Agcapa

programador web

Categoría: Postfix

Many email messages are sent from PHP scripts on the server. How can I find the domains on which these scripts are running if I am using Postfix?

Many email messages are sent from PHP scripts on the server. How can I find the domains on which these scripts are running if I am using Postfix?

Article ID: 114845, created on Sep 26, 2012, last review on Dic 18, 2015

APLICABLE A:

  • Plesk for Linux/Unix
  • Plesk Automation 11.5

Symptoms

Many email messages are being sent from PHP scripts on the server. How can I find the domains on which these scripts are running if I am using Postfix?

Resolution

Note: This article is for Postfix. If you are using the Qmail mail server, see article
1711: Many email messages are sent from PHP scripts on the server. How can I find the domains on which these scripts are running?

There is a way to determine from which folder the PHP script that sends mail was run.

Note: Depending on your operating system and Plesk version, the paths can differ slightly from those listed below.

  1. Create a /usr/sbin/sendmail.postfix-wrapper script with the following content:

    Create a file and open it for editing:

    #touch /usr/sbin/sendmail.postfix-wrapper
    #vi /usr/sbin/sendmail.postfix-wrapper
    

    Add the following content:

    #!/bin/sh
    (echo X-Additional-Header: $PWD ;cat) | tee -a /var/tmp/mail.send|/usr/sbin/sendmail.postfix-bin "$@"
    

    Note that this should be two lines, including #!/bin/sh.

  2. Create a log file, /var/tmp/mail.send, and grant it a+rw rights. Make the wrapper executable, rename the old sendmail, and link it to the new wrapper. Then run the commands below:
    ~# touch /var/tmp/mail.send
    ~# chmod a+rw /var/tmp/mail.send
    ~# chmod a+x /usr/sbin/sendmail.postfix-wrapper
    ~# mv /usr/sbin/sendmail.postfix /usr/sbin/sendmail.postfix-bin
    ~# ln -s /usr/sbin/sendmail.postfix-wrapper /usr/sbin/sendmail.postfix
    
  3. Wait for an hour and change the sendmail back:
    ~# rm -f /usr/sbin/sendmail.postfix
    ~# mv /usr/sbin/sendmail.postfix-bin /usr/sbin/sendmail.postfix
    

Check the /var/tmp/mail.send file. There should be lines starting with X-Additional-Header: pointing to the domain folders where the scripts that sent the mail are located.

You can see all the folders from which mail PHP scripts were run with the following command:

    ~# grep X-Additional /var/tmp/mail.send | grep `cat /etc/psa/psa.conf | grep HTTPD_VHOSTS_D | sed -e 's/HTTPD_VHOSTS_D//' `

NOTE: If you see no output from the above command, it means no mail was sent using the PHP mail() function from the Plesk virtual hosts directory.

Usually, that means one of the mail accounts has been compromised. Check the login attempt count:

# zgrep -c 'sasl_method=LOGIN' /usr/local/psa/var/log/maillog*
/usr/local/psa/var/log/maillog:221000
/usr/local/psa/var/log/maillog.processed:362327
/usr/local/psa/var/log/maillog.processed.1.gz:308956

If you see an unusually high number of login attempts, it is very likely accounts were compromised. You can try identifying these accounts in the following way:

# zgrep 'sasl_method=LOGIN' /usr/local/psa/var/log/maillog* | awk '{print $9}' | sort | uniq -c | sort -nr | head
891574 sasl_username=admin@example.com

To stop spam from being sent, change passwords for the compromised accounts and restart the Postfix service.

