My server is being abused to send unauthorized spam emails from my email to Gmail and others. These messages are flagged or blocked, and I see many in the Postfix mail queue.
I want to completely block all outgoing emails, but still allow incoming mail to be received normally.
How can I configure this safely in Postfix/Virtualmin?
thanks for your feedback
the issue is there is emails being sent from my username to google and other accounts and i want assistance to stop it from happening
It could be the case the server is compromised but either way i would be inclined to start from scratch creating all the domain(s) users with different strong passwords. There is the case that some bad code has been injected into the website files and will reinfect from a backup. @sherif.abousamra95 depending on how the mail is being sent looking at the logs will help to ascertain how mail is being sent, if it is being sent via a remote user that has your password (using submission) change the users password, but if you really want turn off sending mail why not try removing all submission configuration from postfix master.cf which i guess will stop mail being sent
You need to check the logs and see where these are coming from. Also check the FULL headers. It could be ‘back scatter’ and you are getting emails bounced back that didn’t originate with you. Does michelle@cp… have a web site? They could have a bad web form or compromised site. Or maybe michelle@cp… is actually a spammer or has a compromised mail account.
Personally I’d grep the mail logs for one of the codes and find all information about it. You probably need to change lines to 10000 or so and use the filter to find all instances of someting like the 021cb3…
Figure out which user is sending spam, then take appropriate action.
If the user is a domain owner user, and the sender is an exploited web application, you need to fix that exploited web application.
You can certainly configure Postfix to be more strict about who can send under what circumstances (e.g. require authentication, or only some users can submit to the local queue). But if you have an exploited web application, which seems likely, spam is a symptom, not the disease, and you need to treat the disease. An exploited web application is dangerous in all manner of ways, spam being among the least destructive. Be grateful the attacker just wanted to send spam and not do something much worse (but they may be doing something much worse, as well, you won’t know as long as you treat the symptom and not the disease).
I need to keep port 25 open to receive emails, but when I do, it gets attacked. If I block it, the attacks stop — but so does email delivery. So I’m stuck between allowing attacks or losing incoming mail
I thought this thread was about stopping emails being sent but it appears you are worried about attempted logins via port 25.If that is the case make sure you have all the postfix fail2ban jails enabled with whatever defaults you want which will then start banning users that are attacking.
I’m new to all this and using ChatGPT to help me understand, so it’s a learning curve. I did try your method and I think it’s working now, but I’m not totally sure yet. Appreciate your help!
We’re always happy to answer questions (but ignoring advice and asking the same question multiple times is discouraged).
If it’s not obvious from the items in the queue which user is sending email, you can generally find out in the relevant log (the postfix unit in the journal on modern systems). We have docs for troubleshooting mail problems, which includes how to find the relevant mail logs and how to browse/search them, etc.
Thanks, I’m not ignoring — as I mentioned, I’m still learning and trying things I somewhat understand first. I’ll check the docs you shared.
Also, to avoid confusion, is there a way to configure the server to only receive emails but not send? I tried blocking port 25, but then I couldn’t receive anything either.
