Prevent large queue in postfix


#1

Hello, one of my server was infected by a malware some days ago, and using php_mail the Trojan send thousands of mails from my mail-in-a-box server. Now services such gmail, outlook, icloud are blocking my domains emails, based in my IP.

I’ve attached a picture of my Munin monitoring:
Screenshot%20from%202018-03-06%2014-28-44

As you can see, this is not a normal behavior of the server. My question is:
How can i prevent large postfix queues? Do I have any other solution?

I don’t use my server for newsletter campaigns orother services that need long email queues, so I want to configure more secure sender rate limit to prevent this.

Thank you.


#2

I’d recommend wiping the server and rebuilding it from scratch if it was indeed the server and not a user that was infected.

After that, I would make sure you use passwords that are at least 16-20 characters in length. For SSH I HIGHLY recommend using Private/Public Key Authentication. Try to enforce users to do that same (not for SSH since users shouldn’t have access to SSH).

Good luck!


#3

The problem wasn’t in “mail server”. The infected server was a data server serving multiple webs. The Trojan uses this servers mailing system to make the mail queues. The infected server is clean now and rebuilded, but if a website becomes infected again, i want to limit send rate.


#4

MIAB doesn’t support rate limiting, however MIAB uses postfix.

In main.cf:

initial_destination_concurrency = 1
default_destination_concurrency_limit = 1
default_destination_rate_delay = 120
default_destination_recipient_limit = 2
default_process_limit = 1

Delays every senders emails for 2 minutes.

https://wiki.deimos.fr/Postfix:_limit_outgoing_mail_throttling also has some good information and examples.


#5

Oh good idea. This sounds like a very good safety precaution to have enabled by default. Thanks.


#6

Just remember - the configuration changes you make may break MIAB updates or be overwritten.