For Plesk 12 also visit Administrator’s Guide page

Palabras de búsqueda:

Deferred E-Mails In Queue Not Delivering

wrapper

Spam on PPA Node

Mail Spamming

spam from external domain

11

pleskfatalexception

sending email name of someone else

SPam

mail

Script can be send mail but the option was disable on hosting plan

Suspicious E-Mail Headers In Mail Queue

Hello, Since last update to plesk12 have many problems of spam received as sent. We have verified that the settings wrapper in plesk 11.5 is not equal in plesk 12. I followed the steps in the kb http://kb.sp.parallels.com/1711 but not correct for plesk12. Could you install wrapper to ples12, please? Thanks.

php ini plesk

apache

spam

spam issue

mail queue spam

mail queue

error wrapper

mails rdns do not match to SMTP banner

Nonostante sia stato attivata la’utentificazione smtp, da giorni in coda mail ci sono svariate mail inviate da WORLDST-UQ3K9Q0

thousands of spam for an email address that doesn’t exist

postfix/smtp: certificate verification failed for gmail Equifax Secure Certificate Authority

outgoing spam

Spam mails getting sent

Spam being sent to our SMTP

plesk server mail not nbeing sent

DNS Flood Analysis

sql

spammer

plesk panel running slow

Mail Spmming

script

Postfix Mail Server

    1. Install most of the needed software from Fedora Extras using yum:
    2. yum install postfix mysql-server spamassassin 
       clamav amavisd-new cyrus-sasl clamav-update sqlgrey
    1. Start sasl:
    2. /sbin/service saslauthd start
    3. Start your favorite email client and send a test message to another server/mail system. Connect to the server with the following settings:
      • Host: host.example.com
      • User: local-user
      • Password: local-user’s password
      • Force TLS for SMTP
      • Force SMTP Auth
    4. In addition to a remote account, you could also send a test message to root, another account or yourself.

    1. Configure amavisd-new. Make the following changes to the /etc/amavisd/amavisd.conf config file:
      $myhostname is only needed when the server has not been assigned a FQDN, however, it does not hurt to set the variable; check with the command ‘hostname’
    2. $mydomain = 'example.com';
      $myhostname = 'host.example.com';
    3. Configure SpamAssassin to do extended checks such as rbl, pyzor, razor2, etc. Make the following changes to the /etc/mail/spamassassin/local.cf config file:
    4. report_safe             1
      use_bayes               1
      bayes_auto_learn        1
      skip_rbl_checks         0
      use_razor2              1
      use_dcc                 1
      use_pyzor               1
      whitelist_from *@example.com
    5. Enable ClamAV to do automatic updates to virus definitions. Make the following changes to /etc/sysconfig/freshclam:
      Note: The change is to comment out this line.
    6. #FRESHCLAM_DELAY=disabled-warn  # REMOVE ME
    7. Update /etc/freshclam.conf to enable automatic updates:
      Note: The change is to comment out ‘Example’. 

      #Example
    8. Start everything up:
    9. /sbin/service amavisd start
      /sbin/service clamd.amavisd start
      /sbin/service spamassassin start
    1. Add the following to /etc/postfix/master.cf:
    2. smtp-amavis unix -      -       n       -       2       smtp
          -o smtp_data_done_timeout=1200
          -o smtp_send_xforward_command=yes
          -o disable_dns_lookups=yes
          -o max_use=20
      
      127.0.0.1:10025 inet n  -       n       -       -  smtpd
          -o content_filter=
          -o local_recipient_maps=
          -o relay_recipient_maps=
          -o smtpd_restriction_classes=
          -o smtpd_delay_reject=no
          -o smtpd_client_restrictions=permit_mynetworks,reject
          -o smtpd_helo_restrictions=
          -o smtpd_sender_restrictions=
          -o smtpd_recipient_restrictions=permit_mynetworks,reject
          -o smtpd_data_restrictions=reject_unauth_pipelining
          -o smtpd_end_of_data_restrictions=
          -o mynetworks=127.0.0.0/8
          -o smtpd_error_sleep_time=0
          -o smtpd_soft_error_limit=1001
          -o smtpd_hard_error_limit=1000
          -o smtpd_client_connection_count_limit=0
          -o smtpd_client_connection_rate_limit=0
          -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
    3. Add the following to the /etc/postfix/main.cf config file:
    4. content_filter = smtp-amavis:[127.0.0.1]:10024
    5. Restart postfix to apply the changes:
    6. /sbin/service postfix restart
    1. Setup the mysql database:
    2. This assumes mysql server has not been setup and we are dealing with a fresh configuration. If mysql is already setup, you will need to use the ‘-p’ switch for the mysql commands and there is no reason to set a new mysql root password. Also note, you may use whatever user/database name you want but this will need to be updated in the conf file.

