On Thu, June 14, 2012 13:03, Giuseppe Perna wrote: > I allow relaying only to the hosts declared in main.cf file and users > are in the file / etc / passwd. postmaster is the user in this file. I > can confidently change the password or disable the user postmaster? > I'm not going to cause damage to the Postfix configuration? thanks
Before going into this at great length, are you sure that your server is in fact originating spam? The log messages you show seem to me similar to the kind ones sees when a mailserver is trying to send a non-delivery notification to a spurious address related to an incoming spam message. What does your mailq show? Assuming that there is a real problem then you need consider that usually the postmaster address is an email alias to a differently named real user address. There is no postmaster account required to run or administer Postfix but, that does not preclude some other software from requiring such a user id. I can only speculate given the information provided but, as it is apparently a valid user id on your setup, postmaster was probably created simply to have an account for the imap delivery address. That can and should be changed. If you look at /etc/aliases you should see something like this: # # Aliases in this file will NOT be expanded in the header from # Mail, but WILL be visible over networks or from /bin/mail. # # >>>>>>>>>> The program "newaliases" must be run after # >> NOTE >> this file is updated for any changes to # >>>>>>>>>> show through to sendmail. # # Basic system aliases -- these MUST be present. mailer-daemon: postmaster postmaster: root . . . root: some_real_local_mail_delivery_address If things are not as shown, then someone has modified it. If these aliases are present as shown and no other software requires a postmaster user then disabling the postmaster user in /etc/passwd, or even removing it altogether, should pose no difficulties. However, if someone has done this to /etc/aliases: mailer-daemon: postmaster # postmaster: root #<= or removed this line altogether so that there is no alias for postmaster then you need the local postmaster account because that is where the smtp administrative mail goes. If you disable that account then no one will be able to read the postmasters mail and if the account is removed then the imap service may reject incoming messages. If you want to get rid of the postmaster userid then you first need create an alias for postmaster that points to a different account and mailbox. Your Postfix configuration is not causing this problem as far as I can tell. If there is in fact a compromise then the 'door' as you put it is most likely your webmail login page. If webmail is running on the same host as Postfix, as appears the case, Postfix is going to relay all its submissions as they are locally generated messages. If you somehow stop that from happening then your webmail service will not function either. If you do have a compromised user account then your first problem remains securing that userid from unauthorized access. That means the account either must be removed or its password changed to something far more resistant to attack than was previously provided. Your second problem is securing yourself against a repeat of this experience. For that you need insure that every user id that neither requires a session logon nor an IMAP mailbox has its login disabled. Next, you need insure that every remaining userid has a strong password. Finally, you should put some sort of captcha or lockout feature on any public facing web login page. That will greatly reduce the attractiveness of your site to brute force login attempts. HTH -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
