Solved

Prevent Spammer From Creating New Directory Under /var/mail - Postfix

Posted on 2008-09-29
6
266 Views
Last Modified: 2012-05-05
A spammer can send spam emails to "mail@mydomain.com", and Postfix will created a new directory /var/mail/mail to hold the emails. This has happened a couple of times before with similar names. For example, a spammer sends an email to "test@mydomain.com", and when I look at Ubuntu, I see a new directory /var/mail/test has been created to hold the spam emails.

How can I prevent this? Di I have Ubuntu configured wrong or Postfix or both?
0
Comment
Question by:LarryZ
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 23

Expert Comment

by:Mysidia
ID: 22595748
It sounds as if your mail server has been reconfigured to allow _any_  mail without checking if the user exists or not

Type

# postconf local_recipient_maps

And see what the output looks like...
some fairly standard settings are

local_recipient_maps = proxy:unix:passwd.byname $alias_maps
alias_maps = hash:/etc/aliases
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
smtpd_reject_unlisted_recipient = yes
recipient_canonical_maps =
recipient_delimiter =
relay_recipient_maps =



0
 

Author Comment

by:LarryZ
ID: 22595996
I only have the first line above. I looked at main.cf and master.cf and didn't see any lines similar to the the others listed in Mysidia's comment. Should I add the line smtpd_reject_unlisted_recipient=yes?
0
 

Author Comment

by:LarryZ
ID: 22596018
I have these Postfix files in /etc/postfix
body_checks
client_access
header_checks
main.cf
master.cf
postfix-files
sender_access
virtual_mailbox_recipients
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 23

Accepted Solution

by:
Mysidia earned 500 total points
ID: 22602643
smtpd_reject_unlisted_recipient = yes
Means reject mail for unknown recipient addresses.

Try
# postconf |grep virtual_mai

check for entries related to a virtual mailbox maps table...

_something_  is  mapping the messages to be delivered locally,
if they're being accepted.

If not by local user, and not by the mailbox name existing in /etc/aliases    as given in the local_recipient_maps  line, then most likely by a virtual mailbox recipient
mapping.

0
 

Author Closing Comment

by:LarryZ
ID: 31501148
Thanks Mysidia. Forgive me as I am an IT guy and vb.net programmer, but a Linux newbie. My initial post might not be accurate. Incoming emails to valid recipients go to thier mailbox. Incoming emails to aliases seem to work also. An email to anybody@mydomain.com gets rejected with 554 error (good). But an incoming email to mail@mydomain.com gets delivered to a new directory /var/mail/mail. I don't know how to prevent this special case. I bought "The Book of Postfix" by Ralf Hildebrandt to help me to learn Postfix.
0
 
LVL 23

Expert Comment

by:Mysidia
ID: 22621039
It may be that there actually is a default user on the system named "mail"
try  ls -ld /var/mail/mail

And see if the file isn't owned by a "mail"  user
I suppose what I would do is edit /etc/aliases

make sure there isn't already an alias for 'mail'

then try adding a

mail: bitbucket

finish editing the file
run the 'newaliases'    command to refresh the aliases database

Which goes along  with a line like

bitbucket:  /dev/null




0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Forget those services on TV trying to sell you software – that’s step one.  Almost all of the software you need should be available for free.  The tricky part is doing the work.  If you are not comfortable performing these steps yourself, contact a …
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question