Postfix Spam, how do I debug?

Posted November 2, 2017 5.7k views

It seems that my server is being used to send out spam mail. I first recognised this as an issue as the memory spiked and the mail.log file is absolutely huge! Looking at the logs there is a lot of errors / email addresses that I don’t recognise. For now I have disabled Postfix and the memory use has dropped considerably (the majority of sites on my server use SMTP mail anyway) but how would I go about debugging this? Would I be able to find the cause?

Ubuntu 16.04.3 x64 - happy with terminal commands

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

There are two common causes:

  1. Open Relay
  2. Bad security on a website <form>

Open Relay
Open relay just means that anyone can use your email server to send out emails and pass them along. Obviously this is very bad for Spam, a simple way to disable it is to setup postfix to only accept sending email from localhost which is explained here:

Bad Security
The second biggest cause is that you have a webform somewhere that sends out emails and that it wasn’t properly secured or the code itself has a few security issues in which case people can abuse that web form to send out emails, that takes a bit more work to troubleshoot but if you check your webserver logs you can see if there are a large number of requests to a contact form that exceed what your expected normal usage is.

by finid
Postfix is a *mail transfer agent* (MTA), an application used to send and receive email. In this tutorial, we will install and configure Postfix so that it can be used to send emails by local applications only — that is, those installed on the same server that Postfix is installed on.