Thanks! What do you mean?
Posts by redcloud
-
-
I strongly recommend so that mail function can be disabled from the Php-editor section for each domain (adding a "mail" button in the "Value for the disable_functions directive").
I encounter may websites with poor security that are spamming via php. The only option to stop them, as an server administrator without cutting the whole account, was to manualy edit the php setting by adding mail to disabled function. Unfortunately this is overwritten on the next update or by other reason.
Thanks!
Hi! How do you do it manually? I've the same problem.
-
Thank you Ninos,
mailq was full of emails from an hosted website that is now suspended. I purged those emails and I'm gonna monitor mailq to check if new spam messages will be queued. Is this correct? Otherwise I will contact you to check the situation.
For specific domain delete I've issued this command
postqueue -p | tail -n +2 | awk 'BEGIN { RS = "" } /@abcdefghdomain\.com/ { print $1 }' | tr -d '*!' | postsuper -d -
-
cat /var/log/mail.info | grep relay= | tail
Nov 25 00:55:08 srv postfix/error[28563]: 96E032CC364B: to=<anduit@abcdef.it>, relay=none, delay=105526, delays=105454/71/0/0.14, dsn=4.0.0, status=deferred (delivery temporarily suspended: host etb-1.mail.abcdef.it[....] refused to talk to me: 554 zxcv-1.mail.abcdef.it lbv81r00B0SDUYm01 IP: ...., You are not allowed to send mail. Please see http://www.spamhaus.org/query/ip/.... You are listed in Spamhaus ZEN)
Nov 25 00:55:08 srv postfix/error[28665]: A576E2CC6468: to=<fpetraglia@abcdef.it>, relay=none, delay=416357, delays=416285/71/0/0.14, dsn=4.0.0, status=deferred (delivery temporarily suspended: host etb-1.mail.abcdef.it[....] refused to talk to me: 554 zxcv-1.mail.abcdef.it lbv81r00B0SDUYm01 IP: ...., You are not allowed to send mail. Please see http://www.spamhaus.org/query/ip/.... You are listed in Spamhaus ZEN)
Nov 25 00:55:08 srv postfix/error[28718]: 4EBEA2CC433F: to=<messina.daniela@abcdef.it>, relay=none, delay=359669, delays=359597/71/0/0.14, dsn=4.0.0, status=deferred (delivery temporarily suspended: host etb-1.mail.abcdef.it[....] refused to talk to me: 554 zxcv-1.mail.abcdef.it lbv81r00B0SDUYm01 IP: ...., You are not allowed to send mail. Please see http://www.spamhaus.org/query/ip/.... You are listed in Spamhaus ZEN)
Nov 25 00:55:08 srv postfix/error[28578]: 260842CC2344: to=<giulidalpozzo@abcdef.it>, relay=none, delay=181294, delays=181222/71/0/0.09, dsn=4.0.0, status=deferred (delivery temporarily suspended: host etb-1.mail.abcdef.it[....] refused to talk to me: 554 zxcv-1.mail.abcdef.it lbv81r00B0SDUYm01 IP: ...., You are not allowed to send mail. Please see http://www.spamhaus.org/query/ip/.... You are listed in Spamhaus ZEN)
Nov 25 00:55:08 srv postfix/error[28586]: 2D57E2CC625B: to=<cauurli@abcdef.it>, relay=none, delay=418486, delays=418415/71/0/0.09, dsn=4.0.0, status=deferred (delivery temporarily suspended: host etb-1.mail.abcdef.it[....] refused to talk to me: 554 zxcv-1.mail.abcdef.it lbv81r00B0SDUYm01 IP: ...., You are not allowed to send mail. Please see http://www.spamhaus.org/query/ip/.... You are listed in Spamhaus ZEN)
Nov 25 00:55:08 srv postfix/error[28661]: 8B7BA2CC39C7: to=<fraama@abcdef.it>, relay=none, delay=245809, delays=245738/71/0/0.09, dsn=4.0.0, status=deferred (delivery temporarily suspended: host etb-1.mail.abcdef.it[....] refused to talk to me: 554 zxcv-1.mail.abcdef.it lbv81r00B0SDUYm01 IP: ...., You are not allowed to send mail. Please see http://www.spamhaus.org/query/ip/.... You are listed in Spamhaus ZEN)