      /sbin/service mysqld start
      mysql -u root
    3. This will bring you to the mysql shell where you can add the needed user and database for sqlgrey:
    4. Commands are in bold responses are in italics

      mysql> create database sqlgrey;
      Query OK, 1 row affected (0.01 sec)
      mysql> grant all on sqlgrey.* to sqlgrey@localhost identified by 'mysqlUserPassword';
      Query OK, 0 rows affected (0.01 sec)
      mysql> quit
      Bye
    5. Set a root password for mysql:
    6. mysqladmin -u root password "mysqlRootPassword"
    7. Configure sqlgrey for the database. Make the following changes to the /etc/sqlgrey/sqlgrey.conf config:
    8. db_type = mysql
      db_pass = mysqlUserPassword
      admin_mail = server-admin@example.com
    9. Start the sqlgrey service:
    10. /sbin/service sqlgrey start
    1. Configure postfix to do the greylist check. Make the following update to the /etc/postfix/main.cf config file:
    2. smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service inet:127.0.0.1:2501
    3. Restart postfix to apply the changes:
    4. /sbin/service postfix restart
  1. Install Needed Software
  2. Configure and Test Postfix
    1. Do some basic configuration to setup postfix before first starting it. Find the configuration variables and update them. Edit the /etc/postfix/main.cf configuration file and make the following changes:
    2. mydomain = example.com
      myorigin = $mydomain
      inet_interfaces = all
      mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
      mynetworks_style = host
    3. Start the server for the first time:
    4. /sbin/service postfix start
    5. Send a test mail to a local user using telnet:
    6. commands are in bold reponses are in italics

      telnet localhost 25
      Trying 127.0.0.1...
      Connected to localhost.localdomain (127.0.0.1).
      Escape character is '^]'.
      220 host.example.com ESMTP Postfix>
      EHLO testdomain.com
      250-host.example.com
      250-PIPELINING
      250-SIZE 10240000
      250-VRFY
      250-ETRN
      250-ENHANCEDSTATUSCODES
      250-8BITMIME
      MAIL FROM: <user@testdomain.com>
      250 2.1.0 Ok
      RCPT TO: <local-user@example.com>
      250 2.1.5 Ok
      DATA
      354 End data with <CR><LF>.<CR><LF>
      Subject: Hello local-user
      Hey local-user,
      I just wanted to send some test mail to you :-)
      .
      250 2.0.0 Ok: queued as B95C8110064
      QUIT
    7. Check the users mail with the ‘mail’ command when logged in as the local-user:
    8. mail

      If this worked delete the users mail and move on, ‘man mail’ for more information about the mail command.

  3. Do Some More Configuration for Postfix
  4. This section start to configure postfix to be more secure. There are some options that are personal preferences of the author and may be changed. They are as follows:

    • Mail is stored in $HOME
    • TLS required for sending mail remotely
    • Certificates in /etc/postfix
    • The ‘standard’ is /etc/pki/tls
    1. Update the /etc/postfix/main.cf postfix configuration file and make the following changes:
      1. The following changes are updates:
      2. home_mailbox = Maildir/
      3. These changes are additions to the configuration file and may be added at the end of the file.
      4. #TLS - SMTP AUTH
        disable_vrfy_command = yes
        smtpd_use_tls = yes
        smtpd_tls_auth_only = yes
        tls_random_source = dev:/dev/urandom
        smtpd_tls_cert_file = /etc/postfix/cert.pem
        smtpd_tls_key_file = /etc/postfix/key.pem
        smtpd_sasl_auth_enable = yes
        smtpd_sasl_security_options = noanonymous
        broken_sasl_auth_clients = yes
        # Add some security
        smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
    2. Move your certificates to the proper location (/etc/postfix/cert.pem and /etc/postfix/key.pem respectivly) and set proper permissions (600).
      If you don’t have a certificate already, you may generate a self signed cert with the following commands: 

      cd /etc/postfix
      openssl req -new -x509 -nodes -out cert.pem -keyout key.pem -days 3650
      chmod 600 *.pem
      
