Hi,
I just installed Virtualmin new. and Create a Virtual Server, users, and catchall emails with no issues.
just I am wondering how to stop all users to send emails.
My goal is, Only receive emails for this catchall email. and stop sending emails.
Thanks
Hello @post and welcome to the community.
To stop all users of all virtual servers from sending out mail to the internet, edit postfix to include this line:
default_transport = error:Cannot send out e-mail to internet - e-mail can be delivered to local users only
To edit Postfix: Webmin → Server → Postfix and then edit config files.
Hello Calport,
Thanks for your reply,
If the user uses the SMTP in other software and not postfix then he will be able still to send emails, is this right?
If your users use some other server’s SMTP, you mean?
NO, i mean if the user use the SMTP in another Email Client.
I edit postfix to include the line:
default_transport = error:Cannot send out e-mail to internet - e-mail can be delivered to local users only
but now i get an issue, i can not receive any emails…
Yes, the users of all virtual servers will not be able to send out email to the internet using your SMTP server even if they use an email client.
Also see:
So, just to confirm. if i do this 2 steps:
1.edit postfix to include the line:
default_transport = error:Cannot send out e-mail to internet - e-mail can be delivered to local users only
2. useing Virtualmin’s feature - Mail Rate Limiting
Then the users can NOT send emails. but they can still receive emails right?
That is correct.
Thanks for the confirmation,
I test it. The user can not send emails
Now i have a problem that the user does not receive any emails.
I have no idea why incoming email is not being delivered.
Hi,
Thanks so much for your support,
I just would like to let you know, it is working with a fresh installation.
Thanks a gain and Happy new year
Thanks for letting us know.
Happy New Year!
Hi,
i did the 2 steps and after some 2 weeks, i notice that the Mail Rate Limiting was set to " **Rate limiting enabled? NO" it is changed automatically, could be this happens after any Package updates was made?
My configuration is:
Thanks for your support
Obviously not. Why would you think that a package update would cause that particular setting in Virtualmin to be changed?
I do not know, I just made over the times several update and i did not control if the setting in Virtualmin is still the same or not, but today i get to know from Legal and Abuse Team ‎thats some of my domian is in the Spamhaus and i control the setting i found it (Rate limiting enabled?) set to NO. even i did not change it.
So, how this can happen?
Sounds to me like your system has been rooted.
It was sending spam? That’s a bad sign. Virtualmin does not configure an open relay, so it’d have to be from local users. That doesn’t indicate a root exploit, but now you’re seeing a config option that can only be changed by a root-level user…and it’s to allow your users to send spam again.
Seems like a problem. If it has been rooted, you can’t trust the server to tell you the truth about what’s going on on the server. The attacker would be able to hide their processes and files from you (root can overwrite system files, replacing them with versions that hide the attackers processes and files). The only certain way to deal with that is to start over with a freshly installed system. But, if you’re able to boot from known-good media (like a rescue boot disk) you could search for problems with some confidence you’re seeing reality. You could run tools like rkhunter, etc. to help search for the trouble.
It may be something else. But, updates absolutely would not alter a config file like that.
if the system has been rooted, then i must re-install Virtualmin and will be deleted all servers, right?
How can i avoid this in the future? I have to provide my clients SMTP for catchall emails ONLY for receiving emails and not root user access.
I will be glade for any advise.
If the system has been rooted, and you neither know how to restore it to health nor have access to someone who does, then you need to reinstall the OS, and then reinstall Virtualmin.
I suggest you enlist some expert help. At this point you don’t know the specifics of the problem, and those specifics will determine your best response.
Richard
If i have a fresh installation,
How can i avoid this in the future?
We don’t know that’s the case, you haven’t given us much to work with to confirm it or deny it. But, if you ignored spam being sent from your users and just turned off mail sending, that likely means you had an attacker with user-level access for some time, and then they found a root-level exploit. And, once they had root they could turn mail sending back on. That is not the only possibility here. But, spam+root-level config change that you insist you didn’t do points to it.
It’s not really a Virtualmin issue (they didn’t get in via Virtualmin, we haven’t had a major exploit in years). I would guess you were running out of date software. Web apps are often the first step…once they have user-level access, their opportunities for root escalation improve. I don’t know of any recent kernel exploits that would allow root escalation, but if you were running out of date software, that’d be my assumption.
Again, we don’t know what is happening. Your questions just led me to this guess. It is a guess. It may be something else entirely. But users sending spam is definitely an indicator you have an exploited user account or at the least an exploitable web app that can send arbitrary mail on behalf of a remote user. You can’t just turn off mail sending and ignore that fact. That’s crazy. You have to root cause stuff like that immediately. That’s where danger lives, when it comes to server management.
You haven’t even told us what OS/version you’re using. I can’t even tell you how to verify your packages (which may help prove the server is compromised, but can’t prove it isn’t).