?
Solved

Prevent Spammer From Creating New Directory Under /var/mail - Postfix

Posted on 2008-09-29
6
Medium Priority
?
268 Views
Last Modified: 2012-05-05
A spammer can send spam emails to "mail@mydomain.com", and Postfix will created a new directory /var/mail/mail to hold the emails. This has happened a couple of times before with similar names. For example, a spammer sends an email to "test@mydomain.com", and when I look at Ubuntu, I see a new directory /var/mail/test has been created to hold the spam emails.

How can I prevent this? Di I have Ubuntu configured wrong or Postfix or both?
0
Comment
Question by:LarryZ
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 23

Expert Comment

by:Mysidia
ID: 22595748
It sounds as if your mail server has been reconfigured to allow _any_  mail without checking if the user exists or not

Type

# postconf local_recipient_maps

And see what the output looks like...
some fairly standard settings are

local_recipient_maps = proxy:unix:passwd.byname $alias_maps
alias_maps = hash:/etc/aliases
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
smtpd_reject_unlisted_recipient = yes
recipient_canonical_maps =
recipient_delimiter =
relay_recipient_maps =



0
 

Author Comment

by:LarryZ
ID: 22595996
I only have the first line above. I looked at main.cf and master.cf and didn't see any lines similar to the the others listed in Mysidia's comment. Should I add the line smtpd_reject_unlisted_recipient=yes?
0
 

Author Comment

by:LarryZ
ID: 22596018
I have these Postfix files in /etc/postfix
body_checks
client_access
header_checks
main.cf
master.cf
postfix-files
sender_access
virtual_mailbox_recipients
0
WordPress Tutorial 1: Installation & Setup

WordPress is a very popular option for running your web site and can be used to get your content online quickly for the world to see. This guide will walk you through installing the WordPress server software and the initial setup process.

 
LVL 23

Accepted Solution

by:
Mysidia earned 1500 total points
ID: 22602643
smtpd_reject_unlisted_recipient = yes
Means reject mail for unknown recipient addresses.

Try
# postconf |grep virtual_mai

check for entries related to a virtual mailbox maps table...

_something_  is  mapping the messages to be delivered locally,
if they're being accepted.

If not by local user, and not by the mailbox name existing in /etc/aliases    as given in the local_recipient_maps  line, then most likely by a virtual mailbox recipient
mapping.

0
 

Author Closing Comment

by:LarryZ
ID: 31501148
Thanks Mysidia. Forgive me as I am an IT guy and vb.net programmer, but a Linux newbie. My initial post might not be accurate. Incoming emails to valid recipients go to thier mailbox. Incoming emails to aliases seem to work also. An email to anybody@mydomain.com gets rejected with 554 error (good). But an incoming email to mail@mydomain.com gets delivered to a new directory /var/mail/mail. I don't know how to prevent this special case. I bought "The Book of Postfix" by Ralf Hildebrandt to help me to learn Postfix.
0
 
LVL 23

Expert Comment

by:Mysidia
ID: 22621039
It may be that there actually is a default user on the system named "mail"
try  ls -ld /var/mail/mail

And see if the file isn't owned by a "mail"  user
I suppose what I would do is edit /etc/aliases

make sure there isn't already an alias for 'mail'

then try adding a

mail: bitbucket

finish editing the file
run the 'newaliases'    command to refresh the aliases database

Which goes along  with a line like

bitbucket:  /dev/null




0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses
Course of the Month13 days, 22 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question