problem with spam

Discussion in 'General' started by mawe, Jun 2, 2015.

  1. mawe

    mawe New Member

    A few hours ago I noticed that someone is sending spam through my server, this hasn't happened before, I immediatly put all mail on hold.
    I thought it was through a compromised useraccount / password, I changed the password in the web interface but it seems to continue.

    Code:
    Jun  2 19:31:24 mail postfix/smtpd[6160]: connect from timo.hlm.sgsnet.se[46.239.110.85]
    Jun  2 19:31:24 mail postfix/smtpd[6160]: 78EFE230082: client=timo.hlm.sgsnet.se[46.239.110.85], sasl_method=LOGIN, [email protected]
    Jun  2 19:31:24 mail postfix/cleanup[6217]: 78EFE230082: message-id=<>
    Jun  2 19:31:26 mail amavis[31860]: (31860-09) Passed BAD-HEADER, ORIGINATING LOCAL [46.239.110.85] [46.239.110.85] <[email protected]> -> <[email protected]>, quarantine: T/badh-T-aZ+t8hC1lt, mail_id: T-aZ+t8hC1lt, Hits: -0.276, size: 6319, queued_as: 6B2102303CC, 835 ms
    Jun  2 19:31:26 mail postfix/smtp[6221]: 4D8562302E5: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.2, delays=0.34/0.01/0/0.85, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=31860-09, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6B2102303CC)
    Jun  2 19:31:26 mail postfix/qmgr[9593]: 4D8562302E5: removed
    Jun  2 19:31:27 mail postfix/smtp[6227]: 6B2102303CC: to=<[email protected]>, relay=mx01.emig.gmx.net[212.227.17.5]:25, delay=0.99, delays=0/0.03/0.04/0.91, dsn=2.0.0, status=sent (250 Requested mail action okay, completed: id=0MMY6M-1Z1VSs3zDS-008NKj)
    Jun  2 19:31:27 mail postfix/qmgr[9593]: 6B2102303CC: removed
    Whats strange is that there is no login failure, even though I have changed the password already.
    Every mail has Passed: Bad-HEADER - could it be that amavis is somehow misconfigured?
     

Share This Page