    3. Restart the server:
    4. /sbin/service postfix restart
    5. Try to send test mail to your local-user account both from localhost and a remote server.
    6. This should work. It would also be a good test to make sure that your server will not relay mail so try to send mail to another host using your server. It is recommended to continue to send testing mail with telnet so the maximum amount of information is available to debug what is going wrong. You should notice a new response from the server after you ‘EHLO‘:

      EHLO testdomain.com
      250-host.example.com
      250-PIPELINING
      250-SIZE 10240000
      250-ETRN
      250-STARTTLS
      250-ENHANCEDSTATUSCODES
      250-8BITMIME
      250 DSN
    7. Test if TLS is working correctly:
    8. commands are in bold reponses are in italics

      telnet localhost 25
      Trying 127.0.0.1...
      Connected to localhost.localdomain (127.0.0.1).
      Escape character is '^]'.
      220 host.example.com ESMTP Postfix
      EHLO testdomain.com
      250-host.example.com
      250-PIPELINING
      250-SIZE 10240000
      250-ETRN
      250-STARTTLS
      250-ENHANCEDSTATUSCODES
      250-8BITMIME
      250 DSN
      STARTTLS
      220 2.0.0 Ready to start TLS

      If you do not see ‘Ready to start TLS’, something is wrong with your TLS setup.

  5. Test SMTP Auth Using a Standard Mail Client
  6. Use your favorite mail client to test if SMTP auth is working. If TLS is not working, SMTP auth will also not work because this howto forces postfix to use TLS when doing SMTP auth.

  7. Setup Amavisd-New, Spam Assassin, Clam-AV
  8. Amavisd-new is the content filter that will run the spamassassin and clamav checks. It could also be configured to do other checks and has many other features. Those addtional features are outside the scope of this howto and might be added later.

  9. Configure Postfix to Use the New Content Filtering System
  10. Postfix needs to be told to use the new content filtering system. A few things need to be changed to enable the new filtering system.

  11. Setup Grey Listing
  12. Grey listing is an anti-spam technique that is used to twart spammers from doing drive by spamming. There are two steps to get it working with postfix. Setting up the mysql database and then enabiling the checks. You may use any supported database you would like but additional database configurations are outside of the scope of this howto. Replace sensitive information such as passwords with unique settings.

  13. Setup Postfix to Do Grey Listing
  14. Postfix needs to be configured to check the greylisting service for the status of a sender.

  15. Set Services to Run on Boot
  16. The combination of services need to get set to run on boot. Do so with ‘chkconfig’:

    /sbin/chkconfig postfix on
    /sbin/chkconfig amavisd on
    /sbin/chkconfig clamd.amavisd on
    /sbin/chkconfig spamassassin on
    /sbin/chkconfig mysqld on
    /sbin/chkconfig sqlgrey on

Troubleshooting

 

How to Test

Test by sending mail from a remote service/server.

Common Problems and Fixes

The most common issue is networking issues. Please be sure your networking is setup correctly. For example the below is to allow port 25:tcp using iptables:

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT

Como mostrar y vaciar la cola de postfix

Como mostrar y vaciar la cola de postfix

qshape deferred | head
Para ver todos loe email en cola

Tip rapidísimo de postfix.

Para mostrar que emails están en cola, osea, aun no se han enviado:

mailq

Para borrar un email de la cola:

postsuper -d queue_id

Para borrar todos esos emails de la cola:

postsuper -d ALL

Mas comandos:
 postsuper -d numero (eliminar el mensaje)
 postsuper -d ALL (eliminar todos los mensajes)
 postsuper -r Number (Encolar de nuevo el mensaje)
 postsuper -r ALL (Encolar de nuevo todos los mensajes)
 postqueue -p  (Mostrar la cola de correo por pantalla)
 postqueue -f  (Hacer un flush de la cola de correo, intentar enviar todos los correos)

