[SOLVED] Postfix or apache sending spam emails Hello guys, I am having a problem with postfix sending spam emails that are targeting a list of aol.com users. I am using Ubuntu 12.04 Problems: ## Postfix + squirrelmail ## 1- Since I am using postfix on a home server so port 25 is blocked by default from my ISP so I had to use the relay option to be able to send email using: relayhost = smtp.bredband.net ( My ISP ) in main.cf 2- The emails been sent using userid 33 ( www-data ) from other domains that are hosted on same server and pointed to same ip. So, My main domain I am using with postfix is selman.us and all emails should only be sent from [email protected] and I don't want it to be sent from another apache virtual host like [email protected] Now spammers using botnet or some other applications to be able to send emails from my other domain while those users don't exist on the website or the system like [email protected] Steps I have taken so far to stop this drama: 1- Removed my ISP smtp server from relayhost in main.cf to disable relay on the server. 2- Added the smtp server to squirrelmail instead and sending emails works fine. 3- Blocked all outgoing connections to aol.com ips on port 25 using ufw. Now all emails been sent by the spammers go to postfix queue and I have in my mail logs: status=deferred (delivery temporarily suspended: connect to mailin-04.mx.aol.com[64.12.138.161]:25: Connection timed out) Since I am having tons of emails going out so it's about 2k emails per hour go to queue so I have created a cron job to wipe them hourly using: postsuper -d ALL ---------------------- The problem is partly solved now but I need something more effective: 1- I need to know how use my own smtp server to send emails using another port than 25 like port 587 2- How to prevent spammers from using my other domain names to send emails. Like allow only my main domain name or host name to send out emails and not all domains hosted on my server. Thank you for reading and your help is much appreciated.
Ok guys, I found this solution after a while googleing and I hope you don't mind me sharing it here in case someone else face same problem. The problem is not on the server side as apache or postfix issue, but the spam been sent using a WP spambots/malware that have been installed on my websites from a theme or plugin and from there been spreading to other WP files and using the domain names to send the spam. You can scan your websites folders with Linux Malware Detect that is currently found here. The result that I found is: malware detect scan report for hostname: SCAN ID: 021513-2017.31607 TIME: Feb 15 20:18:28 +0100 PATH: /home/user/public_html/ TOTAL FILES: 10784 TOTAL HITS: 7 FILE HIT LIST: {CAV}PHP.Trojan.Spambot {HEX}php.cmdshell.unclassed.344 {CAV}PHP.Trojan.Spambot {CAV}PHP.Trojan.Spambot {HEX}php.cmdshell.unclassed.344 {CAV}PHP.Trojan.Spambot {CAV}PHP.Trojan.Spambot Hope this will be helpful..
