Question

Postfix Spam, how do I debug?

It seems that my server is being used to send out spam mail. I first recognised this as an issue as the memory spiked and the mail.log file is absolutely huge! Looking at the logs there is a lot of errors / email addresses that I don’t recognise. For now I have disabled Postfix and the memory use has dropped considerably (the majority of sites on my server use SMTP mail anyway) but how would I go about debugging this? Would I be able to find the cause?

Ubuntu 16.04.3 x64 - happy with terminal commands

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

There are two common causes:

  1. Open Relay
  2. Bad security on a website <form>

Open Relay Open relay just means that anyone can use your email server to send out emails and pass them along. Obviously this is very bad for Spam, a simple way to disable it is to setup postfix to only accept sending email from localhost which is explained here: https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp-server-on-ubuntu-16-04#step-2-—-configuring-postfix

Bad Security The second biggest cause is that you have a webform somewhere that sends out emails and that it wasn’t properly secured or the code itself has a few security issues in which case people can abuse that web form to send out emails, that takes a bit more work to troubleshoot but if you check your webserver logs you can see if there are a large number of requests to a contact form that exceed what your expected normal usage is.