One of the sites on my server appears to be sending out a massive amount of spam. I did "mailq" and there are tons of emails from webmaster@... Any idea how to resolve this?
Beside the actions that re described in the post that srijan linked above, you shuld consider to scan and clen the site with maldetect: http://www.howtoforge.com/forums/showthread.php?t=58440
You should also disable php mail and force all to be sent from an authenticated sender. This will help with shared hosting so you dont have [email protected] sending emails getting you blocked.
Hi Srijan, I used postcat to look at the header, but I am not sure how this helps me: Code: X-PHP-Originating-Script: 700:Verde.php
Please ckeck the last post at this theread http://www.howtoforge.com/forums/showthread.php?t=67577 In access file you can set REJECT (bad domains) or ( bad user ) and you can also use it to allow users. Check your main.cf file and locate this line check_sender_access hash:/etc/postfix/access ## If there is only "check_sender_access" just add ":/etc/postfix/access" without space. #### access file #### baduser@* RJECT bad.domain.com REJECT user@ OK user2@ OK user3@ REJECT You create the file and add the users that you want them to be able to send emails. Save the file then create it's db file using the command postmap access This will add a new file called access.db Each time you need to add a user you will modify the file then use the command "postmap access" and restart postfix Hope this help
I used postcat to look at the mail header of one of the emails stuck in the mailq, but I'm not sure what to do with the info there? How can it help me track down the source: Code: *** ENVELOPE RECORDS /var/spool/postfix/deferred/8/881A88032D *** message_size: 4603 697 1 0 4603 message_arrival_time: Thu Nov 20 14:18:00 2014 create_time: Thu Nov 20 14:18:00 2014 named_attribute: log_ident=881A88032D named_attribute: rewrite_context=local sender: [email protected] named_attribute: encoding=7bit named_attribute: log_client_name=localhost.localdomain named_attribute: log_client_address=127.0.0.1 named_attribute: log_client_port=36107 named_attribute: log_message_origin=localhost.localdomain[127.0.0.1] named_attribute: log_helo_name=localhost named_attribute: log_protocol_name=ESMTP named_attribute: client_name=localhost.localdomain named_attribute: reverse_client_name=localhost.localdomain named_attribute: client_address=127.0.0.1 named_attribute: client_port=36107 named_attribute: helo_name=localhost named_attribute: protocol_name=ESMTP named_attribute: client_address_type=2 named_attribute: dsn_orig_rcpt=rfc822;[email protected] original_recipient: [email protected] recipient: [email protected] *** MESSAGE CONTENTS /var/spool/postfix/deferred/8/881A88032D *** Received: from localhost (localhost.localdomain [127.0.0.1]) by myserver.mywebsite.com (Postfix) with ESMTP id 881A88032D for <[email protected]>; Thu, 20 Nov 2014 14:18:00 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at myserver.mywebsite.com Received: from myserver.mywebsite.com ([127.0.0.1]) by localhost (myserver.mywebsite.