How to use fail2ban manager

AaaP_esales2000 · May 5, 2023

some hacker is sending emails from root@mydomain and root@locahost

May 5 15:46:28 vmi613070 postfix/qmgr[18763]: 4E8C6160062A: removed
May 5 15:46:28 vmi613070 postfix/local[18768]: C56E71601880: to=<root@localhost>, relay=local, delay=16772, delays=16772/0.52/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
May 5 15:46:28 vmi613070 postfix/qmgr[18763]: C56E71601880: removed
May 5 15:46:28 vmi613070 postfix/local[18765]: 0CBA3160072E: to=<root@localhost>, relay=local, delay=26749, delays=26748/0.52/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
May 5 15:46:28 vmi613070 postfix/qmgr[18763]: 0CBA3160072E: removed
May 5 15:46:28 vmi613070 postfix/local[18768]: 9DB4D160059E: to=<root@localhost>, relay=local, delay=9583, delays=9583/0.53/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
May 5 15:46:28 vmi613070 postfix/qmgr[18763]: 9DB4D160059E: removed
May 5 15:46:28 vmi613070 postfix/local[18767]: 3FCC816007A7: to=<root@localhost>, relay=local, delay=23291, delays=23290/0.53/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
May 5 15:46:28 vmi613070 postfix/qmgr[18763]: 3FCC816007A7: removed
May 5 15:46:28 vmi613070 postfix/local[18765]: C346B1600552: to=<root@localhost>, relay=local, delay=34139, delays=34139/0.54/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
May 5 15:46:28 vmi613070 postfix/qmgr[18763]: C346B1600552: removed
May 5 15:46:28 vmi613070 postfix/local[18768]: B9B1D16000EB: to=<root@localhost>, relay=local, delay=34140, delays=34139/0.54/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox)
May 5 15:46:28 vmi613070 postfix/qmgr[18763]: B9B1D16000EB: removed
May 5 15:46:28 vmi613070 postfix/local[18765]: 95BCF160149C: to=<root@localhost>, relay=local, delay=4029, delays=4029/0.55/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
May 5 15:46:28 vmi613070 postfix/qmgr[18763]: 95BCF160149C: removed
May 5 15:46:28 vmi613070 postfix/local[18767]: AFAAE1600113: to=<root@localhost>, relay=local, delay=28708, delays=28708/0.55/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox)
May 5 15:46:28 vmi613070 postfix/qmgr[18763]: AFAAE1600113: removed
May 5 15:46:29 vmi613070 postfix/local[18766]: B222B1601485: to=<root@localhost>, relay=local, delay=21982, delays=21981/0.03/0/0.91, dsn=2.0.0, status=sent (delivered to mailbox)
.....
May 5 15:46:28 vmi613070 postfix/master[18761]: daemon started -- version 3.4.7, configuration /etc/postfix
May 5 15:46:28 vmi613070 postfix/qmgr[18763]: warning: /etc/postfix/main.cf, line 707: overriding earlier entry: myhostname=mail.mydomain.com
May 5 15:46:28 vmi613070 postfix/pickup[18762]: warning: /etc/postfix/main.cf, line 707: overriding earlier entry: myhostname=mail.mydomain.com
May 5 15:46:28 vmi613070 postfix/qmgr[18763]: 8361616007ED: from=root@vmi613070.hostingdomain.com, size=493, nrcpt=1 (queue active)
May 5 15:46:28 vmi613070 postfix/trivial-rewrite[18764]: warning: /etc/postfix/main.cf, line 707: overriding earlier entry: myhostname=mail.mydomain.com

What is the best way to block it?

aaPanel_Kern · May 6, 2023

aaP_esales2000
In the Linux system, the root user can send emails by default. However, in order to enhance system security, you can restrict the root user from sending mail by configuring the mail server or changing the settings of the mail client.

Here are some ways you can restrict the root user from sending mail:

Configure mail server: You can configure mail server to prevent root user from sending mail. Specifically, you can create a mail filtering rule on the mail server to prevent the root user from sending mail. For example, in a Postfix mail server, you would add the following to the /etc/postfix/main.cf file:

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access

Then, add the following to the /etc/postfix/sender_access file:

root REJECT

This will change mailx's default sender address, preventing root from sending mail.

Change the email address of the root user: You can change the email address of the root user to prevent the root user from sending emails. For example, on an Ubuntu system, you can edit the /etc/aliases file and change root's email address to a non-real email address:

root: /dev/null

This will prevent the root user from sending mail.
Note that changing the configuration of the root user may affect the normal operation of the system. Therefore, make sure you know what you are doing and back up important data before changing your system configuration.

