDMAIL SERVER

Hi Sorry for the late response.

Here is the output

plugins = ["reject_null_sender", "wblist_rdns", "reject_sender_login_mismatch", "greylisting", "throttle", "amavisd_wblist", "sql_alias_access_policy"]

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: SPAM problem with my IREDMAIL SERVER

iRedAPD plugins seems fine.
But which iRedAPD release are you running? Show us output of command "ls -dl /opt/iredapd" please.

rderman wrote:

Many email accounts are receiving Spam mail

Back to the original issue, how many spams does your server receive per day?
Any other related Amavisd log (in Postfix log file) for troubleshooting? We need to know the scores they got, also matched SpamAssassin rules.

8 Reply by rderman

  • rderman
  • Member
  • Offline
  • Registered: 2019-04-23
  • Posts: 8

Re: SPAM problem with my IREDMAIL SERVER

this one 

iRedAPD-2.4

9 Reply by rderman

  • rderman
  • Member
  • Offline
  • Registered: 2019-04-23
  • Posts: 8

Re: SPAM problem with my IREDMAIL SERVER

I don't know what I really did cause I came accros many tutorials (didn't apply all they said)
But I think these help me understand more what's going on.

- https://www.linuxbabe.com/mail-server/configure-postscreen-in-postfix-to-block-spambots
- https://www.linuxbabe.com/tag/dns-resolver

I'll be checking if the SPAM still arriving.But for now it's more quiet...


But if there is a way to check out if everything is okay. Please share with me.

10 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: SPAM problem with my IREDMAIL SERVER

The latest iRedAPD release is 3.6, your 2.4 is too old. Please consider upgrading.

11 Reply by rderman

  • rderman
  • Member
  • Offline
  • Registered: 2019-04-23
  • Posts: 8

Re: SPAM problem with my IREDMAIL SERVER

ZhangHuangbin wrote:

The latest iRedAPD release is 3.6, your 2.4 is too old. Please consider upgrading.

Thank you