Server exploited by spammer, now blacklisted. Need help.

2 posts / 0 new
Last post
#1 Fri, 12/06/2013 - 12:34

Server exploited by spammer, now blacklisted. Need help.

The "web-guy" for one of our clients uploaded an unsecured copy of formmail.php into their public-facing website, and a spammer found it. Unfortunately, by the time we realized there was a problem, a boatload of spam went out from our server. Of course, now we're blacklisted in spamcop, and Yahoo and some others refuse to accept email from our IP.

Our ISP issued us a different IP address to use temporarily for sending email. I can't for the life of me get it to work.

Let's say our old address is AA.BB.CC.DD and the new address is AA.BB.CC.EE

Following instructions on this forum and elsewhere, I tried adding the following lines to Postfix's

inet_interfaces=all smtp_bind_address = AA.BB.CC.EE

Then, I stop and start Postfix. Unfortunately, from that point forward, everything gets stuck in the outbound queue. The log file contains entries that look like this:

Dec 6 10:03:57 mail postfix/smtp[yyyyy]: xxxxxxxxxx:, relay=[]:10024, delay=0.48, delays=0.48/0/0/0, dsn=4.4.2, status=deferred (lost connection with[] while receiving the initial server greeting)

We are running amavis, and without the smtp_bind_address in effect, the mail flows just fine (notwithstanding the RBL/blocked ip issue).

Can anyone help?

Fri, 12/06/2013 - 12:54

Turns out, the problem was not with Postfix but with the default Amavis config.

By adding to the 50-user file:

@inet_acl = qw( [::1] AA.BB.CC.EE );

And restarting amavis and postfix, now all is working.

Topic locked