Somewhere is open and we can’t close it.
I have been using cyberpanel 2.0.1 spam email for 1 year.
There are spam submissions from the server that we could not block for 3 days.
Accessing home / vmail folder.
Trying to create and send domain folders that are not on the server.
I’m waiting for your urgent help.
use phpmailer and check all our websites. But we couldn’t find it clear.
we are waiting for your help.
my postfix configuration
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
inet_protocols = all
mydestination = localhost, localhost.localdomain
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix3-3.5.3/samples
readme_directory = /usr/share/doc/postfix3-3.5.3/README_FILES
myhostname = ******* my servername****
mynetworks = 127.0.0.0/8
message_size_limit = 52428800
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, permit_sasl_authenticated
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem
virtual_create_maildirsize = yes
virtual_maildir_extended = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
inet_interfaces = all
smtp_tls_security_level = may
smtpd_sender_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unknown_sender_domain
reject_unknown_reverse_client_hostname
reject_unknown_client_hostname
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
header_checks = regexp:/etc/postfix/header_checks
mailbox_size_limit = 1024000000
meta_directory = /etc/postfix
shlib_directory = /usr/lib/postfix
Jul 21 07:20:53 srv postfix/smtpd[15825]: connect from unknown[46.38.150.191]
Jul 21 07:20:54 srv postfix/smtps/smtpd[19854]: warning: hostname hosted-by.rootlayer.net does not resolve to address 185.222.57.216
Jul 21 07:20:54 srv postfix/smtps/smtpd[19854]: connect from unknown[185.222.57.216]
Jul 21 07:20:54 srv postfix/smtps/smtpd[19861]: warning: hostname hosted-by.rootlayer.net does not resolve to address 185.222.57.216
Jul 21 07:20:54 srv postfix/smtps/smtpd[19861]: connect from unknown[185.222.57.216]
Account: lscpd
Uptime: 240 seconds
Executable:
/usr/local/lscp/fcgi-bin/lsphp
Command Line (often faked in exploits):
lsphp:/usr/local/CyberCP/public/rainloop/index.php
Network connections by the process (if any):
tcp: 127.0.0.1:36054 → 127.0.0.1:143
Files open by the process (if any):
/dev/null
/dev/null
/dev/null
/tmp/.ZendSem.6VPDTb (deleted)
/dev/null
this comment normal ?