Nov 25 00:55:08 srv postfix/error[28581]: 850562CC12C3: to=<marc.gargiulo@abcdef.it>, relay=none, delay=106883, delays=106812/71/0/0.09, dsn=4.0.0, status=deferred (delivery temporarily suspended: host etb-1.mail.abcdef.it[....] refused to talk to me: 554 zxcv-1.mail.abcdef.it lbv81r00B0SDUYm01 IP: ...., You are not allowed to send mail. Please see http://www.spamhaus.org/query/ip/.... You are listed in Spamhaus ZEN)
Nov 25 00:55:08 srv postfix/smtp[28673]: DAB542CC2689: to=<emariconda@abcdef.it>, relay=etb-2.mail.abcdef.it[....]:25, delay=187025, delays=186953/1.2/70/0, dsn=4.0.0, status=deferred (host etb-2.mail.abcdef.it[....] refused to talk to me: 554 zxcv-2.mail.abcdef.it lbv81r00o0SDUYm01 IP: ...., You are not allowed to send mail. Please see http://www.spamhaus.org/query/ip/.... You are listed in Spamhaus ZEN)
Nov 25 00:55:08 srv postfix/smtp[28645]: 135362CC2F29: to=<gaetanoavventura@abcdef.it>, relay=etb-4.mail.abcdef.it[....]:25, delay=135013, delays=134942/1.1/70/0, dsn=4.0.0, status=deferred (host etb-4.mail.abcdef.it[....] refused to talk to me: 554 zxcv-2.mail.abcdef.it lbv81r00x0SDUYm01 IP: ...., You are not allowed to send mail. Please see http://www.spamhaus.org/query/ip/.... You are listed in Spamhaus ZEN)
Nov 25 00:55:59 srv postfix/smtp[28658]: 63C602CC5C10: to=<hkelly1@fuse.net>, relay=mx2.fuse.net[64.8.71.15]:25, delay=313799, delays=313677/1.2/121/0, dsn=4.7.1, status=deferred (host mx2.fuse.net[64.8.71.15] refused to talk to me: 550 5.7.1 [C16] SBL-XBL Restriction: See http://www.spamhaus.org/query/bl?ip=....) -
Thanks Ninos, in fact I have a lot of deferred emails :s
I've tried to suspend all hosted websites but it seems that postifx is still "under attack"... -
/var/log/mail.log
Thanks but what to look for?
I've got some more details...
Code- IP Address ... is listed in the CBL. It shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet.
- It was last detected at 2015-11-15 18:00 GMT (+/- 30 minutes), approximately 9 days, 5 hours ago.
- This IP is infected (or NATting for a computer that is infected) with the kelihos spambot. In other words, it's participating in a botnet.
-
Hi all! Recently one of my servers has been blacklisted by Spamhaus ZEN, CBL, ivmSIP. Do you have any suggestion about how to check the root cause? The installed i-MSCP version is 1.2.9.
Thank you! -
- Use the sitewide-bayes. See also the config file:
https://github.com/i-MSCP/plug…amAssassin/config.php#L49 - you need to import/export the spamassassin-db
- therefore you need dovecot, the RoundcubePlugins plugin with activated manage-sieve and a first login per mail account into the roundcube webmailer. But it's easier just to reject spam mails
https://github.com/i-MSCP/plug…amAssassin/config.php#L42
It seems that the reject spam mails options it's not working even after plugin deactivation/activation and SpamAssassin service restart. - Use the sitewide-bayes. See also the config file:
-
Thank you very much!
Is it possible to apply a filter on email subject and/or body?
How to apply config.php changes? Is it enough to save file changes?
-
Hi! I'm using i-mscp 1.2.2 + roundcube + roundcube plugins + spamassassin and I'd like to know if it is possible to:
- apply a rejection filter for all i-mscp email accounts of a given domain (what I do now is setup a filter for each email account through roundcube settings :\ )
- import/export filter rules
- move automatically marked as spam emails to junk folderThanks!