1

I have a server, running postfix MTA. There is currently a spam issue. It seems one of the local users got some infected software/script/binary, that is connecting to the postfix via TCP port 25 locally and sending junk e-mail.

In the postfix logfiles, I can only see the mails are coming from the local IP address, port 25. And postfix allows it, since the server's own IP address is allowed to send e-mail.

Does anyone have a clue, how I can get more insight within postfix, on which user is sending that mail to the postfix daemon? Any hint would be appreciated.

Improve this question
1
  • use LSOF to List Open Files (upper case so you could see the L) Command would be: lsof -i -n -P if you pipe it through GREP for 25 you may find it. Another possibility ps -afux the process may show up that way.. use a wide screen or capture to a text file to help you read through long lines.
    – TG2
    Commented Sep 10, 2016 at 12:39

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .