postfix empty sender or www-data

Hi All,

I have a problem on one of my servers running Debian sarge and ISPconfig 2.2.11. In the mail.log appears the following:

May 7 06:32:58 serverhostname postfix/qmgr[17941]: 6F81D7804D3: from=<www-data@serverhostname>, size=1750, nrcpt=330 (queue active)
May 7 06:32:58 serverhostname postfix/qmgr[17941]: 6F81D7804D3: to=<emailaddress>, relay=none, del
ay=58840, status=deferred (delivery temporarily suspended: connect to remotemailserver[xxx.xxx.xxx.xxx]: Connection
timed out)

and after that the "to=<emailaddress>, relay=none, del
ay=58840, status=deferred (delivery temporarily suspended: connect to mailserver[xxx.xxx.xxx.xxx]: Connection
timed out)
"
repeats at least 100 times with different recipients emailaddresses...

Sometimes the from=<www-data@serverhostname> appears as from=<> followed also by at least 100 of "to=<emailaddress>".

The mailqueue gets a value of about 10000 emails for 24h...

I understand that the IP is already blacklisted, but thats not the problem now, first i want to stop this spam attack.

Any ideas?

Regards

 

Thanks for the quick replay,

is there a way i can check through which form exactly is that spam being send?

Regards

 

OK thanks,

i have "catched" the 2 sites which were sending spams and deleted the sites and the corresponding users.
But i think this will not be the last such case, because on the server there are many sites. I think that it will be better idea if i can somehow restrict the amount of sended emails per user and time, for example: user www-data can send 10 mails for 10 minutes or something like that and if the limit is reached then notification is sended to the admin... any ideas how can be this done?

Regards

 

Hi

i have found what i need - policyd (http://policyd.sourceforge.net/). It can do the desired thing for me: Sender Throttling (and many other things).

The question is if it can be setuped to work with ispconfig...
Ill give it a try...

Regards