I get alot of these in my mail log via isp3config panel : Jan 19 09:23:15 htz postfix/sendmail[882]: fatal: User web21(5012) is not allowed to submit mail Jan 19 09:23:17 htz postfix/sendmail[883]: fatal: User web21(5012) is not allowed to submit mail Jan 19 09:23:18 htz postfix/sendmail[884]: fatal: User web21(5012) is not allowed to submit mail Jan 19 09:23:19 htz postfix/sendmail[885]: fatal: User web21(5012) is not allowed to submit mail Jan 19 09:23:20 htz postfix/sendmail[886]: fatal: User web21(5012) is not allowed to submit mail Jan 19 09:23:21 htz postfix/sendmail[887]: fatal: User web21(5012) is not allowed to submit mail Jan 19 09:23:22 htz postfix/sendmail[888]: fatal: User web21(5012) is not allowed to submit mail Jan 19 09:23:23 htz postfix/sendmail[889]: fatal: User web21(5012) is not allowed to submit mail Jan 19 09:23:24 htz postfix/sendmail[890]: fatal: User web21(5012) is not allowed to submit mail Jan 19 09:23:25 htz postfix/sendmail[891]: fatal: User web21(5012) is not allowed to submit mail How can i stop it ? how can I know who from which ip is submitting all these email and how can I ban him from sending so many requests ? web21 is by the way owned by me and all the php pages are checked and there is no web form or anything.
There must be a php file in this site that sends email, most likely the site got hacked. check one of the email with postcat to see which script tries to send them: http://www.howtoforge.com/forums/showthread.php?t=64301
