Prevent Spammer From Creating New Directory Under /var/mail - Postfix

A spammer can send spam emails to "mail@mydomain.com", and Postfix will created a new directory /var/mail/mail to hold the emails. This has happened a couple of times before with similar names. For example, a spammer sends an email to "test@mydomain.com", and when I look at Ubuntu, I see a new directory /var/mail/test has been created to hold the spam emails.

How can I prevent this? Di I have Ubuntu configured wrong or Postfix or both?
LarryZAsked:
Who is Participating?
 
MysidiaConnect With a Mentor Commented:
smtpd_reject_unlisted_recipient = yes
Means reject mail for unknown recipient addresses.

Try
# postconf |grep virtual_mai

check for entries related to a virtual mailbox maps table...

_something_  is  mapping the messages to be delivered locally,
if they're being accepted.

If not by local user, and not by the mailbox name existing in /etc/aliases    as given in the local_recipient_maps  line, then most likely by a virtual mailbox recipient
mapping.

0
 
MysidiaCommented:
It sounds as if your mail server has been reconfigured to allow _any_  mail without checking if the user exists or not

Type

# postconf local_recipient_maps

And see what the output looks like...
some fairly standard settings are

local_recipient_maps = proxy:unix:passwd.byname $alias_maps
alias_maps = hash:/etc/aliases
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
smtpd_reject_unlisted_recipient = yes
recipient_canonical_maps =
recipient_delimiter =
relay_recipient_maps =



0
 
LarryZAuthor Commented:
I only have the first line above. I looked at main.cf and master.cf and didn't see any lines similar to the the others listed in Mysidia's comment. Should I add the line smtpd_reject_unlisted_recipient=yes?
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
LarryZAuthor Commented:
I have these Postfix files in /etc/postfix
body_checks
client_access
header_checks
main.cf
master.cf
postfix-files
sender_access
virtual_mailbox_recipients
0
 
LarryZAuthor Commented:
Thanks Mysidia. Forgive me as I am an IT guy and vb.net programmer, but a Linux newbie. My initial post might not be accurate. Incoming emails to valid recipients go to thier mailbox. Incoming emails to aliases seem to work also. An email to anybody@mydomain.com gets rejected with 554 error (good). But an incoming email to mail@mydomain.com gets delivered to a new directory /var/mail/mail. I don't know how to prevent this special case. I bought "The Book of Postfix" by Ralf Hildebrandt to help me to learn Postfix.
0
 
MysidiaCommented:
It may be that there actually is a default user on the system named "mail"
try  ls -ld /var/mail/mail

And see if the file isn't owned by a "mail"  user
I suppose what I would do is edit /etc/aliases

make sure there isn't already an alias for 'mail'

then try adding a

mail: bitbucket

finish editing the file
run the 'newaliases'    command to refresh the aliases database

Which goes along  with a line like

bitbucket:  /dev/null




0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.