Disable postfix

SYSTEM INFORMATION
OS type and version Ubuntu 20.04
Webmin version 2.111

Hi!
Is there a way to avoid postfix from restarting when I change settings or add things on my server. On this server I dont want postfix and dovecot to be enabled ever. We have had spam problems and want to disable postfix. Dovecot was no problem . I can ofc go in and stop it after every time its restarted but it is annoying and sometimes you forget

So websites don’t need to send mail? There is no need to turn of postfix not sure why you worry about it.
In Virtualmin Features and Plugin untick mail for domain.

Just looking at docs, min install leaves off mail

Well I lost one server because it got hacked and sent spam using port 25 and I assume the postfix server. Port 25 is now blocked both in and out so disable postfix is ofc an extra safety. But one problem is that that ip address is now on every blacklist in the world with a very high spam score.
But thanks for the solution

You need to walk away from that IP (it is pointless chasing a useless/hacked IP) just try to get a nice new one and protect it (do not let it be used by spammers/random users) your IP is your most valuable asset.

Ofc I have done but the datacenter is not especially pleased they also lost an IP. That why I want to take all possible steps to protect servers where no mail is needed. I have a pure email server running for emails. Webmin net needed for that

why so sure that postfix is a problem I would want to know where the problem was sourced (had the server been rooted?) there are other ways to send mail!

I wouldn’t blame them, but they are better placed to get a cleaned IP and get the IP removed from blacklisting. If it was only one list employing your own legal team could be just as effective but multiple lists takes effort as they get passed around.

The only yjing I know is that it was the traffic on 25 that made the datacenter stop the server. I have a datalimit on upload from the server of 32 TB per month and that quota was close to full after 5 days. The biggest mistake I did was to not block 25 for outgoing traffic from the server

Traffic on 25 can be from literally any process on the server. Postfix is not required to send mail. Web apps can send mail, a user with telnet or nc or literally any programming language can send email, sending mail is stupidly simple and there are thousands of ways to send email without using Postfix.

Disabling the mail server does not prevent your server from being used to send spam, though it does mean they probably can’t as easily spoof DKIM, since only root and the signing milter has access to the private key (which is a benefit…any local user can send mail with those features, if you’ve enabled them, and if they use it to send spam, it’ll make the domain they’re sending as look like a spammer). If the sender uses one of your local domains in the from:, they get the benefit of any SPF records you have that include the server IP, so make sure you disable that, as well.

But, you can, of course, shut down Postfix (it’s just a service like any other). You lose the ability for Webmin and other services to send email about various stuff…updates, LE renewals, etc.), but if you don’t care about that, or you configure all those services to notify you in another way, that’s fine.

The only mistake you did was probably to have an unsafe password or a security breach. As long you reinstalled everything and the Hacker no longer have any key to enter it’s fine.

More over if you get hacked again. He can turn on everything, do whatever he want, so it will not be more safe for you to turn off anything.

The most important is to make sure no one can login in you server. And that your app don’t have security breach. In your case, right now, from far, It’s the most important.

Well I am aware of how people can send emails. As I wriote my big mistake was to not block port 25 for outgoing traffic. Why I want to close postfix and dovecot is more to save computer power even if its not a problem. Spamassasin and Clamav are the big culprits using ram and they are already switched of
Because it was not meant to send email with that server, no mx, dkim, spv or dmark were configured which made it easy for the spammer
We also run 2 pure email servers using the iredmail software and they are ofc both protected. And have had no incidents even if they have 1000 mailboxes each.
But now afterwards I see the spamattack as education.
But thanks for your input

Are you still unable to stop/disable postfix?

It’s a systemd service like everything else, so you can just stop it with systemctl stop postfix and disable it (prevent it from starting on boot) with systemctl disable postfix. Or you can do it in the Webmin->System->Bootup and Shutdown module.

2 Likes

You should also disable the Feature in Virtualmin, as stefan mentioned above.

I may have missunderstood what you said. But for any newcomer who would fall on this topic. The error is NOT the port 25 itself. More over Postfix and Dovecot does NOT take a lot of resources (If it does, maybe it’s an other problem).

The problem is HOW the attacker got access to it. To send Spam from your server.

  • If he did it from your application: it’s a Security Breach (And if I understood it was this).
  • If he litteraly login inside you server: You can turn off everything you want. He will be able to turn it back on.

So then you can turn it off but here was not the mistake.

No one have found out how he got access. the server only allow incoming traffic on 80, 443 plus a1 other port instead of normal 10000 to webmin. Ofc there is also ssh access but its on custom port protected with keypair and no password allowed. So its a mystery. Anyway since we closed 25 for outgoing traffic all has been calm

You’re fixated on ports. Ports are not the interesting thing.

1 Like

OK so what is? I cant see any other way to stop the hacker in this case

It sounds like you’re not bothering to figure out who was sending spam and how.

1 Like

We have tried to find out. The spam was some adult mails sent to a huge number of email addresses. The recievers complained to the hosting provider which complained to us. But we, or the host support who have had full access and been paid to try to trace what happend cant find out. this is a webshop but there is no sigh of how this happened. But I am eager to get some advice about how to go forward.
One thing that amaze me is how mails slip through when there is no mx, no dkim, no spv, no dmarc.

Are you running a php website? Its maybe someone could hacked the site and laid a script that can send spam, it could be something like that. You don’t need mail records for that to happen.

The script could be using sendmail so send out spam.

Try this on your system to see if it will send mail out.
echo "Subject: TEST" | /usr/sbin/sendmail -v myuser@mydomain.com

Its a webshop that has been running for 6 years. What ever has happened it stopped when I blocked the port for outgoing traffic. The scriptdid not work.