Exploited Postfix
I have been notified about "Phishing Emails" being sent out of my Linode 2 days ago. After investigating logs and traffic, it turned out that my installation of Postfix is exploited.
This means that at the moment I start Postfix, it starts sending out spam emails. The traffic, I/O rate, and CPU usage increase dramatically upon starting Postfix.
And after stopping postfix, everything goes back to normal immediately.
Could you please help me fix this issue with Postfix?
Regards,
Ali
5 Replies
But you need to find out what part of your server was exploited to generate the messages. Just flushing the queue won't fix that problem. It's probably a web page, somewhere.
@sweh:
Postfix is unlikely to be exploited. What you're more likely to be seeing are the messages in the queue. When you restart postfix it starts to send the queued messages. You need to run "postsuper -d ALL" to delete all messages in the queue.
But you need to find out what part of your server was exploited to generate the messages. Just flushing the queue won't fix that problem. It's probably a web page, somewhere.
Thanks. "postsuper -d ALL" did the job. But I still need to find the source, so that it won't happen again…
@hybinet:
Any websites running outdated versions of popular CMS's, or a contact form?
There is a website created using django that has a contact form. I should probably check http requests to/from the contact page.