By newbie
Hello, suddenly from yesterday SMTP(Postfix) start eating too much memory(like 100mb) and always i find 34/45 instance running. now i dont understand is my server sending outgoing spam? also my mail.log file became 1 gb large.
i tried to sudo tail /var/log/mail.log and found following
Aug 31 18:53:35 mydomain postfix/qmgr[1400]: 9B6B46D76C: removed
Aug 31 18:53:35 mydomain postfix/local[9135]: 11AEC63CA3: to=<jenny_harrison@mydomain.com>, relay=local, delay=0.01, delays=0.01/0/0/0, dsn=5.1.1, status=bounced (unknown user: "jenny_harrison")
Aug 31 18:53:35 mydomain postfix/qmgr[1400]: 11AEC63CA3: removed
Aug 31 18:53:35 mydomain postfix/smtp[11526]: 5CCAC6C39E: to=<odorter@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[74.125.200.27]:25, delay=75963, delays=75930/0/32/1.3, dsn=4.2.2, status=deferred (host alt1.gmail-smtp-in.l.google.com[74.125.200.27] said: 452-4.2.2 The email account that you tried to reach is over quota. Please direct 452-4.2.2 the recipient to 452 4.2.2 https://support.google.com/mail/answer/6558 g64si874062otb.161 - gsmtp (in reply to RCPT TO command))
Aug 31 18:53:36 mydomain postfix/smtp[11827]: connect to mail.virginbroadband.com.au[123.200.191.12]:25: Connection timed out
Aug 31 18:53:36 mydomain postfix/smtp[11827]: 3811C660A5: to=<wombat.burrow@virginbroadband.com.au>, relay=none, delay=336438, delays=336405/0.01/33/0, dsn=4.4.1, status=deferred (connect to mail.virginbroadband.com.au[123.200.191.12]:25: Connection timed out)
Aug 31 18:53:36 mydomain postfix/smtp[11736]: connect to mail.virginbroadband.com.au[123.200.191.12]:25: Connection timed out
Aug 31 18:53:36 mydomain postfix/smtp[11736]: E13D26C553: to=<tony007@virginbroadband.com.au>, relay=none, delay=71843, delays=71810/0.01/33/0, dsn=4.4.1, status=deferred (connect to mail.virginbroadband.com.au[123.200.191.12]:25: Connection timed out)
Aug 31 18:53:39 mydomain postfix/smtp[11731]: 0EC556AA5D: to=<stumpj@verizon.net>, relay=relay.verizon.net[206.46.232.11]:25, delay=143372, delays=143333/0.01/34/4.5, dsn=2.5.0, status=sent (250 2.5.0 Ok.)
Aug 31 18:53:39 mydomain postfix/qmgr[1400]: 0EC556AA5D: removed
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
If your Droplet is compromised, it is recommended to block outgoing mail ports using a firewall (ufw, iptables) like so:
ufw deny out 25
ufw deny out 587
# or
iptables -A OUTPUT -p tcp --dport 25 -j REJECT
iptables -A OUTPUT -p tcp --dport 587 -j REJECT
Then, back up all of your data, create a new Droplet, and move your programs and files to it. Make sure you only transfer files that you know you created, and install any software that you had from scratch. This will hopefully result in a new Droplet free of any compromised files. Make sure you secure the new Droplet, see:
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.