My server is being used to send phishing mails. It is not an open relay, and all the tests I've done confirm that it is secure. That means that whoever is using it to relay must be authenticating, possible through a weak password. So how can I get the mail log to record which authenticated user is sending each mail? Alternatively, is there a way to look at mail passwords (to look for a weak one) Failing that, how can I disable authenticated SMTP sending?
A resounding lack of assistance, but I managed to sort it out for myself, I think. I discovered that if I edit the postfix config file nano /etc/postfix/main.cf and add the line debug_peer_list = 211.59.11.173 the mail.log will list the username that this particular phishing spammer is using to log in. Authenticated mail sending can be disabled in the same file.
