OS type and version: Debian 10
Webmin version: 1.981
Virtualmin version: 6.17-3
Related products version: Postfix 3.4.14
We are currently hosting 40+ “light use” websites/ aliases of which 4 have mail services running.
There was a recent issue where one of the websites was hacked (unpatched wordpress!!) and we had a large spike in bandwidth usage before we took the site offline. This was also at the same time we moved one of our mail domains on to the virtualmin system.
There’s a bit of an issue now with spam blacklisting which we’re working to resolve but we are struggling to work out if we are getting fallout from the website breach or if it’s a bad machine/compromised account in the mail domain we’ve moved across to the server.
At the moment, all network traffic and services are pinned to eth0 which is pinned to one of our external IP’s. All web and mail traffic is going through that but I want to split the mail traffic off from the web. I’m looking to configure the postfix so that I can move the mail domains 1 at a time across to eth1 which is pinned to a different external IP and see if the spam problem moves.
I’ve seen an answer here - linux - postfix virtual domain on specific IP address - Unix & Linux Stack Exchange
that talks about changing the master.cf but am wanting to query the actual syntax/settings
Currently the master.cf has
smtp inet n - y - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_security_level=may
smtps inet n - y - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_security_level=may -o smtpd_tls_wrappermode=yes
The link above is advising something along the lines of
domain1 unix - - n - - smtp -o syslog_name=postfix-mail.example.com -o smtp_helo_name=mail.example.com -o smtp_bind_address=22.214.171.124 domain2 unix - - n - - smtp -o syslog_name=postfix-mail.abc.com -o smtp_helo_name=mail.abc.com -o smtp_bind_address=126.96.36.199
My query is over the differences
the original settings are “private” = n and “chroot” = y. As this is virtualmin and multidomain, do I need to keep the same options instead of the “-” and “n” ?
I’m assuming the command + args needs to be smtpd + the various -o options currently set?
At the minute there is a smtp and smtps setting in master.cf. If I break it down into domain1, 2, … do I need to remove the current smtp setting and what about the smtps?
Also is there any logging or setting I can tweak to try and ID where all these emails are coming from?