Hi, I suspect that my email server has been cracked. How do I make sure it happened?
I verified via external website service that my server is not an open relay. I verified that my server is not listed at spamhaus RBL (yet). However, /var/log/mail contains huge number of lines like this one: Sep 17 18:23:58 mail postfix/error[31376]: C9D81529A036: to=<[EMAIL PROTECTED]>, relay=none, delay=39275, delays=39275/0.19/0/0.2, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]: Connection refused) There are about 100 such lines every second. The "to=" address is different each time, but the rest is the same. Is it my server refusing spam, or is it my server sending spam? -- Milos Prudek
