Get alerted when assets are down, slow, or vulnerable to SSL attacks—all free for a month. Learn more

Question

Postfix Spam, how do I debug?

It seems that my server is being used to send out spam mail. I first recognised this as an issue as the memory spiked and the mail.log file is absolutely huge! Looking at the logs there is a lot of errors / email addresses that I don’t recognise. For now I have disabled Postfix and the memory use has dropped considerably (the majority of sites on my server use SMTP mail anyway) but how would I go about debugging this? Would I be able to find the cause?

Ubuntu 16.04.3 x64 - happy with terminal commands

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Moisey UretskyFebruary 19, 2018

There are two common causes:

  1. Open Relay
  2. Bad security on a website <form>

Open Relay Open relay just means that anyone can use your email server to send out emails and pass them along. Obviously this is very bad for Spam, a simple way to disable it is to setup postfix to only accept sending email from localhost which is explained here: https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp-server-on-ubuntu-16-04#step-2-—-configuring-postfix

Bad Security The second biggest cause is that you have a webform somewhere that sends out emails and that it wasn’t properly secured or the code itself has a few security issues in which case people can abuse that web form to send out emails, that takes a bit more work to troubleshoot but if you check your webserver logs you can see if there are a large number of requests to a contact form that exceed what your expected normal usage is.

Try DigitalOcean for free

Click below to sign up and get $100 of credit to try our products over 60 days!

Sign up