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wTAk4gytd9Wp for <[email protected]>; Thu, 20 Nov 2014 14:17:59 -0800 (PST) Received: from super.mfycheng.com (super.mfycheng.com [107.155.187.56]) by myserver.mywebsite.com (Postfix) with ESMTP id AC6627FC51 for <[email protected]>; Thu, 20 Nov 2014 14:17:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=mfycheng.com; h=MIME-Version:Content-Type:From:To:Subject:Message-Id:Date; [email protected]; bh=ST6attR+wqQ+DzIUZ9ZDBAHfGME=; b=baB3I5BVd1UlccqE7yEJ1fqmDEf8sDyjWvxal13bdFkCyvnYJKtCEqwnUBc4NaDs6+4+/VDGRhEX kXmeLE02xIapjgbmnGWBW30zGTCcGFm/ZVlZMMP6E1Q6K2wKJ9pnGyPBYHu7goMEXwuxLhgiTShn 5uVGWx6RoK8NuXp2MoA= Received: by super.mfycheng.com id hdpk9e0001g7 for <[email protected]>; Thu, 20 Nov 2014 17:17:47 -0500 (envelope-from <[email protected]>) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="==============7525813598553764655==" From: Penny_Stock_Fortune Silicon <[email protected]> To: [email protected] Subject: paypal Prediction: Largest Economic Opportunity of the 21st Century. Message-Id: <[email protected]> Date: Thu, 20 Nov 2014 17:17:47 -0500 --==============7525813598553764655== Content-Type: text/plain; Content-Transfer-Encoding: quoted-printable =20 =20 =20 Prediction: Largest Economic Opportunity of the 21st Century Dear a= ngoralv, It's only about the size of a small coffee pot... But one = expert calls it the \"largest economic opportunity of the 21st century.\" = It's already being used to partially power Google, Wal-Mart, FedEx and Ban= k_of_America. And guess what? The company that makes it could become on= e of the most valuable in the world. And hardly anybody knows about it. = But here's the best part -- you can own a piece right now for only about 2= 1 cents. CLICK_HERE NOW for all the details. Sincerely, Joe Sch= riefer Publisher, Agora_Financial To unsubscribe , please click_here.= =20 --==============7525813598553764655== Content-Type: text/html; Content-Transfer-Encoding: quoted-printable <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title></title> </head> <body> <div> <div> <b>Prediction: Largest Economic Opportunity of the 21st= Century</b> </div> <div> </div> <div><br/> Dear paypal, </div> <div> </div= > <div> It's only about the size of a small coffee pot... </div> <div> </di= v> <div> But one expert calls it the "largest economic opportunity of the 2= 1st century." </div> <div> </div> <div> It's already being used to partiall= y power Google, Wal-Mart, FedEx and Bank_of_America. </div> <div> </div> <d= iv> And guess what? The company that makes it could become one of the most = valuable in the world. And hardly anybody knows about it. </div> <div> </di= v> <div> But here's the best part -- you can own a piece right now for only= about 21 cents. </div> <div> </div> <div> <a href=3D"http://mfycheng.com/M= lXSi9MY4XWtB3Y/430489d5386368367f768401d891d4a2/HeDMbWO5B182jNF9STaflLhdtiP= Gfp1fhuCdmevw0p1uUxurT82PMOZZU~e0j~r7~wT9hiv1j4SuUaic8tQ0VKlo0QEOa8Rkkg0gTS= ISvpbDjrxSmbADYd3m_rSJUhnJ2rsYOm4A~5ZefuyfaQ6DvbMCz0hKGcaljvsTC7VGsZ3bzUOHi= H0ZvgxAbDYMRCWwG52YepF4MOWbl3P4HvIRSxb35BFQhsvz2B4wYW12XcEKkgFz75EJB0W9jR7K= 96j670cXZP16R56icROz1DR~5rYwll4~RZwrGiJw7q3ZYXVDN6S7qUZZ1RESrJ5DTN26QeVGud5= 1ZYC7JbFJ_ErFz9XIPTT8vHVKODPVcmG8DfLxA7BFXPgWfcCuXG1vMnBp7zyUUPtFec9OAeVfRC= KVfytxFk8xpsFHCJ3xfXm065085W~8I9ZbiYHLzIW8iZ6ifJKH0ucA0914hE9oWxEL8WH2P~yDu= PJc~mu63Yq44G5aGi5DekPGGDBz27HBPp">CLICK_HERE NOW</a> for all the details. = </div> <div> </div> <div> Sincerely, </div> <div> </div> <div> Joe Schriefe= r<br> Publisher, Agora_Financial </div> </div><br> <br> <br> To unsubscribe= , please <a href=3D"http://mfycheng.com/msMteZm3tOOnUzv/430489d5386368367f= 768401d891d4a2/6pNTpNhtThO0rfmRU6j~vIS5Nvom89FMHsAoS9jh7nFQCm_uwoLGTd5BHSm9= NKtcTNVHNj3BL9mXkwfGqj0tbiCVbeXiMH2MV6DFH" style=3D"color: 000000; text-dec= oration: underline;"><span style=3D"color:000000;">click_here</span></a>.<b= r> </body></html> --==============7525813598553764655==-- *** HEADER EXTRACTED /var/spool/postfix/deferred/8/881A88032D *** named_attribute: encoding=7bit *** MESSAGE FILE END /var/spool/postfix/deferred/8/881A88032D ***
