Some how, someone was able to create a mailbox on /var/mail/web19 and is sending spam. I delete the mailbox web19 but after a while it appears again. I'm using ISPConfig 3.0.5.3, and the web19 client is using last version of WordPress We are running ISPConfig behind a firewall. Any idea? thanks
Ok thanks, I'll try that. In the meanwhile I blocked the user and deleted postfix mail queue, the spam stopped.
The problem is that your wordpress system has been hacked, this can happen e.g. trough a vulnerable wordpress version or a plugin or even a theme. you should check that also all plugins and the theme are up to date. Then check your server with maldetect: http://www.howtoforge.com/forums/showthread.php?t=58440 and dont care about the mailbox file. Nobody was able to create a mailbox on your system. Such a file gets created automatically by postfix when emails arrive for a system user like the user web19.