Hi All,

I have been notified about "Phishing Emails" being sent out of my Linode 2 days ago. After investigating logs and traffic, it turned out that my installation of Postfix is exploited.

This means that at the moment I start Postfix, it starts sending out spam emails. The traffic, I/O rate, and CPU usage increase dramatically upon starting Postfix.

And after stopping postfix, everything goes back to normal immediately.

Could you please help me fix this issue with Postfix?


Regards,
Ali

Postfix is unlikely to be exploited. What you're more likely to be seeing are the messages in the queue. When you restart postfix it starts to send the queued messages. You need to run "postsuper -d ALL" to delete all messages in the queue.

But you need to find out _what_ part of your server was exploited to generate the messages. Just flushing the queue won't fix that problem. It's probably a web page, somewhere.

_________________
Rgds
Stephen
(Linux user since kernel version 0.11)

Also check your installation against http://www.abuse.net/relay.html

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

Thanks. "postsuper -d ALL" did the job. But I still need to find the source, so that it won't happen again...

Any websites running outdated versions of popular CMS's, or a contact form?

There is a website created using django that has a contact form. I should probably check http requests to/from the contact page.