Hi Everyone,

I need some help. I believe there is someone put a spam email script on my server, but I am not where that is. Need some help to figure out where it is.

Mail server: postfix
Server: Ubuntu HHVM Nginx

Any help would be appreciated!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Try to use tcpdump command to capture the traffic especially the mail server ports like 110 - 25 .... (depends on your service you provide) then analyze the captured traffic and block the inappropriate sources with iptables.

Examples of commands just to get started:

tcpdump -nty any port 25

Block the traffic from specific source

iptables -t filter -s -j DROP