Identifying the spam source on my Centos6.9 smtp sendmail server

linux email spam

Solution 1:

(Note: I determined your FQDN from the screenshots and browsed your web site)

The problem may be that you permit email sending via a form with no captcha or control:

Email form from web site

Your server claims the mail is sent:

Server output describing mail send

I could verify that email was sent to my server, but my server rejected it because you're on Spamhaus RBL:

# grep 1xx.1xx.1xx.2x mail.log
Jan 14 14:24:11 bifrost postfix/smtpd[249717]: NOQUEUE: reject: 
    RCPT from s1xx-1xx-1xx-2x.ax.hxxx.txxxx.net[1xx.1xx.1xx.2x]:  
    554 5.7.1 Service unavailable; Client host [1xx.1xx.1xx.2x] blocked using zen.spamhaus.org;  
    https://www.spamhaus.org/query/ip/1xx.1xx.1xx.2x;  
    from=<[email protected]>  
    to=<[email protected]>  
    proto=ESMTP helo=<wxxxxxx.cxxxxxx.wxxxxxx.ca>

Your next steps should be to protect all such forms on your web site with a real CAPTCHA - not just the name of the mayor, as another form on your site requires - and then see about getting de-listed from Spamhaus and any other RBL you've ended up on.

Related

Mail sent from AWS going to spam
Postfix email server not receiving email from external email
Setup 100+ forwarder email addresses
Port exposed from Docker image not mapped to Elastic Beanstalk host
Filename without extension in nginx SCRIPT_FILENAME
ssh into a server without a public IP from a server without a public IP that is hidden behind a server with public IP
Distributed Transaction Coordinator stops working properly after few hours
Splunk splitting multi-line log events by date
Rewriterule not working with Joomla urls due to question mark and other special characters, also due to long urls
Is there an advantage to using discreet ZFS datasets/filesystems in a single zpool?
Google Cloud billed me 1000$
Duplicated local account SIDs after Windows 10 upgrade