This morning my server host reported that there were quiet a few spam being generated from one of my ip address, running virtualmin. http://whatismyipaddress.com/blacklist-check with ip 18.104.22.168
We have meanwhile removed atleast 3-4 reports and mitigated them. meanwhile there were lot of logs where SMTP attempt were being done to send spam, looks like postfix was able to manage them and reject. but apparently some of the spam have gone through for the ip address to be reported. i have meanwhile activated DKIM and Also have activated Email grey listing( default install and activated).
I am in most cases sure this was caused due to wordpress / php botnet attack or something. So pondering over,
Q1: i am wondering if there is a way to disable all email send functionality via phpmail? For example, most of the PHP application can easily send out email from the server .. even though virtualmin email feature has not been activated, i understand that. But i dont want to allow this to happen, if there is really a need, it should only be allowed to go via the virtualmin admin id, all other email outbounds should be rejected.
I am sure, this should be possible in postfix module of webmin.. but i need your support. Meanwhile i am going to pay some attention to fail2ban and may be create a seperate ticket for some support there.
I am sure, this will help others.. and rather has been discussed in the past. I want to ducument this for next time.