Server sending spam

Discussion in 'General' started by recin, Sep 8, 2014.

  1. recin

    recin Active Member

    I have Ubuntu 10.04 with ispconfig

    Since yesterday i have an account sending a lot of spam, even when i had deleted this account. What can i do?

    This is the mail.log (I changed the account to [email protected] and my server IP to

    I had problems like this in the past but i could solved it changing the account password but this dont work this time, it keep sendind spam even when I deleted the account and disable the mail domain of this account.

    Thanks in advance!
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Restart postfix, dovote or courier-authdaemon and saslauthd. If there is a very high sending pressure, then it can happen that postfix uses cached auth details so a restart is nescessary to make it aware that the account details have been changed.

    If this dont help, then take a look into some of the spam mails in the mailqueue with postcat command to see which exact user had sent them or if they were send with a php srcipt by a website.
  3. recin

    recin Active Member

    I already restarted postfix and all courier services with no success.

    This is the postcat -q result

    I understand it is sendind from [email protected]

    Im logging the php mail scripts in another script and it doesnt seem to show any problem.
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, the email is sent from the address mentioned in the line;

    (Authenticated sender: [email protected])

    and this user hasauthenticated himdelf successfully.

    You mentioned above that you restarted postfux and courier, but did you also restart saslauthd? Saslauthd is the daemon that does the actual user validation for postfix and that caches the data.
  5. recin

    recin Active Member

    I only restarted postfix and courier* process.
    I restart the saslauthd and it seems to solve the problem.
    Anyway I ended up rebooting the system.
    Thanks a lot!

Share This Page