Hello,
I know this is not exactly Virtualmin or webmin problem but i`m running virtualmin platform and i do not know where to ask so i hope is not a problem to ask for help here and i hope i will get some response and answers.
Someone or something is using postfix on my Virtualmin VPS for sending spam i get warnings from my provider and i have bean contacted from several companies who fight agents spaming when i check top or htop i see many postfix processes but i`m not sure how to locate what or who and how they are send. So my question is how to locate this ?!
Thanks in advanced for any help!
Howdy,
My guess is that one of two things is happening --
A user on your server may have had their password compromised, and a spammer may be using their account to send spam
A spammer may be using a vulnerability in a web application running on your server to send spam
In my experience, #2 is much more common... but is the harder to resolve :-) I'd highly recommend reviewing what web applications are running on your server, and making sure they're all fully up to date.
Also, to get view/delete the spam currently in your mail queue -- if you go to Webmin -> Postfix -> Mail Queue, you can see what's in there. You can often use the headers of those emails to determine who or what is generating them.
Once you determine the cause, I'd recommend deleting all the spam in the queue.
-Eric