-1

I run postfix/dovecot/spamassasin/clamav/amavis mail server. Recently (maybe 1 month) I find about 500 undelivered e-mails in my mailq. I delete them, but I guess it is not a helathy permanent solution to my problem.

And then I have problems to deliver e-mails due to the sending MTA's poor reputation.

Example of log entry in mailq:

A19EC23DE0     4613 Tue Aug  1 06:57:01  MAILER-DAEMON
(delivery temporarily suspended: connect to hayatdiyaliz.com[185.140.110.3]:25: Connection refused)
jack3p0gz7b@hayatdiyaliz.com

There are about 20 "fake" domains like hayatdiyaliz.com and 20-50 e-mails per domain. The mailboxes' names are always like this "name"."multiple_random_characters"@domain.com

jack8d7413@domain.com
emily8186ga@domain.com
william564av4@domain.com

Do you have any idea how to prevent this situation and what steps should I take to do something about the MTA's poor reputation?

I added this to my postfixs main.cf, but that did not help:

smtpd_sender_restrictions = reject_unlisted_sender

Thank you

EDIT: the Fighting Spam - What can I do as an: Email Administrator, Domain Owner, or User? question is too wide-range, I thought maybe someone had this particular problem, It used to be okay, all test I tried online were OK, deliverability tests, open relay test, etc.

Cafourek
  • 1
  • 1
  • 4
    Possible duplicate of [Fighting Spam - What can I do as an: Email Administrator, Domain Owner, or User?](https://serverfault.com/questions/419407/fighting-spam-what-can-i-do-as-an-email-administrator-domain-owner-or-user) – Gerald Schneider Aug 01 '17 at 08:07
  • 3
    I think your server is a open relay.. (your server accept a mail for a user X not in your domain, and the server try to send that to the correct domain) will let other answer as i know exchange, not postfix, etc., – yagmoth555 Aug 01 '17 at 11:08
  • Thanks, that's what I thought, but I tried this [link](http://www.mailradar.com/openrelay/) and several others tests stating that my server there are no relays accepted by remote host! – Cafourek Aug 01 '17 at 11:54
  • 2
    The server or, more likely, an email account is compromised. You need to look in /var/log/mail and see if you can correlate a series of bad messages with the login of a specific user account. – Appleoddity Aug 02 '17 at 01:45

1 Answers1

0

1) Add reject_rbl_client black.junkemailfilter.com, reject_rbl_client b.barracudacentral.org to smtpd_recipient_restrictions

2) Collect used domains and feed them to header_checks = regexp:/etc/postfix/header_checks and/or body_checks = regexp:/etc/postfix/body_checks

shr3k
  • 1