nvc11190
By:
nvc11190

My droplet is compromised and sending out spam.

May 6, 2015 1.3k views
Firewall Security LEMP

I have received message from Admin:

We've detected the following spam being sent from your Droplet:

[128.199.64.226]

Received: from [128.199.64.226] by <removed> via sendmail with smtp;
for 1 recipient; Fri, 01 May 2015 20:57:42 -0000
Received: from vacinu (unknown [201.144.141.19])
by mail.hnhousing.com (Postfix) with ESMTPA id BCFCD139F00;
Fri, 1 May 2015 16:51:07 -0400 (EDT)
Message-ID: <removed>
From: Info info@hnhousing.com
To: <removed>
Subject: Fffd hi!
Date: Fri, 1 May 2015 12:37:10 -0700
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="utf-8";
reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 14.0.8089.726
X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8089.726

As a result, we've temporarily blocked mail traffic.

I'm a newbie. I don't know why. After that, I have been set up ssh key, UFW firewall. Are there any security problem ? How can I solve SMTP problem ? Please help me!

2 comments
Be the first one to answer this question.