AaaP_esales2000 · May 6, 2023

When i use
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access

Im receiving an error while trying to send emails from the primary email account that Im using on my WordPress (info@mydomain.com).
when I remove the sender restrict option from the config file. then it's working again and I can send emails from info@mydomain.com.
i didn't check yet if this issue is with all email accounts.

Mailer: Other SMTP
SMTP Error: The following recipients failed: someemailaddress@gmail.com: : Sender address rejected: Server configuration error

aaPanel_Kern · May 6, 2023

Is it possible to send after cancellation?
It is recommended to check whether the sender email configuration of wordpress is misconfigured?
Also check whether the ssl of the mail server is configured correctly?
"mail.135mailtest.com" is replaced with your domain name
You can use this command to check whether the correct SSL is configured
openssl s_client -connect mail.135mailtest.com:587 -starttls smtp
or
openssl s_client -connect mail.135mailtest.com:465 -starttls smtp

If the display is not OK, please re-apply for SSL

aaP_esales2000

AaaP_esales2000 · May 6, 2023

aaPanel_Kern
Verify return code: 0 (ok)

The sender email is config correctly and the SSL is also ( using Chain SSL ).

Can I give you temporary access to the aaPanel?

aaPanel_Kern · May 8, 2023

It is recommended to check whether the sender email configuration of wordpress is misconfigured?

aaP_esales2000

AaaP_esales2000 · May 8, 2023

aaPanel_Kern
Can you give me a hint on what to look? because it's happening only when I try to reject sending emails from the root.

That is the error that I'm receiving

Versions:
WordPress: 6.0.3
WordPress MS: No
PHP: 7.4.33
WP Mail SMTP: 3.8.0

Params:
Mailer: smtp
Constants: Yes
ErrorInfo: SMTP Error: The following recipients failed: recipient@me.com: : Sender address rejected: Server configuration error
Host: mail.mydomain.com
Port: 465
SMTPSecure: ssl
SMTPAutoTLS: bool(true)
SMTPAuth: bool(true)

Server:
OpenSSL: OpenSSL 1.0.2u 20 Dec 2019

Debug:
Email Source: WP Mail SMTP Pro
Mailer: Other SMTP
PHPMailer was able to connect to SMTP server but failed while trying to send an email.
Email Source: WP Mail SMTP Pro
Mailer: Other SMTP
SMTP Error: The following recipients failed: recipient@me.com: : Sender address rejected: Server configuration error

SMTP Debug:
2023-05-08 05:33:55 Connection: opening to ssl://mail.mydomain.com:465, timeout=300, options=array()

2023-05-08 05:33:55 Connection: opened

2023-05-08 05:33:55 SERVER -> CLIENT: 220 mail.mydomain.com ESMTP Postfix (3.4.7)

2023-05-08 05:33:55 CLIENT -> SERVER: EHLO tikair.co.il

2023-05-08 05:33:55 SERVER -> CLIENT: 250-mail.mydomain.com250-PIPELINING250-SIZE 102400000250-VRFY250-ETRN250-AUTH PLAIN LOGIN250-ENHANCEDSTATUSCODES250-8BITMIME250-DSN250-SMTPUTF8250 CHUNKING

2023-05-08 05:33:55 CLIENT -> SERVER: AUTH LOGIN

2023-05-08 05:33:55 SERVER -> CLIENT: 334 VXNlcm5hbWU6

2023-05-08 05:33:55 CLIENT -> SERVER: [credentials hidden]

2023-05-08 05:33:55 SERVER -> CLIENT: 334 UGFzc3dvcmQ6

2023-05-08 05:33:55 CLIENT -> SERVER: [credentials hidden]

2023-05-08 05:33:55 SERVER -> CLIENT: 235 2.7.0 Authentication successful

2023-05-08 05:33:55 CLIENT -> SERVER: MAIL FROM:noreply@mydomain.com

2023-05-08 05:33:55 SERVER -> CLIENT: 250 2.1.0 Ok

2023-05-08 05:33:55 CLIENT -> SERVER: RCPT TO:recipient@me.com

2023-05-08 05:33:55 SERVER -> CLIENT: 451 4.3.5 noreply@mydomain.com: Sender address rejected: Server configuration error

2023-05-08 05:33:55 SMTP ERROR: RCPT TO command failed: 451 4.3.5 noreply@mydomain.com: Sender address rejected: Server configuration error

2023-05-08 05:33:55 CLIENT -> SERVER: QUIT

2023-05-08 05:33:55 SERVER -> CLIENT: 221 2.0.0 Bye

2023-05-08 05:33:55 Connection: closed

SMTP Error: The following recipients failed: recipient@me.com: noreply@mydomain.com: Sender address rejected: Server configuration error

