HELP!
It seems I have unwillingly created a multispam monster.
I am running a small php/mysql-based CMS on a G3 Macintosh with Mac Os X Panther installed.
I used Postfix Enabler to configure and start postfix. For several months everything was fine, but recently I noticed that my broadband connection was beginning to get really slow.
I found out that enormous amounts of spammail was being sent or relayed through postfix.
I am not a programmer and though I’ve searched all over the web I have not found a laymans recipe for making postfix secure. It is supposed to be extremely secure, isn’t it?
I think whoever unleashed these mighty powers of communication upon ordinary people owe an explanation that ordinary people understand.
I’ve tried to reconfigure the postfix main.cf file in a zillion different ways, but every time I start postfix the same thing happens: The mail.log explodes with listings of outgoing spammails.
I have removed any possible mailforms and send.php’s from the root folder of my server, and still the spam-thing reappears immediately whenever I start postfix.
I even shot down port 25 for the server (in the router) and still the spammonster won’t go away.
Was is happening here? Is it possible that someone planted a trojan om my server? How can I detect it if that is the case?
Can someone shed some light on origin of this spam-nightmare? Or lead me to a site where I can find some straigthforward info on postfix security?
Below is a sample from the mail.log as it looks seconds after I start postfix (debug level 5):
Sep 14 18:35:02 localhost postfix/smtp[1619]: 505C9596E0: to=<youngt@mcmurryadm.mcm.edu>, relay=mcmurryadm.mcm.edu[66.210.60.186], delay=39, status=sent (250 2.6.0 <20050914163423.505C9596E0@eriklarsen.dynu.com> Queued mail for delivery)
Sep 14 18:35:02 localhost postfix/smtp[1593]: 505C9596E0: to=<ysmn@gawab.com>, relay=mx2.gawab.com[208.21.175.136], delay=39, status=sent (250 ok 1126715402 qp 18300)
Sep 14 18:35:02 localhost postfix/pickup[1561]: 79174596E6: uid=70 from=<www>
Sep 14 18:35:03 localhost postfix/cleanup[1562]: 79174596E6: message-id=<20050914163502.79174596E6@eriklarsen.dynu.com>
Sep 14 18:35:03 localhost postfix/smtp[1663]: 505C9596E0: to=<yayinko@yorku.ca>, relay=maildelivery.yorku.ca[130.63.236.140], delay=40, status=sent (250 2.0.0 j8EGZh3u007799 Message accepted for delivery)
Sep 14 18:35:03 localhost postfix/smtp[1663]: 505C9596E0: to=<yu251363@yorku.ca>, relay=maildelivery.yorku.ca[130.63.236.140], delay=40, status=sent (250 2.0.0 j8EGZh3u007799 Message accepted for delivery)
Sep 14 18:35:03 localhost postfix/qmgr[1564]: 79174596E6: from=< size=2164, nrcpt=401 (queue active)
Sep 14 18:35:03 localhost postfix/smtp[1585]: connect to mailin-03.mx.aol.com[64.12.137.152]: server refused mail service (port 25)
Sep 14 18:35:03 localhost postfix/smtp[1572]: 505C9596E0: to=<yolosh@att.net>, relay=gateway2.att.net[12.102.240.23], delay=40, status=bounced (host gateway2.att.net[12.102.240.23] said: 550-217.157.202.149 blocked by blacklist.mail.ops.worldnet.att.net. 550
Erik Larsen
Copenhagen, Denmark
It seems I have unwillingly created a multispam monster.
I am running a small php/mysql-based CMS on a G3 Macintosh with Mac Os X Panther installed.
I used Postfix Enabler to configure and start postfix. For several months everything was fine, but recently I noticed that my broadband connection was beginning to get really slow.
I found out that enormous amounts of spammail was being sent or relayed through postfix.
I am not a programmer and though I’ve searched all over the web I have not found a laymans recipe for making postfix secure. It is supposed to be extremely secure, isn’t it?
I think whoever unleashed these mighty powers of communication upon ordinary people owe an explanation that ordinary people understand.
I’ve tried to reconfigure the postfix main.cf file in a zillion different ways, but every time I start postfix the same thing happens: The mail.log explodes with listings of outgoing spammails.
I have removed any possible mailforms and send.php’s from the root folder of my server, and still the spam-thing reappears immediately whenever I start postfix.
I even shot down port 25 for the server (in the router) and still the spammonster won’t go away.
Was is happening here? Is it possible that someone planted a trojan om my server? How can I detect it if that is the case?
Can someone shed some light on origin of this spam-nightmare? Or lead me to a site where I can find some straigthforward info on postfix security?
Below is a sample from the mail.log as it looks seconds after I start postfix (debug level 5):
Sep 14 18:35:02 localhost postfix/smtp[1619]: 505C9596E0: to=<youngt@mcmurryadm.mcm.edu>, relay=mcmurryadm.mcm.edu[66.210.60.186], delay=39, status=sent (250 2.6.0 <20050914163423.505C9596E0@eriklarsen.dynu.com> Queued mail for delivery)
Sep 14 18:35:02 localhost postfix/smtp[1593]: 505C9596E0: to=<ysmn@gawab.com>, relay=mx2.gawab.com[208.21.175.136], delay=39, status=sent (250 ok 1126715402 qp 18300)
Sep 14 18:35:02 localhost postfix/pickup[1561]: 79174596E6: uid=70 from=<www>
Sep 14 18:35:03 localhost postfix/cleanup[1562]: 79174596E6: message-id=<20050914163502.79174596E6@eriklarsen.dynu.com>
Sep 14 18:35:03 localhost postfix/smtp[1663]: 505C9596E0: to=<yayinko@yorku.ca>, relay=maildelivery.yorku.ca[130.63.236.140], delay=40, status=sent (250 2.0.0 j8EGZh3u007799 Message accepted for delivery)
Sep 14 18:35:03 localhost postfix/smtp[1663]: 505C9596E0: to=<yu251363@yorku.ca>, relay=maildelivery.yorku.ca[130.63.236.140], delay=40, status=sent (250 2.0.0 j8EGZh3u007799 Message accepted for delivery)
Sep 14 18:35:03 localhost postfix/qmgr[1564]: 79174596E6: from=< size=2164, nrcpt=401 (queue active)
Sep 14 18:35:03 localhost postfix/smtp[1585]: connect to mailin-03.mx.aol.com[64.12.137.152]: server refused mail service (port 25)
Sep 14 18:35:03 localhost postfix/smtp[1572]: 505C9596E0: to=<yolosh@att.net>, relay=gateway2.att.net[12.102.240.23], delay=40, status=bounced (host gateway2.att.net[12.102.240.23] said: 550-217.157.202.149 blocked by blacklist.mail.ops.worldnet.att.net. 550
Erik Larsen
Copenhagen, Denmark