Postfix Spam, how do I debug?

November 2, 2017 1.5k views
Email Ubuntu

It seems that my server is being used to send out spam mail. I first recognised this as an issue as the memory spiked and the mail.log file is absolutely huge! Looking at the logs there is a lot of errors / email addresses that I don’t recognise. For now I have disabled Postfix and the memory use has dropped considerably (the majority of sites on my server use SMTP mail anyway) but how would I go about debugging this? Would I be able to find the cause?

Ubuntu 16.04.3 x64 - happy with terminal commands

1 Answer

There are two common causes:

  1. Open Relay
  2. Bad security on a website <form>

Open Relay
Open relay just means that anyone can use your email server to send out emails and pass them along. Obviously this is very bad for Spam, a simple way to disable it is to setup postfix to only accept sending email from localhost which is explained here:
https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp-server-on-ubuntu-16-04#step-2-%E2%80%94-configuring-postfix

Bad Security
The second biggest cause is that you have a webform somewhere that sends out emails and that it wasn't properly secured or the code itself has a few security issues in which case people can abuse that web form to send out emails, that takes a bit more work to troubleshoot but if you check your webserver logs you can see if there are a large number of requests to a contact form that exceed what your expected normal usage is.

by finid
Postfix is a *mail transfer agent* (MTA), an application used to send and receive email. In this tutorial, we will install and configure Postfix so that it can be used to send emails by local applications only — that is, those installed on the same server that Postfix is installed on.
Have another answer? Share your knowledge.