Para saber cual es la cabecera de un mail:
 postcat -q Numero de la cabecera | more

abrir relay en postfix

Mynetworks = 127.0.0.0/8,166.166.165.0/24,206.236.6.266

change pasword squirrelmail

Install the SquirrelMail Change Password Plugin
Service Configuration1. Install the Poppassd service.
ImportantPoppassd should be installed on the same server where dovecot is installed. And if it is not on the same server as SquirrelMail, then open the poppassd port 106.
SquirrelMail2. Connect to your SquirrelMail server and note down its version.
SquirrelMail3. Download the Change Passwd 4.2f and Compatibility 2.0.x plugins.
SquirrelMail4. Extract the downloaded files and put them into the /usr/share/squirrelmail/plugins directory.
NoteThe SquirrelMail Change Password and Compatibility archives has to be extracted directly into the SquirrelMail plugin directory to enable Linux to apply the proper SELinux Context into the files. See the SquirrelMail RetrieveUserData plugin if you need help on how to do it.
SquirrelMail Configuration5. From a Terminal window, type in /usr/share/squirrelmail/config/conf.pl and press Enter. This will launch the SquirrelMail Configuration utility.
NoteIf your Terminal window has a white background, make sure that the colors are off by looking for the command Turn color on. If the command is Turn color off, type in C and press Enter to turn the colors off. This will ensure that you will be able to read all of the text.
SquirrelMail Configuration6. Type in 8 and press Enter to list the Plugins submenu.
SquirrelMail Configuration7. Install the change_passwd plugin by typing in the number corresponding to it and press Enter. When you are done, type in q and press Enter to quit then type in y and press Enter to save your changes.
Terminal
8. If your version of SquirrelMail is not 1.4.13 and higher or 1.5.1 and higher, you need to patch your SquirrelMail source. Go to /usr/share/squirrelmail/plugins/compatibility and apply the compatibility patch by typing in the commands below.

cd /usr/share/squirrelmail/plugins/compatibility/
patch -p0 < patches/compatibility_patch-1.4.8.diff Replace 1.4.8 with your SquirrelMail version. GEdit9. In the /usr/share/squirrelmail/plugins/change_passwd directory, copy the file config.php.sample and save it as config.php. Edit config.php and review the default settings. Below are settings in config.php you may wish to change * $minimumPasswordLength - Minimum length of the password. * $changePasswdInLogin - Change password from the login form. Test the SquirrelMail Change Password SquirrelMail1. Login to SquirrelMail and go to the Options page. You should see the new Change Password section. SquirrelMail2. Click the Change Password link to view the new Change Password page.

Bloquear un dominio en postfix

Bloqueo de SPAM mediante postfix
Si estás en la larga lista de las víctimas de SPAM (correo no deseado), puedes seguir varias técnicas para bloquearlo, o bien una combinación de todas
ellas.

* Bloqueo de mensajes según remitente.
* Bloqueo de mensajes según listas negras de dominios.
* Bloqueo de mensajes según el contenido de las cabeceras.

En mi caso (un caso grave, hay que decirlo), decidí usar los tres al mismo
tiempo. Os explico cómo.
Bloqueo de mensajes según remitente
Para bloquear los mensajes bien por un remitente concreto o bien por el dominio o parte del dominio, es necesario crear un fichero llamado access en el directorio del postfix (en mi caso, /etc/postfix), como por ejemplo:

kornet.net 517 Delivery not authorized, message refused
kr 517 Delivery not authorized, message refused
goodlook@korea.net 517 Delivery not authorized, message refused

Tras lo cual es necesario crear el fichero con extensión db
correspondiente, mediante el comando postfix access en el directorio del
postfix.

Por último, hay que añadir la siguiente línea en el fichero /etc/postfix/main.cf:

smtpd_sender_restrictions = hash:/etc/postfix/access

© 2018 Agcapa

Tema por Anders NorenArriba ↑

Uso de cookies

Este sitio web utiliza cookies para que usted tenga la mejor experiencia de usuario. Si continúa navegando está dando su consentimiento para la aceptación de las mencionadas cookies y la aceptación de nuestra política de cookies, pinche el enlace para mayor información.

ACEPTAR
Aviso de cookies