0

I have a terrible problem, my joomla website is being abused to massively send spam. I have no clue on what is actually happening, but my postfix mail queue is constantly filled with thousands of spam mails being send from my server to external mail addresses. As a from-address a randomly created alias on my domainname is being used.

To solve this problem I would like my Postfix mail server to only process mail from known mail aliases... just I have no clue on how to achieve this and the technical information I can find about postfix just is to dificult for me to understand.

So I was hoping that somebody could tell me how I can configure my postfix mailserver to only process mail (that is from internal to external) for known mail aliases (or at least a list of mail address that can be used in the from-field and all other mail just being rejected).

Geoffrey
  • 17
  • 1
  • 2
    Your asking about a method to more easily collect the rain than with buckets and pots where you should be fixing the huge hole in your leaky roof... – HBruijn May 28 '15 at 06:17

2 Answers2

0

The problem with Joomla and restricting email to only one email address is that you will lose functionality.

The better solution would be to look at your Joomla site for a possible HACK. It is actually easy to hack these sites.

Look at your directories and look for a recent hack that will leave directories like: "target" in your main Joomla directory. Also look for php files called, alias.php, apache.php and dbase.php (these are used by this spam bot)

Fianlly, look at your cgi-bin for files like cgiecho, cgiemail and randhtml.cgi

If you have these, please report back.

Tero Kilkanen
  • 34,499
  • 3
  • 38
  • 58
Rene R
  • 11
  • 1
0

You say you're using Postfix for mail, so Joomla is completely unrelated here.

First, are you using SASL or some other sort of authentication on your sending? If not, there's your problem: anyone can "telnet yourhost.com 25" and send messages to anyone they want; scripts make it very easy to send thousands of mails this way, and it's called an open relay. It is BAD.

You need to either implement some sort of authentication for mail sending/relaying, or use an application like postfix-policyd to throttle mail sending, or, if the server only sends and only from the internal Joomla instance (e.g. it only exists for password reset mails or the like), ensure you lock down Postfix to only accept incoming mail from localhost or the few servers you trust to send mail. Ideally, you'll do at least two of these things depending on your needs, or all three if possible and practical.

I'd recommend checking the Postfix guide to set up SASL if you actually handle mail for users (http://www.postfix.org/SASL_README.html) or searching for Postfix mail filtering and sender whitelisting. It will help save your mail server from certain blacklisting.

Also, for the record: the emails you see in your outbound deferred mail queue? Those are only the ones that didn't have a valid target or were rejected. You probably have hundreds or thousands more that delivered successfully. This is really important stuff if you want to run a public-facing mail server in 2015 and avoid the dreaded blacklist.

Joshua Boniface
  • 324
  • 3
  • 14
  • SASL is usually not necessary to send from localhost, see also the restriction `permit_mynetworks`. – sebix May 28 '15 at 07:14