POSTFIX / Grey List not working [closed]

I had spam attack on my website. some one using my email to send spam email to everyone.

So now i plan to find a way to stop it.

I see people rejecting mails by regex. But i have tons and tons of different emails (50,000 users).

I want to see if there is email in database then I allow it to go. Otherwise quarantine. Do not want them stuck in mailqueue.

I have this greylist.pl:

#main.cf 
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service unix:/private/greylist

#master.cf
greylist unix - n n - - spawn user=nobody argv=/usr/bin/perl  /tmp/mailrejct.

But when I use it I get these errors in maillog:

Dec 25 09:24:58 intelligent-mahavira postfix/spawn[107258]: warning: command /usr/bin/perl exit status 2
Dec 25 09:24:58 intelligent-mahavira postfix/smtpd[107253]: warning: premature end-of-input on /private/greylist while reading input attribute name
Dec 25 09:24:59 intelligent-mahavira postfix/spawn[107258]: warning: command /usr/bin/perl exit status 2
Dec 25 09:24:59 intelligent-mahavira postfix/smtpd[107253]: warning: premature end-of-input on /private/greylist while reading input attribute name
Dec 25 09:24:59 intelligent-mahavira postfix/smtpd[107253]: warning: problem talking to server /private/greylist: Connection reset by peer

I replaced smtpd_access_policy with mine. That is one difference. Anyone expert in this.

Who is sending attrib values? Postfix? how did it get passed?

NOT SOLVED. This is only for recieving email. Only for Incoming spam.

For outgoing email there is only Pattern checks.

1 #!/bin/sh
 2 
 3 # Simple shell-based filter. It is meant to be invoked as follows:
 4 #       /path/to/script -f sender recipients...
 5 
 6 # Localize these. The -G option does nothing before Postfix 2.3.
 7 INSPECT_DIR=/var/spool/filter
 8 SENDMAIL="/usr/sbin/sendmail -G -i" # NEVER NEVER NEVER use "-t" here.
 9 
10 # Exit codes from <sysexits.h>
11 EX_TEMPFAIL=75
12 EX_UNAVAILABLE=69
13 
14 # Clean up when done or when aborting.
15 trap "rm -f in.$$" 0 1 2 3 15
16 
17 # Start processing.
18 cd $INSPECT_DIR || {
19     echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }
20 
21 cat >in.$$ || { 
22     echo Cannot save mail to file; exit $EX_TEMPFAIL; }
23 
24 # Specify your content filter here.
25 # filter <in.$$ || {
26 #   echo Message content rejected; exit $EX_UNAVAILABLE; }
27 
28 $SENDMAIL "$@" <in.$$
29 
30 exit $?



Can the above converted to php code? I am wondering if i sendmail from php it gona come back to same place?

exec("/usr/sbin/sendmail $email < /etc/postfix/myfilter/email.txt");

i need to put the email stuff into email.txt. WHen i put whole test it messup emails with details and stuff which shows all content and headers

I need to clean up

From [email protected]  Sun Dec 26 12:31:47 2021
Received: from webmail.test.com (localhost.localdomain [IPv6:::1])
        by intelligent-mahavira.51-163-215-224.plesk.page (Postfix) with ESMTPSA id B9CFD82DA1
        for <[email protected]>; Sun, 26 Dec 2021 12:31:47 +0000 (UTC)
Authentication-Results: intelligent-mahavira.51-163-215-224.plesk.page;
        spf=pass (sender IP is ::1) [email protected] smtp.helo=webmail.test.com
Received-SPF: pass (intelligent-mahavira.51-163-215-224.plesk.page: connection is authenticated)
MIME-Version: 1.0
Date: Sun, 26 Dec 2021 04:31:47 -0800
From: [email protected]
To: alex3 <[email protected]>
Subject: testing filter2
User-Agent: Roundcube Webmail/1.4.11
Message-ID: <[email protected]>
X-Sender: [email protected]
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
X-PPP-Message-ID: <164052190789.24073.12166249882816501264@intelligent-mahavira.51-163-215-224.plesk.page>
X-PPP-Vhost: test.com

sss


i saw this somehwere in google , will try tomorrow by using regex to filter out subject from content-type and body.

