Postfix block local domain from sending

postfix

I have a centos 6.5 server running apache and hosting about 8 domains. There is also postfix 2.6 installed serving these local domains to send emails generated by php (website contact forms). Postfix installation is default. No modifications have been made to main.cf or any other file.

Now, one of the websites has been hacked and is sending spam emails using addresses such as: random_user1@hacked_domain.com, random_user2@hacked_domain.com, random_user3@hacked_domain.com (hacked_domain.com is the actual domain name of the hacked website)

I want to block this particular (local) domain from sending, while all other domains sould send normally. So far, I have created a "blacklist" which I saved in postfix folder named "rbl_blacklist" and looks like that:

hacked_domain.com    REJECT

How can I use this file in main.cf in order to prevent messages from ***@hacked_domain.com from being sent?

(also, any other suggestions are welcome)

EDIT:

I do not want to block certain users, since there aren't any! I just want to block all email messages that are sent from: *@hacked_domain.com from being sent!

Best Answer

The solution was "header_checks"

In main.cf comment out any "header_checks" lines -if exist and then add:

header_checks = pcre:/etc/postfix/header_checks.pcre

Create header_checks.pcre file (at the postfix folder)

# cd /etc/postfix
# vi header_checks.pcre

inside header_checks.pcre file added the following line:

/^From:((?![^@]*?user1|[^@]*?user2|[^@]*?user3|[^@]*?webmaster)[^@]*?)@hacked_domain\.com/ DISCARD

(we allow only user1, user2, user3 and webmaster to send emails -the other addresses get discarded!)

# service postfix restart

...and worked!

Hope that helps others with similar issues!

Related Solutions

Postfix: forward all mail except local user ones

Use localhost for mydestination and myorigin

mydestination = localhost
myorigin = localhost

With this setup, when mdadm send email to root, it will transformed to root@localhost. With mydestination = localhost, postfix will consult /etc/aliases to do aliasing.

If you aren't comfortable with root@localhost in return-path, then you can use smtp_generic_maps to repair it

#main.cf
smtp_generic_maps = hash:/etc/postfix/rewrite

#/etc/postfix/rewrite
localhost example.com

Postfix sending emails with delay

Amazon Lightsail is a low-end low-price cloud VPS solution for web application developers. Everything on Lightsail documentation is related to choosing and configuring web servers and CMS platforms. It is not clearly stated but otherwise apparent that Lightsail isn't ment to be an email server. Even the very name of your server is webserver!

A web application might send an emails every once in a while. Therefore SMTP port 25 is not completely blocked but rather has limitations. Your Postfix configuration is ok for a stand-alone SMTP server, but the mail.log shows what is happening: after you reach the limitation, SMTP connections gets timed out and the mail gets deferred, postponed for a later try. The RFC 3463 based SMTP status code dsn=4.4.1 tells the same:

4.4.1 The recipient’s server is not responding

This is an error emanating from your server indicating that the recipient’s server is not responding. Your server will automatically try again a number of times – how many depends on how your server has been configured.

You mentioned in a comment that this only happens with Postfix on Ubuntu but not with Sendmail on Amazon Linux. I'm not so familiar with Amazon Linux and Amazon SES, but I guess that Amazon Linux Sendmail might have Amazon SES preconfigured as a relay. It is possible to integrate Amazon SES with Postfix, too.

As you have relayhost = $mydomain, you probably are trying to relay all mail to an external mail server of your domain, as it should be. However, the limitation on port 25 doesn't have exception for your external MTA. Therefore, you should use message submission agent (port 587) instead.

You have to have MSA configured in your email server. If it's also Postfix, you should have /etc/postfix/master.cf section beginning with submission uncommented:

 submission inet n       -       -       -       -       smtpd
   -o syslog_name=postfix/submission
   -o smtpd_tls_security_level=encrypt
   -o smtpd_sasl_auth_enable=yes
   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
   -o milter_macro_daemon_name=ORIGINATING

Configure your Lightsail relayhost to use submission port and authentication, main.cf:

 relayhost = $mydomain:587
 # Alternative example without DNS MX lookup:
 # relayhost = [mail.example.com]:587
 smtp_sasl_auth_enable = yes
 smtp_sasl_security_options = noanonymous
 smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
 smtp_use_tls = yes
 smtp_tls_security_level = encrypt
 smtp_tls_note_starttls_offer = yes

The /etc/postfix/sasl_passwd is a Berkeley DB (hash:) for the username and password information to be used for authenticating with the mail gateway server. Examples:

 # destination                   credentials
 [mail.example.com]              username:password
 # Alternative form:
 # [mail.example.com]:submission username:password

For more detailed information, see Postfix SASL Howto.

Best Answer

Related Solutions

Postfix: forward all mail except local user ones

Postfix sending emails with delay

Related Topic