Postfix seems to be hacked

February 20, 2017 460 views
Configuration Management Ubuntu 16.04

Hello everyone,

I'm having an issue with postfix on my server. It seems someone has hijacked it and it sending emails from my server. I'm getting thousands of emails like this:

This is the mail system at host pdotmedia.com. 

I'm sorry to have to inform you that your message could not 
be delivered to one or more recipients. It's attached below. 

For further assistance, please send mail to postmaster. 

If you do so, please include this problem report. You can 
delete your own text from the attached returned message. 

The mail system 

<*********@yahoo.co.uk>: host mx-eu.mail.am0.yahoodns.net[188.125.69.79] 
said: 554 5.7.9 Message not accepted for policy reasons. See 
https://help.yahoo.com/kb/postmaster/SLN7253.html (in reply to end of DATA 
command) 

Can someone please help me solve this, I've had to reset to shutting off postfix on the server.

Thank you

1 Answer

http://dkimvalidator.com/

Make sure you have SPF and DKIM working. Probably DKIM is enough. Potentially you get a better spam score with more identification schemes working.

Have another answer? Share your knowledge.