AaaP_esales2000 · May 8, 2023

That my mail config

readme_directory = /usr/share/doc/postfix3-3.4.7/README_FILES
meta_directory = /etc/postfix
shlib_directory = /usr/lib/postfix
virtual_mailbox_domains = sqlite:/etc/postfix/sqlite_virtual_domains_maps.cf
virtual_alias_maps = sqlite:/etc/postfix/sqlite_virtual_alias_maps.cf, sqlite:/etc/postfix/sqlite_virtual_alias_domain_maps.cf, sqlite:/etc/postfix/sqlite_virtual_alias_domain_catchall_maps.cf
virtual_mailbox_maps = sqlite:/etc/postfix/sqlite_virtual_mailbox_maps.cf, sqlite:/etc/postfix/sqlite_virtual_alias_domain_mailbox_maps.cf
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_use_tls = yes
smtp_tls_security_level = may
smtpd_tls_security_level = may
virtual_transport = lmtp:unix:private/dovecot-lmtp
message_size_limit = 102400000
smtpd_milters = inet:127.0.0.1:11332
non_smtpd_milters = inet:127.0.0.1:11332
milter_protocol = 6
milter_default_action = accept
default_process_limit = 100
smtpd_client_connection_count_limit = 10
smtpd_client_connection_rate_limit = 30
queue_minfree = 20971520
header_size_limit = 51200
smtpd_recipient_limit = 400
#smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access

smtpd_tls_chain_files = /www/server/panel/plugin/mail_sys/cert/mydomain.com/privkey.pem,/www/server/panel/plugin/mail_sys/cert/mydomain.com/fullchain.pem
tls_server_sni_maps = hash:/etc/postfix/vmail_ssl.map

milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}

aaPanel_Kern · May 8, 2023

aaP_esales2000
Hello, is it normal for Send mail to use the relevant user to send mail in the mail server?
Is it normal to add a # comment to the configuration of milter_mail_macros and restart postfix?

AaaP_esales2000 · May 8, 2023

aaPanel_Kern
The email accounts that I'm using in WordPress is a General User ( info@mydomain.com and noreply@mydomain.com )

I comment milter_mail_macros...

I`m still getting the same error..

aaPanel_Kern · May 8, 2023

aaPanel_Kern Hello, is it normal for Send mail to use the relevant user to send mail in the mail server?

aaP_esales2000

AaaP_esales2000 · May 8, 2023

aaPanel_Kern
Yes, this user account ( info@mydomain.com ) is for WordPress ( contact forms and order confirmation and messaging )
The mail server is at the same server as the web server.

aaPanel_Kern · May 9, 2023

Hello, can you give us your aapanel information? The server first makes a snapshot backup, if possible, please send it to kern@aapanel.com.
It is recommended to fill in the following content
Post link:
SSH IP address, account password and port:
aapanel login link address and account password:
Website background login information:
Email account information:

If there is no post link, it will not be possible to know which user's information it is, and the problem will not be processed

aaP_esales2000

AaaP_esales2000 · May 9, 2023

aaPanel_Kern
I sent

aaPanel_Kern · May 9, 2023

test normal

AaaP_esales2000 · May 9, 2023

aaPanel_Kern
Its because
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access
is comment.
If you will uncomment smtp_sender_restrictions.. you will receive an error

aaPanel_Kern · May 10, 2023

then don't need it

aaP_esales2000

aaPanel_Kern · May 10, 2023

aaPanel_Kern In the Linux system, the root user can send emails by default. However, in order to enhance system security, you can restrict the root user from sending mail by configuring the mail server or changing the settings of the mail client.

Here are some ways you can restrict the root user from sending mail:

Configure mail server: You can configure mail server to prevent root user from sending mail. Specifically, you can create a mail filtering rule on the mail server to prevent the root user from sending mail. For example, in a Postfix mail server, you would add the following to the /etc/postfix/main.cf file:

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access

Then, add the following to the /etc/postfix/sender_access file:

root REJECT

This will change mailx's default sender address, preventing root from sending mail.

Change the email address of the root user: You can change the email address of the root user to prevent the root user from sending emails. For example, on an Ubuntu system, you can edit the /etc/aliases file and change root's email address to a non-real email address:

root: /dev/null

This will prevent the root user from sending mail.
Note that changing the configuration of the root user may affect the normal operation of the system. Therefore, make sure you know what you are doing and back up important data before changing your system configuration.

aaPanel_Kern Is it possible to send after cancellation?