Solved

Prevent Spammer From Creating New Directory Under /var/mail - Postfix

Posted on 2008-09-29
6
264 Views
Last Modified: 2012-05-05
A spammer can send spam emails to "mail@mydomain.com", and Postfix will created a new directory /var/mail/mail to hold the emails. This has happened a couple of times before with similar names. For example, a spammer sends an email to "test@mydomain.com", and when I look at Ubuntu, I see a new directory /var/mail/test has been created to hold the spam emails.

How can I prevent this? Di I have Ubuntu configured wrong or Postfix or both?
0
Comment
Question by:LarryZ
  • 3
  • 3
6 Comments
 
LVL 23

Expert Comment

by:Mysidia
ID: 22595748
It sounds as if your mail server has been reconfigured to allow _any_  mail without checking if the user exists or not

Type

# postconf local_recipient_maps

And see what the output looks like...
some fairly standard settings are

local_recipient_maps = proxy:unix:passwd.byname $alias_maps
alias_maps = hash:/etc/aliases
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
smtpd_reject_unlisted_recipient = yes
recipient_canonical_maps =
recipient_delimiter =
relay_recipient_maps =



0
 

Author Comment

by:LarryZ
ID: 22595996
I only have the first line above. I looked at main.cf and master.cf and didn't see any lines similar to the the others listed in Mysidia's comment. Should I add the line smtpd_reject_unlisted_recipient=yes?
0
 

Author Comment

by:LarryZ
ID: 22596018
I have these Postfix files in /etc/postfix
body_checks
client_access
header_checks
main.cf
master.cf
postfix-files
sender_access
virtual_mailbox_recipients
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 
LVL 23

Accepted Solution

by:
Mysidia earned 500 total points
ID: 22602643
smtpd_reject_unlisted_recipient = yes
Means reject mail for unknown recipient addresses.

Try
# postconf |grep virtual_mai

check for entries related to a virtual mailbox maps table...

_something_  is  mapping the messages to be delivered locally,
if they're being accepted.

If not by local user, and not by the mailbox name existing in /etc/aliases    as given in the local_recipient_maps  line, then most likely by a virtual mailbox recipient
mapping.

0
 

Author Closing Comment

by:LarryZ
ID: 31501148
Thanks Mysidia. Forgive me as I am an IT guy and vb.net programmer, but a Linux newbie. My initial post might not be accurate. Incoming emails to valid recipients go to thier mailbox. Incoming emails to aliases seem to work also. An email to anybody@mydomain.com gets rejected with 554 error (good). But an incoming email to mail@mydomain.com gets delivered to a new directory /var/mail/mail. I don't know how to prevent this special case. I bought "The Book of Postfix" by Ralf Hildebrandt to help me to learn Postfix.
0
 
LVL 23

Expert Comment

by:Mysidia
ID: 22621039
It may be that there actually is a default user on the system named "mail"
try  ls -ld /var/mail/mail

And see if the file isn't owned by a "mail"  user
I suppose what I would do is edit /etc/aliases

make sure there isn't already an alias for 'mail'

then try adding a

mail: bitbucket

finish editing the file
run the 'newaliases'    command to refresh the aliases database

Which goes along  with a line like

bitbucket:  /dev/null




0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
how to rebuild XFS volume from LV 19 90
Linux Desktop suggestion for Dell Inspiron 3043 13 54
CentOS 7 Linux for HP DL380 G4 32Bits 7 46
Samba 4, Users Permission, 5 46
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question