block incoming SMTP, while only allowing outbound connection
block incoming SMTP, while only allowing outbound connection
Dear All,
I have received mail from Digital Ocean as below
-----
Please review the following abuse complaint and provide us with a resolution:
******************************
Spam email source IP address = 104.131.30.90
Abuse contact for 104.131.0.0 - 104.131.255.255 is [email protected]
x-store-info:4r51+eLowCe79NzwdU2kR3P+ctWZsO+J
Authentication-Results: hotmail.com; spf=none (sender IP is 104.131.30.90) smtp.mailfrom=[email protected]; dkim=none header.d=tamcotec.com; x-hmca=none header.id=[email protected]
X-SID-PRA: [email protected]
X-AUTH-Result: NONE
X-SID-Result: NONE
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Message-Info: 11chDOWqoTngJmlahZDJ8F4dZhiGbzTBtK0A50QhKiAKvPlfsbx393f7JqcYRaoW/Ote5BSas8ChwOUJOGl8gRKZes+t0Y4RgPj2dR0rB+SsJXMQXIA1YI6Tb07ph7IHqN3YbvwW2LL1AdWxDdhwMquTTV2fuerjIbpmS+4YYPqjw+5pmCB7DUA9SEjx4uoXYAywlsrSQR1zwO+7CVJjWj96wk8a4txx
Received: from localhost ([104.131.30.90]) by BAY004-MC5F36.hotmail.com with Microsoft SMTPSVC(7.5.7601.22751);
Tue, 17 Mar 2015 08:50:55 -0700
Date: Tue, 17 Mar 2015 11:50:55 +0000
MIME-Version: 1.0
Subject: Empowered
To: <x>
Content-Type: text/html; charset=UTF-8
Message-ID: <[email protected]>
Content-Transfer-Encoding: 7bit
From: Chuck <[email protected]>
Return-Path: [email protected]
X-OriginalArrivalTime: 17 Mar 2015 15:50:55.0475 (UTC) FILETIME=[276B5430:01D060CA]
<html>
<head>
<title>All the pieces were already in their spots</title>
</head> <body>
iPurchase
Exclusive eTabz Online
:) <div><a href="http://joystiqdeals.ru">http://joystiqdeals.ru</a></div>
<div> Breaking my defense he quickly strikes me that will teach her a lesson </div>
<div>
His wrapper of scarlet flannel if i can stop one heart from breaking
</div> </body>
</html>
******************************
Please note that generating multiple abuse complaints in a short period of time may lead to your account being suspended.
-----
and they need me to check your mailq and ensuring that your mail server is properly permitted to only permit sending from your local server. You may also wish to block incoming SMTP, while only allowing outbound connections.
My question is how to check SMTP config ? I try to see in panel but still can't see that detail.
I hope you can help for this.
Best regards,
Max
I have received mail from Digital Ocean as below
-----
Please review the following abuse complaint and provide us with a resolution:
******************************
Spam email source IP address = 104.131.30.90
Abuse contact for 104.131.0.0 - 104.131.255.255 is [email protected]
x-store-info:4r51+eLowCe79NzwdU2kR3P+ctWZsO+J
Authentication-Results: hotmail.com; spf=none (sender IP is 104.131.30.90) smtp.mailfrom=[email protected]; dkim=none header.d=tamcotec.com; x-hmca=none header.id=[email protected]
X-SID-PRA: [email protected]
X-AUTH-Result: NONE
X-SID-Result: NONE
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Message-Info: 11chDOWqoTngJmlahZDJ8F4dZhiGbzTBtK0A50QhKiAKvPlfsbx393f7JqcYRaoW/Ote5BSas8ChwOUJOGl8gRKZes+t0Y4RgPj2dR0rB+SsJXMQXIA1YI6Tb07ph7IHqN3YbvwW2LL1AdWxDdhwMquTTV2fuerjIbpmS+4YYPqjw+5pmCB7DUA9SEjx4uoXYAywlsrSQR1zwO+7CVJjWj96wk8a4txx
Received: from localhost ([104.131.30.90]) by BAY004-MC5F36.hotmail.com with Microsoft SMTPSVC(7.5.7601.22751);
Tue, 17 Mar 2015 08:50:55 -0700
Date: Tue, 17 Mar 2015 11:50:55 +0000
MIME-Version: 1.0
Subject: Empowered
To: <x>
Content-Type: text/html; charset=UTF-8
Message-ID: <[email protected]>
Content-Transfer-Encoding: 7bit
From: Chuck <[email protected]>
Return-Path: [email protected]
X-OriginalArrivalTime: 17 Mar 2015 15:50:55.0475 (UTC) FILETIME=[276B5430:01D060CA]
<html>
<head>
<title>All the pieces were already in their spots</title>
</head> <body>
iPurchase
Exclusive eTabz Online
:) <div><a href="http://joystiqdeals.ru">http://joystiqdeals.ru</a></div>
<div> Breaking my defense he quickly strikes me that will teach her a lesson </div>
<div>
His wrapper of scarlet flannel if i can stop one heart from breaking
</div> </body>
</html>
******************************
Please note that generating multiple abuse complaints in a short period of time may lead to your account being suspended.
