Hi Everyone,
I need some help. I believe there is someone put a spam email script on my server, but I am not where that is. Need some help to figure out where it is.
Mail server: postfix
Server: Ubuntu HHVM Nginx
Any help would be appreciated!
Try to use tcpdump command to capture the traffic especially the mail server ports like 110 - 25 .... (depends on your service you provide) then analyze the captured traffic and block the inappropriate sources with iptables.
Examples of commands just to get started:
tcpdump -nty any port 25
Block the traffic from specific source
iptables -t filter -s 1.2.3.4 -j DROP