CentOS Spam Troubleshot - email

I am having a problem in my server. It's sending a lot of spam emails out. I am using Exim, and i did all the possible Tweaks from WHM to prevent spamming. I already tried to find the source of these email, from what script they are coming from.
I tried with TCPdum and netstat.
The emails are going out from some cPanel user for example user1#servername.sdm.com (the server host name) not from user#samedomain.com.
Any idea or suggestion what can i check?

I already found the problem. I was monitoring with TCP dump the connections in port 25 and grepped the account what was spamming than i found what script was sending the emails by monitoring the Exim logs.

Related

Configure root#localhost mail on postfix dovecot postfixadmin virtual mail server using postgresql freebsd 12

Using freebsdI I setup a postfix, dovecot, postgresql and postfixadmin virtual email server. Everything is working to my satisfaction except email to root#localhost and my user email to localhost. Having done a lot of investigation and some trial I'm not finding the answer.
I looked at mydestination I have localhost listed, I think that is correct.
I tried adding localhost as a postfixadmin domain, this fails the x.x edit. localhost. does not work either. Don't really want to change code for obvious reasons. Localhost will resolve to the correct local ip 127.0.0.1.
Tried using mail to send root#localhost and get a dead.letter file with the message in it.
I am not a email server expert only the first time I've done this so much learning to do.
how do I solve this issue?
Thanks in advance for your help.

Sendmail Relay Issue

I have installed sendmail on Centos 7 and setup relay server using SMART_HOST.
But sendmail is not using my relay server when sending email, it keeps using localhost.
Can anyone help me to solve this problem?
Sendmail-8.12+ by default relays messages submitted locally to local main sendmail daemon running at 127.0.0.1:25. It does it as a security precaution to avoid installation as set root uid.
Have you checked sendmail log files? They should show where main local sendmail daemon relays messages to non local email addresses.
Documentation: SECURITY file in sendmail distribution
I found the answer myself.
The mistake was with LOCAL_DOMAIN.
I had put my local domain (which was used for mail server and email address) here.
And all of my emails were being handled as local emails.
Local emails were meant for excluding from relay, lol.

Mail not getting send to specific domains

We have a VPS with CentOS combined with DirectAdmin which we use for a Magento shop. This runs fine, except for sending email.
Problem:
It appears that some specific domains won't receive our emails and we get a bounce. If we use any other email sending systems, the mails arrive without problems.
The bounce mail contains the following error:
SMTP error from remote mail server after HELO Company-Shops:
host mx-cluster-b2.one.com [IP ADRESS]: 504 5.5.2 :
Helo command rejected: need fully-qualified hostname
After googling and trying things for a week now, I am a bit lost. I tried checking postfix in CentOS, but this is not installed and I'm not quite sure if this is needed.
Possible issue?
I believe the hostfile in CentOS is setup incorrectly:
127.0.0.1 localhost localhost.localdomain localhost4 ... etc
OUR IP Company-Shops
'Company-Shops' should probably be a domain name, am I right? The same as the rDNS. But I'm afraid if I change this it will kill my site and whatnot. I'm not sure if this entry correlates with the 'company-Shops' helo label in the bounce error.
Some extra info:
- We use the webmail Roundcube from DirectAdmin
- At the moment we run one shop, but this might grow a bit (multiple sites on 1 IP)
- We don't use subdomains
- We've set up a reverse DNS, with the domain
Is there anyone with similiar experiences or with a bit more knowledge about this subject? I appreciate any advice we can get, as we are stuck..
Many thanks.
Yes, that's right: your mail server should identify itself using a fully-qualified domain name when it connects to send mail via SMTP. You don't say what mail server you're running, but since you're using DA, it's probably Exim. If so, you want to edit /etc/exim.conf and set primary_hostname to the FQDN of your server.
This would also be a good time to double-check that reverse DNS is set up properly for your IP address. Many hosts will also reject email from servers on IPs without a valid rDNS record.
I'm not familiar with Magento, but I can't see any way that changing the Exim configuration in this way could impact that program.

What DNS MX setting should I use to control incoming mail from Plesk?

I have a 1&1 VPS with Plesk, and a domain name with 123-Reg. I've configured my DNS records as such:
www a 87.106.101.240
mail a 87.106.101.240
mail.limehousecraftsandgifts.com. mx 10
From within Plesk, on the limehousecraftsandgifts.com domain, I've got a mail redirect for all email to go to my Gmail. But the emails are not getting through.
Does anyone know what I'm doing wrong? 87.106.101.240 is my server.
Thanks,
Steven
For one thing, you don't have an A RECORD for mail.limehouecraftsandgifts.com =)
You should point it where-ever you want the mail delivered.
Thanks to Shad, I was able to investigate and realise that my DNS settings were correct. I was having a problem with Qmail on my VPS. The command line for Qmail said it was running fine, but the Plesk control panel would allow the service to start, but would then stop 20 seconds later. Ultimately, the problem was a misconfigured Qmail. So check your mail logs, and your Qmail status if you're having this problem.
I'm leaving this here as a note to anyone encountering similar issues.

