Hi there, I followed the "perfect server debian wheezy" tutorial a long time ago, worked perfectly, except for 1 thing, the security of emails. I have a lot of spam from some websites (Wordpress & Drupal, not on Prestashop and not on every WP or Drupal). As far i came with my investigations, the hackers had find a way to create files with nasty code that send a lot of emails. My temporary solution is to shut off postfix, i wrote a bash script that cleans the queue, but it's not easy to use. So how can i solve the email problem ? I thought about revoke write permissions of all users created by ISPconfig, but i hope there's a better way to do this. For the record, I have Debian Wheezy, up to date and I installed roundcube using the howtoforge tutorial. If any question, let me know. Thanx.
Check your installed sites for suspicious code and also make sure, you don´t have "unknown" admin-users in the wordpress-databases.