Hi. Recently I'm seeing a lot of unknown emails sended from my server. 47910300F28 703629 Thu Dec 19 05:19:54 [email protected] (Host or domain name not found. Name service error for name=globalskm.com type=MX: Host not found, try again) [email protected] cahors.cn isn't my domain. Then I believe someone is using my server to send emails or something. I can see the email queue and delete it but it is not the solution. I tried to analyze the queue using commands like these: Code: grep -A2 "from" /var/log/mail.log grep -c "from=<[email protected]>" /var/log/mail.log But I need to go to next step and to know the origin and block it. Can I help me? Thanks.
Is that same server hosting websites? Maybe a form on there is being abused? Or a website got hacked? Also check if you haven't created an open relay somehow.
Hi. That is not the same server hosting websites. This server doesn't contain any website. I use it for email server only. I haven't created any relay. I don't know what I've to analyze to discover the origin of these emails. Thanks.
Try to restart Postfix. The email was sent using the username and password from that contabilidad address. Please try not to post real email addresses. Bots often scan forums for emails, so it's better not to post any real addresses to avoid getting spam or having your account attacked.
