Postfix Spam mail script

October 26, 2017 1.5k views

Hi Everyone,

I need some help. I believe there is someone put a spam email script on my server, but I am not where that is. Need some help to figure out where it is.

Mail server: postfix
Server: Ubuntu HHVM Nginx

Any help would be appreciated!

1 Answer

Try to use tcpdump command to capture the traffic especially the mail server ports like 110 - 25 .... (depends on your service you provide) then analyze the captured traffic and block the inappropriate sources with iptables.

Examples of commands just to get started:

tcpdump -nty any port 25

Block the traffic from specific source

iptables -t filter -s -j DROP
Have another answer? Share your knowledge.