Hello, Debian 9.9 ISPConfig Version: 3.1.14p2 single Nginx The server host has blocked outgoing traffic on port 25 because their Anti-Spam protection has detected a significant spam from one of the IPs. Indeed, my server seems contaminated because it sends a lot of spam. How to do? mail.err There are many lines then even more Mail Queue There is a horrendous amount of connections.
Check the email headers of one of the spam emails with the postcat command. postcat -q ID ID has to be replaced with the queue ID of one of the spam emails. There are two likely reasons: a) A website has been hacked e.g. because it was not up to date and is sending spam now. b) One of the mail accounts is misused to send email (weak password or password used for multiple services)
I checked all email addresses. One of them is at fault, because its password is weak. This offending e-mail address receives notification of receipt. The titles of the messages suggest that this is prostitution. It is mainly in Swedish, Italian and German. postcat -q indicates that it is a jpg image. The password was indeed very simple. I changed it with a very strong password. As soon as I unlocked the IP, the sending of spam started again immediately to be immediately blocked by the host of the server with anyway 103 spam that have had time to be sent in a few seconds. So I deactivated the SMTP and activated the gray list. It took a few fractions of a second before the server was blocked again. Do I have to delete this email address altogether? The consequences are a lot of temporary blockages of email (too many connection), but also Wordpress sites with error 500. and
If you have addressed the source of the spam (by changing the password), you need to clear old mail from your mail queue, or everything sent prior to that will still be processed/delivered. You can run "postsuper -h ALL" to put all mail in the hold queue, then it's safe to start up postfix and process new mail again. After you clean the queued spam, run "postsuper -H ALL" to put everything (all the remaining messages that didn't get removed in your cleanup) back into active queue. With an abused sender account, cleanup is often as simple as "mailq | grep '[email protected]' | cut -f1 -d'!' | postsuper -d -", though you might want to make sure you've got the right messages before blindly running that (eg. try just "mailq | grep '[email protected]' | less" to see what it's about to whack).
Thank you, Jesse. So I followed this tutorial: https://tecadmin.net/flush-postfix-mail-queue/ Everything is in order. There were about 2400 images left to send.
