I have a server, running postfix MTA. There is currently a spam issue. It seems one of the local users got some infected software/script/binary, that is connecting to the postfix via TCP port 25 locally and sending junk e-mail.
In the postfix logfiles, I can only see the mails are coming from the local IP address, port 25. And postfix allows it, since the server's own IP address is allowed to send e-mail.
Does anyone have a clue, how I can get more insight within postfix, on which user is sending that mail to the postfix daemon? Any hint would be appreciated.