sendmail and MX records when mail server is not on web host

This is a problem I'm sure is easy to fix, but I've been banging my head on it all day.
I'm developing a new web site for a client. The web site resides at (this is an example) website.com. I have a PHP form script to email visitors' requests to requests#website.com.
When I coded this on a staging server on a different domain, all worked fine. When I moved it to website.com, the mail messages never arrived. The web server is on a virtual host with a major ISP.
Here's what I've learned since then: My client's mail server is Microsoft Exchange on a box physically in their office. Whenever someone on the outside world emails requests#website.com, the mail arrives. But if the web server sends to the same email address, it fails every time. This is not a PHP problem. I secure shell in to the web server and have tested this both with sendmail and the UNIX mail application. I've also tested it by emailing various email accounts from the shell. I can email myself, for example, just nobody at the website.com domain.
In short, when I'm logged in to website.com, mail to requests#website.com, user#website.com, another_user#website.com all fail. All other addresses work fine. What I've discovered is those dropped emails are routed to the web server's "catchall" account where they sit in its inbox.
I've done an MX lookup on website.com. The MX record points to mailsec.website.com. I can telnet to mailsec.website.com port 25 and see the SMTP server.
It appears to me that website.com isn't doing an MX lookup when it's sending mail to requests#website.com. My theory is that it recognizes the domain as local, sees that there's no "requests" user account to deliver it to, and drops the mail into the catchall account. What I want is to force sendmail to do the MX lookup and send the message on to the Exchange server. I'm at wit's end here. I can't figure out how to do this.
For that matter, I may be way off base here and have misdiagnosed this entirely. Internet mail and MX has always seemed a black art to me, and my ignorance is certainly showing in this question.
I think the problem is that sendmail (your process) is talking to the local sendmail daemon. The local sendmail daemon thinks that because it is website.com, it should know how to deliver the email. Unfortunately, the actual address in the to field does not exist on the web server and thus it dumps it in the "catchall" mail box. You should talk to your ISP and have them update their sendmail configuration so that mail addressed to ...#website.com gets forward to the mail exchanger instead of being handled locally.
Sendmail by default guesses list of local email domains.
It can be turned off using the following line in your sendmail.mc file:
define(`confDONT_PROBE_INTERFACES',`True')
As root list local email domains before and after the change using:
echo '$=w' | sendmail -Am -bt
You will see which domains should be added "manually" to (usually) /etc/mail/local-host-names file after disabling auto-guessing.
After changing sendmail.mc:
Generate/compile new sendmail.cf file
Restart sendmail daemon (or send HUP signal)
tvanfosson basically has it, but as a temporary workaround, you should be able to change your script so that it mails 'user#mailsec.website.com', and then the mail will get delivered to the actual mail server.
Edit the tsm.cf file (in /etc/mail/ or similar) to include
FEATURE(relay_entire_domain)
between the DOMAIN() and MAILER() lines. Since you're editing the file, you may want to also improve security with
define(`confPRIVACY_FLAGS',``noexpn,novrfy'')
After changing the tsm.cf file (or any sendmail config file), restart or SIGHUP the sendmail process.
This change is necessary because the WWW and MX servers for the domain do not exist in the same process space; this FEATURE triggers sendmail to process messages for the domain using it's external delivery mechanism.
The edited portion of the tsm.cf file should look similar to this:
DOMAIN(website.com)dnl
FEATURE(relay_entire_domain)dnl
define(`confPRIVACY_FLAGS',``noexpn,novrfy'')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
What worked for me was to add an MX record on the webserver hosting the website, that points to the host assigned on the original domain name server. In the case presented here would be an mx record pointing to: mailsec.website.com
I'm new here. Wanted to extend RB_CWI answer, but I am not allowed to comment.
His solution worked great.
You are not required to define the DOMAIN().
However, on my system I was required to install the sendmail-cf package.
The instructions below were done on CentOS 6.5
First, install sendmail-cf
sudo yum install sendmail-cf
Then, edit the senmail.mc
sudo vi /etc/mail/sendmail.mc
At the bottom of the file add FEATURE(relay_entire_domain)dnl, so it looks like:
...
FEATURE(relay_entire_domain)dnl
MAILER(smtp)dnl # right above this line
MAILER(procmail)dnl
dnl MAILER(cyrusv2)dnl
Save the file, and restart sendmail.
sudo service sendmail restart
Got stuck on the same problem. MX points to an external Exchange server but php/sendmail did not lookup this record. Instead mails posted by WordPress on this webserver dropped in the catchall-mailbox.
Solution was to delete ALL mailboxes on the webserver. Now sendmail was interested in the MX and all mails went to the Exchange.
However, the Exchange uses the webspace's mail server as SmartHost for outgoing mails. As solution for this, we were able to use the FTP credentials for accessing the mail server. I assume this solution does not work on every provider on this planet, but in our case (all-inkl.com) it worked out.