Some spammer is trying to send mails thru my mail server, according to the logs the mails are not going thru, but my outgoing valid emails are taking too many time to go (for example: I have been trying to send an email of 600kb and it can't get out since an hour) is there something I could do so my valid emails go faster? or I'm stuck until the attack finish? Thanks in advance
I had a similar issue where one of my user's password had been compromised, and some spammer was using the account to blast messages through my server. See what's in the queue with: #postqueue -p There is a great Perl script called pfdel that I used to clear out the queue: http://www.ustrem.org/en/articles/postfix-queue-delete-en/ Save that script somewhere, and then add execute permissions: #chmod +x /some/path/pfdel Execution of the script is really simple. Usage: pfdel <email_address>: #/some/path/pfdel [email protected] If you are running Postfix with SASL, run: #cat /var/log/mail.log | grep sasl to see if you have any user that is authenticating at a higher rate than normal. That is how I was able to identify the hijacked account. Hope that helps!
Thank you for your reply, however that is not the case, the spam is not going thru my server, my server is blocking all of it and the queue is empty, but the server is just realy slow for send valid emails. Any idea, I'm running Fedora 7, ISPConfig 2.2.32
Is the spam coming just from a few IP's? Then block the IP's with the route command: http://www.faqforge.com/linux/how-to-block-access-to-a-server-by-ip-address-on-linux/
Thanks for your reply Till, but there are too many IP's, however it seems that the spam stopped about half hour ago and the server is running normally again (let's hope that stay that way) I am interested in the route command for blocking IP's, is blocked before making the request to the postfix? Thanks again for your help Till and fishtenors