    To: [email protected]
    Subject: This is an HTML message
    From: [email protected]
    Content-Type: text/html; charset="utf8"

    <html>
    <body>
    <div style="
        background-color: 
        #abcdef; width: 300px; 
        height: 300px;
        ">
    </div>
    You can add any valid email HTML here.
    </body>
    </html>
  1. Greylisting - we can give access feedback in the form of "dunno" , "reject optional text".
  2. Simple filter no feedback. Filter has to handle sending email. Not clear how it is done. I basically capture all the STDIN and send it as email but it has all headers. Do not know how attachment handled. Need to see what it shows when i send attachment.
  3. Advanced filtering looks confusing. I see plex email security implements that. when i added it it added this to main.cf and master.cf

smtp      inet  n       -       n       -       -       smtpd
  -o content_filter = smtp-amavis:[127.0.0.1]:10024


localhost:10025 inet n  -       n       -       -       smtpd
  -o content_filter=
  -o local_recipient_maps=
  -o relay_recipient_maps=
  -o smtpd_delay_reject=no
  -o smtpd_authorized_xforward_hosts=127.0.0.0/8,[::1]/128
  -o smtpd_authorized_xclient_hosts=127.0.0.0/8,[::1]/128
  -o smtpd_client_restrictions=permit_mynetworks,reject
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o smtpd_data_restrictions=reject_unauth_pipelining
  -o smtpd_end_of_data_restrictions=
  -o smtpd_restriction_classes=
  -o mynetworks=127.0.0.0/8,[::1]/128
  -o smtpd_error_sleep_time=0
  -o smtpd_soft_error_limit=1001
  -o smtpd_hard_error_limit=1000
  -o smtpd_client_connection_count_limit=0
  -o smtpd_client_connection_rate_limit=0
  -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
  -o local_header_rewrite_clients=
submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o content_filter=smtp-amavis:[127.0.0.1]:10026
pickup    unix  n       -       n       60      1       pickup
  -o content_filter=smtp-amavis:[127.0.0.1]:10026

This is the email saved in data.txt and send it manually if it matches recipient email in the system

Received: from webmail.test.com (localhost.localdomain [IPv6:::1])
        by intelligent-mahavira.serverip.plesk.page (Postfix) with ESMTPSA id C7E7282E1B;
        Tue, 28 Dec 2021 00:36:31 +0000 (UTC)
Authentication-Results: intelligent-mahavira.serverip.plesk.page;
        spf=pass (sender IP is ::1) [email protected] smtp.helo=webmail.test.com
Received-SPF: pass (intelligent-mahavira.serverip.plesk.page: connection is authenticated)
MIME-Version: 1.0
Date: Mon, 27 Dec 2021 16:36:31 -0800
From: [email protected]
To: alex2 <[email protected]>, alex3 <[email protected]>,
 [email protected]
Subject: Attachment test
User-Agent: Roundcube Webmail/1.4.11
Message-ID: <[email protected]>
X-Sender: [email protected]
Content-Type: multipart/mixed;
 boundary="=_5745fc7d762d12dda4165a3e0be576fc"
X-PPP-Message-ID: <164065179196.8458.1248882909976426707@intelligent-mahavira.serverip.plesk.page>
X-PPP-Vhost: test.com

--=_5745fc7d762d12dda4165a3e0be576fc
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII;
 format=flowed

Attachment succes?
--=_5745fc7d762d12dda4165a3e0be576fc
Content-Transfer-Encoding: base64
Content-Type: image/jpeg;
 name=536_PIA23645_PaleBlueDotRevisited_1600.jpg
Content-Disposition: attachment;
 filename=536_PIA23645_PaleBlueDotRevisited_1600.jpg;
 size=74009

/9j/4QAYRXhpZgAASUkqAAgAAAAAAAAAAAAAAP/sABFEdWNreQABAAQAAAA8AAD/4QMcaHR0cDov

Issue is there is no subject in the email. its hidden inside headers. Ugly.

result

  1. Incoming from email say gmail ..i have clean bounce test The response from the remote server was: 554 5.7.1 [email protected]: Recipient address rejected: Email is only allowed between USERS. Email Reciepient= [email protected] Uses Policy method

  2. Outgoing email i am sending email for valid users and reject /quarantine the other one.. i dont get bounce image. i need to have same text for outgoing email Uses simple content filter


Solution 1:

Postfix supports policy services. It is possible to implement what you are asking for by designing a policy service. Also there might be other ways; this way is just first thing that came on my mind. The example at the end of that page has almost all what you need.

However, this is dead end. Instead of properly designing and securing a web application and a server, you allow malicious party in and then try to avoid inevitable consequences. Did you figured out how they did that through your web application? Have you fixed that hole? This should be your first priority.

Aside from that, general suggestions:

  1. Your web application shouldn't send mail at third party's will. It must only send it when you are certain email should be sent.
  2. The web application should always authenticate to the mail server. It is very wrong if you rely on mail() function of something like this. There are several PHP libraries which know how to do ESMTP authentication, use one them.
  3. Your mail server should restrict which sender address your site can use. And, it may also restrict the mail flow, by setting some limits (per hour, per day, etc.); there are ways to do this.
  4. The mail server could check the mail for spam before delivering. This way you'll let less spam out.