-----
and they need me to check your mailq and ensuring that your mail server is properly permitted to only permit sending from your local server. You may also wish to block incoming SMTP, while only allowing outbound connections.
My question is how to check SMTP config ? I try to see in panel but still can't see that detail.
I hope you can help for this.
Best regards,
Max
Re: block incoming SMTP, while only allowing outbound connec
Max, if you want to check config, then you need to see in /etc/exim4/exim4.conf.template (in Debian/Ubuntu)30874 wrote:My question is how to check SMTP config ? I try to see in panel but still can't see that detail.
You can see your mail queue in shell with command -> mailq
Then I think, you may be need check your sites - update scripts and search malware scripts.
Re: block incoming SMTP, while only allowing outbound connec
-----skurudo wrote:Max, if you want to check config, then you need to see in /etc/exim4/exim4.conf.template (in Debian/Ubuntu)30874 wrote:My question is how to check SMTP config ? I try to see in panel but still can't see that detail.
You can see your mail queue in shell with command -> mailq
Then I think, you may be need check your sites - update scripts and search malware scripts.
The message from mailq command.
--
postqueue: warning: Mail system is down -- accessing queue directly mail queue is emply.
--
What's should I do next.
Re: block incoming SMTP, while only allowing outbound connec
----skurudo wrote:Max, if you want to check config, then you need to see in /etc/exim4/exim4.conf.template (in Debian/Ubuntu)30874 wrote:My question is how to check SMTP config ? I try to see in panel but still can't see that detail.
You can see your mail queue in shell with command -> mailq
Then I think, you may be need check your sites - update scripts and search malware scripts.
Dear Vestacp.
I don't have exim4 within etc folder . I have only /etc/exim/exim.conf . What's wrong with this ?
Best regards,
Re: block incoming SMTP, while only allowing outbound connec
I have checked the log in var/log/exim/main.log .There are strange email that I haven't create that in Vestacp .
Those email sent out incorrect service as below detail.
-----
2015-03-19 00:36:02 1YYSBe-000161-4w <= [email protected] H=mout.perfora.net [74.208.4.196] P=esmtp S=19808 id=[email protected] <----------------------------It's mine>
2015-03-19 00:36:02 1YYSBe-000161-4w => 1baby <[email protected]> R=localuser T=local_delivery
2015-03-19 00:36:02 1YYSBe-000161-4w Completed -<--------Remark my server sent it.
2015-03-19 00:43:16 Start queue run: pid=4644
2015-03-19 00:43:18 1YXnVu-0000mu-Nt Message is frozen
2015-03-19 00:43:18 1YY9zR-0005C7-Mf Message is frozen
2015-03-19 00:43:18 1YY9zX-0005Gk-5c Message is frozen
2015-03-19 00:43:18 1YXnVz-0000rP-Sx Message is frozen
2015-03-19 00:43:18 End queue run: pid=4644
2015-03-19 00:45:13 1YYSKX-0001Gg-Av <= [email protected] H=mx0.innovanet.co.nz [67.23.24.250] P=esmtp S=62560 id=[email protected] <----------------------------It's mine>
2015-03-19 00:45:13 1YYSKX-0001Gg-Av => 1baby <[email protected]> R=localuser T=local_delivery
2015-03-19 00:45:13 1YYSKX-0001Gg-Av Completed -<--------Remark my server sent it.
2015-03-19 01:00:13 1YYSZ3-0001ZH-Eb <= [email protected] H=yjh.hostposter.com [69.65.41.83] P=esmtps X=UNKNOWN:AES256-GCM-SHA384:256 S=2524 id=[email protected] <----------------------------It's mine>
2015-03-19 01:00:13 1YYSZ3-0001ZH-Eb => 1baby <[email protected]> R=localuser T=local_delivery
2015-03-19 01:00:13 1YYSZ3-0001ZH-Eb Completed -<--------Remark my server sent it.
