It seems that my server is being used to send out spam mail. I first recognised this as an issue as the memory spiked and the mail.log file is absolutely huge! Looking at the logs there is a lot of errors / email addresses that I don’t recognise. For now I have disabled Postfix and the memory use has dropped considerably (the majority of sites on my server use SMTP mail anyway) but how would I go about debugging this? Would I be able to find the cause?
Ubuntu 16.04.3 x64 - happy with terminal commands
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Try DigitalOcean for free
Click below to sign up and get $100 of credit to try our products over 60 days!
There are two common causes:
Open Relay Open relay just means that anyone can use your email server to send out emails and pass them along. Obviously this is very bad for Spam, a simple way to disable it is to setup postfix to only accept sending email from
localhostwhich is explained here: https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp-server-on-ubuntu-16-04#step-2-—-configuring-postfixBad Security The second biggest cause is that you have a webform somewhere that sends out emails and that it wasn’t properly secured or the code itself has a few security issues in which case people can abuse that web form to send out emails, that takes a bit more work to troubleshoot but if you check your webserver logs you can see if there are a large number of requests to a contact form that exceed what your expected normal usage is.