Solved

Prevent Spammer From Creating New Directory Under /var/mail - Postfix

Posted on 2008-09-29
6
262 Views
Last Modified: 2012-05-05
A spammer can send spam emails to "mail@mydomain.com", and Postfix will created a new directory /var/mail/mail to hold the emails. This has happened a couple of times before with similar names. For example, a spammer sends an email to "test@mydomain.com", and when I look at Ubuntu, I see a new directory /var/mail/test has been created to hold the spam emails.

How can I prevent this? Di I have Ubuntu configured wrong or Postfix or both?
0
Comment
Question by:LarryZ
  • 3
  • 3
6 Comments
 
LVL 23

Expert Comment

by:Mysidia
ID: 22595748
It sounds as if your mail server has been reconfigured to allow _any_  mail without checking if the user exists or not

Type

# postconf local_recipient_maps

And see what the output looks like...
some fairly standard settings are

local_recipient_maps = proxy:unix:passwd.byname $alias_maps
alias_maps = hash:/etc/aliases
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
smtpd_reject_unlisted_recipient = yes
recipient_canonical_maps =
recipient_delimiter =
relay_recipient_maps =



0
 

Author Comment

by:LarryZ
ID: 22595996
I only have the first line above. I looked at main.cf and master.cf and didn't see any lines similar to the the others listed in Mysidia's comment. Should I add the line smtpd_reject_unlisted_recipient=yes?
0
 

Author Comment

by:LarryZ
ID: 22596018
I have these Postfix files in /etc/postfix
body_checks
client_access
header_checks
main.cf
master.cf
postfix-files
sender_access
virtual_mailbox_recipients
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 23

Accepted Solution

by:
Mysidia earned 500 total points
ID: 22602643
smtpd_reject_unlisted_recipient = yes
Means reject mail for unknown recipient addresses.

Try
# postconf |grep virtual_mai

check for entries related to a virtual mailbox maps table...

_something_  is  mapping the messages to be delivered locally,
if they're being accepted.

If not by local user, and not by the mailbox name existing in /etc/aliases    as given in the local_recipient_maps  line, then most likely by a virtual mailbox recipient
mapping.

0
 

Author Closing Comment

by:LarryZ
ID: 31501148
Thanks Mysidia. Forgive me as I am an IT guy and vb.net programmer, but a Linux newbie. My initial post might not be accurate. Incoming emails to valid recipients go to thier mailbox. Incoming emails to aliases seem to work also. An email to anybody@mydomain.com gets rejected with 554 error (good). But an incoming email to mail@mydomain.com gets delivered to a new directory /var/mail/mail. I don't know how to prevent this special case. I bought "The Book of Postfix" by Ralf Hildebrandt to help me to learn Postfix.
0
 
LVL 23

Expert Comment

by:Mysidia
ID: 22621039
It may be that there actually is a default user on the system named "mail"
try  ls -ld /var/mail/mail

And see if the file isn't owned by a "mail"  user
I suppose what I would do is edit /etc/aliases

make sure there isn't already an alias for 'mail'

then try adding a

mail: bitbucket

finish editing the file
run the 'newaliases'    command to refresh the aliases database

Which goes along  with a line like

bitbucket:  /dev/null




0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
liboauth-php x oauth-1.2.3 3 44
nagios 1 21
Centos 7 User to Start Apache, MariaDB, LDAP 5 22
Video Streaming 6 52
Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now