---
How can I block incoming SMTP, while only allowing outbound connections.
Best regards,
Max
Those email sent out incorrect service as below detail.
-----
2015-03-19 00:36:02 1YYSBe-000161-4w <= [email protected] H=mout.perfora.net [74.208.4.196] P=esmtp S=19808 id=[email protected] <----------------------------It's mine>
2015-03-19 00:36:02 1YYSBe-000161-4w => 1baby <[email protected]> R=localuser T=local_delivery
2015-03-19 00:36:02 1YYSBe-000161-4w Completed -<--------Remark my server sent it.
2015-03-19 00:43:16 Start queue run: pid=4644
2015-03-19 00:43:18 1YXnVu-0000mu-Nt Message is frozen
2015-03-19 00:43:18 1YY9zR-0005C7-Mf Message is frozen
2015-03-19 00:43:18 1YY9zX-0005Gk-5c Message is frozen
2015-03-19 00:43:18 1YXnVz-0000rP-Sx Message is frozen
2015-03-19 00:43:18 End queue run: pid=4644
2015-03-19 00:45:13 1YYSKX-0001Gg-Av <= [email protected] H=mx0.innovanet.co.nz [67.23.24.250] P=esmtp S=62560 id=[email protected] <----------------------------It's mine>
2015-03-19 00:45:13 1YYSKX-0001Gg-Av => 1baby <[email protected]> R=localuser T=local_delivery
2015-03-19 00:45:13 1YYSKX-0001Gg-Av Completed -<--------Remark my server sent it.
2015-03-19 01:00:13 1YYSZ3-0001ZH-Eb <= [email protected] H=yjh.hostposter.com [69.65.41.83] P=esmtps X=UNKNOWN:AES256-GCM-SHA384:256 S=2524 id=[email protected] <----------------------------It's mine>
2015-03-19 01:00:13 1YYSZ3-0001ZH-Eb => 1baby <[email protected]> R=localuser T=local_delivery
2015-03-19 01:00:13 1YYSZ3-0001ZH-Eb Completed -<--------Remark my server sent it.
---
How can I block incoming SMTP, while only allowing outbound connections.
Best regards,
Max
Re: block incoming SMTP, while only allowing outbound connec
Nothing wrong, in differnt OS folders have a bit different location and you have CentOS, I think.30874 wrote: I don't have exim4 within etc folder . I have only /etc/exim/exim.conf . What's wrong with this ?
Re: block incoming SMTP, while only allowing outbound connec
SMTP for outcomming mail, IMAP/POP3 for incomming.30874 wrote: How can I block incoming SMTP, while only allowing outbound connections.
Check firewall and block.
Max, where mail not from your server?
Code: Select all
postqueue: warning: Mail system is down -- accessing queue directly mail queue is emply.Can you show output?mailq --help
Re: block incoming SMTP, while only allowing outbound connec
skurudo wrote:SMTP for outcomming mail, IMAP/POP3 for incomming.30874 wrote: How can I block incoming SMTP, while only allowing outbound connections.
Check firewall and block.
Max, where mail not from your server?
Do you really use exim or it's postfix??Code: Select all
postqueue: warning: Mail system is down -- accessing queue directly mail queue is emply.
Can you show output?mailq --help
Result is
mailq: invalid option -- '-'
mailq: invalid option -- '-'
mailq: fatal: usage: mailq [options]
or
mailq -help
postqueue: warning: Mail system is down -- accessing queue directly
Mail queue is empty
Please suggestion.
Re: block incoming SMTP, while only allowing outbound connec
Admin from Digital Ocean suggest about this and I can't find the way to find where it come from.
---
Hello
It's quite possible that your droplet was compromised and then used maliciously by a third party to conduct mailing operations.
It would be up to you and your system administrator to determine the source of the compromise and fix it.
Let us know if you have any other questions or feedback
Best Regards
DigitalOcean Support
---
Please help for this.
Best regards,
Max
---
Hello
It's quite possible that your droplet was compromised and then used maliciously by a third party to conduct mailing operations.
It would be up to you and your system administrator to determine the source of the compromise and fix it.
Let us know if you have any other questions or feedback
Best Regards
DigitalOcean Support
---
Please help for this.
Best regards,
Max
Re: block incoming SMTP, while only allowing outbound connec
It's possible. Check your exim - service exim stop - and then - service exim start
And change passwords for root and admin users
And change passwords for root and admin users