Postfix seems to be hacked

February 20, 2017 1.9k views
Ubuntu 16.04 Configuration Management

Hello everyone,

I’m having an issue with postfix on my server. It seems someone has hijacked it and it sending emails from my server. I’m getting thousands of emails like this:

This is the mail system at host 

I'm sorry to have to inform you that your message could not 
be delivered to one or more recipients. It's attached below. 

For further assistance, please send mail to postmaster. 

If you do so, please include this problem report. You can 
delete your own text from the attached returned message. 

The mail system 

<*********>: host[] 
said: 554 5.7.9 Message not accepted for policy reasons. See (in reply to end of DATA 

Can someone please help me solve this, I’ve had to reset to shutting off postfix on the server.

Thank you

1 Answer

Make sure you have SPF and DKIM working. Probably DKIM is enough. Potentially you get a better spam score with more identification schemes working.

Have another answer? Share your knowledge.