Re: my mailserver has been blacklisted

[Ivan Ricotti]

Hello,

Charles Marcus wrote:
> On 3/26/2009, Ivan Ricotti (i.rico...@elabor.homelinux.org) wrote:
>> Here it is my main.cf:
> No. Please follow the instructions provided in the welcome message.

you're right. I beg you pardon.

> At a minimum, we need output of postconf -n (NOT copy/paste from 
> main.cf), 

here it is the "postconf -n":

athene:~# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
inet_interfaces = all
inet_protocols = all
local_recipient_maps = $virtual_mailbox_maps
local_transport = virtual
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = localhost.localdomain, localhost
myhostname = elabor.homelinux.org
mynetworks = 127.0.0.0/8, 10.0.0.0/8
myorigin = /etc/mailname
owner_request_special = no
recipient_delimiter = +
relay_domains = proxy:mysql:/etc/postfix/mysql/relay-domains.cf
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = reject_non_fqdn_sender,                  
        reject_non_fqdn_recipient,
        permit_mynetworks,
        check_sender_access hash:/etc/postfix/backscatter,
        reject_unauth_destination,
        reject_rbl_client zen.spamhaus.org,
        reject_rbl_client bl.spamcop.net,
        reject_invalid_hostname,
        reject_unauth_pipelining,
        permit
smtpd_tls_cert_file = /etc/ssl/certs/email.pem
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps =
proxy:mysql:/etc/postfix/mysql/virtual-alias-maps.cf,
hash:/var/lib/mailman/data/virtual-mailman
virtual_gid_maps = static:117
virtual_mailbox_base = /var/mail/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual-domains.cf
virtual_mailbox_maps =
proxy:mysql:/etc/postfix/mysql/virtual-mailbox-maps.cf
virtual_uid_maps = static:116


> and complete logs showing the spam going out...
>
> the less obfuscation you perform, the easier it will be to help
> you...
>

Regarding my log, here some suspicious snippets:


Mar 26 13:14:08 athene postfix/smtpd[690]: connect from
spike.porcupine.org[168.100.189.2]
Mar 26 13:14:09 athene postfix/smtpd[690]: 528B8E72ED:
client=spike.porcupine.org[168.100.189.2]
Mar 26 13:14:09 athene postfix/cleanup[707]: 528B8E72ED:
message-id=<20090326121407.83fe71f3...@spike.porcupine.org>
Mar 26 13:14:17 athene postfix/smtpd[644]: connect from
saturno.elabor.net[10.0.0.101]
Mar 26 13:14:18 athene postfix/smtpd[644]: 306D4E72F0:
client=saturno.elabor.net[10.0.0.101]
Mar 26 13:14:18 athene postfix/cleanup[727]: 306D4E72F0:
message-id=<49cb719a.3040...@elabor.homelinux.org>
Mar 26 13:14:18 athene postfix/qmgr[32103]: 306D4E72F0:
from=<i.rico...@elabor.homelinux.org>, size=1467, nrcpt=1 (queue active)
Mar 26 13:14:18 athene postfix/smtpd[644]: disconnect from
saturno.elabor.net[10.0.0.101]
Mar 26 13:14:18 athene postfix/qmgr[32103]: 528B8E72ED: from=<>,
size=124831, nrcpt=1 (queue active)
Mar 26 13:14:18 athene postfix/smtpd[690]: disconnect from
spike.porcupine.org[168.100.189.2]

Mar 26 13:14:39 athene postfix/smtpd[712]: BF758E72F0:
client=localhost.localdomain[127.0.0.1]
Mar 26 13:14:39 athene postfix/cleanup[707]: BF758E72F0:
message-id=<20090326121407.83fe71f3...@spike.porcupine.org>
Mar 26 13:14:39 athene postfix/qmgr[32103]: BF758E72F0: from=<>,
size=125529, nrcpt=1 (queue active)
Mar 26 13:14:39 athene amavis[724]: (00724-01) Passed CLEAN,
[168.100.189.2] [168.100.189.2] <> -> <i...@elabor.homelinux.org>,
Message-ID: <20090326121407.83fe71f3...@spike.porcupine.org>, mail_id:
1RXq4MpRaPwR, Hits: -8.598, size: 124831, queued_as: BF758E72F0, 21018 ms
Mar 26 13:14:39 athene postfix/smtp[713]: 528B8E72ED:
to=<i...@elabor.homelinux.org>,
orig_to=<i.rico...@elabor.homelinux.org>,
relay=127.0.0.1[127.0.0.1]:10024, delay=31, delays=9.8/0/0.02/21,
dsn=2.0.0, status=sent (250 2.0.0 Ok, id=00724-01, from
MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as BF758E72F0)
Mar 26 13:14:39 athene postfix/qmgr[32103]: 528B8E72ED: removed
Mar 26 13:14:39 athene postfix/virtual[714]: BF758E72F0:
to=<i...@elabor.homelinux.org>, relay=virtual, delay=0.21,
delays=0.14/0/0/0.07, dsn=2.0.0, status=sent (delivered to maildir)
Mar 26 13:14:39 athene postfix/qmgr[32103]: BF758E72F0: removed

Many thanks,
Ivan

-- 
Ivan Ricotti                            
-------------------------------------------     
eLabor sc - via G. Garibaldi 33, 56127 Pisa
tel: +39 050970363 web: http://www.elabor.biz
email: i...@elabor.homelinux.org
GnuPG KeyID: DFD581C5 - 13/11/2003