| Linode Forum https://forum.linode.com/ |
|
| Exploited Postfix https://forum.linode.com/viewtopic.php?f=11&t=8567 |
Page 1 of 1 |
| Author: | gazelle2010 [ Tue Mar 13, 2012 10:20 am ] |
| Post subject: | Exploited Postfix |
Hi All, I have been notified about "Phishing Emails" being sent out of my Linode 2 days ago. After investigating logs and traffic, it turned out that my installation of Postfix is exploited. This means that at the moment I start Postfix, it starts sending out spam emails. The traffic, I/O rate, and CPU usage increase dramatically upon starting Postfix. And after stopping postfix, everything goes back to normal immediately. Could you please help me fix this issue with Postfix? Regards, Ali |
|
| Author: | sweh [ Tue Mar 13, 2012 1:54 pm ] |
| Post subject: | |
Postfix is unlikely to be exploited. What you're more likely to be seeing are the messages in the queue. When you restart postfix it starts to send the queued messages. You need to run "postsuper -d ALL" to delete all messages in the queue. But you need to find out _what_ part of your server was exploited to generate the messages. Just flushing the queue won't fix that problem. It's probably a web page, somewhere. |
|
| Author: | obs [ Tue Mar 13, 2012 3:02 pm ] |
| Post subject: | |
Also check your installation against http://www.abuse.net/relay.html |
|
| Author: | gazelle2010 [ Tue Mar 13, 2012 3:25 pm ] |
| Post subject: | |
sweh wrote: Postfix is unlikely to be exploited. What you're more likely to be seeing are the messages in the queue. When you restart postfix it starts to send the queued messages. You need to run "postsuper -d ALL" to delete all messages in the queue.
But you need to find out _what_ part of your server was exploited to generate the messages. Just flushing the queue won't fix that problem. It's probably a web page, somewhere. Thanks. "postsuper -d ALL" did the job. But I still need to find the source, so that it won't happen again... |
|
| Author: | hybinet [ Tue Mar 13, 2012 7:40 pm ] |
| Post subject: | |
Any websites running outdated versions of popular CMS's, or a contact form? |
|
| Author: | gazelle2010 [ Wed Mar 14, 2012 12:54 am ] |
| Post subject: | |
hybinet wrote: Any websites running outdated versions of popular CMS's, or a contact form?
There is a website created using django that has a contact form. I should probably check http requests to/from the contact page. |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|