Hi, I'm currently running a Postfix (2.7.1) + Amavisd-new server. I think it's been somehow comprimised, because I'm seeing spams being originated from localhost, and as 127.0.0.1 is listed on mynetworks, it is accepted and sent to amavis which sometimes stops it, and sometimes not. My questions are:
1) Is there a way I can find the "process" or origin from these mails? 2) What restrictions can I configure on Postfix to avoid relaying mails from non-valid domains when originated on localhost? Thanks in advance for any help you could provide. Below is my postconf -n output and master.cf relevant lines: postconf -n: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes config_directory = /etc/postfix content_filter = smtp-antivirus:[127.0.0.1]:10024 debug_peer_list = 127.0.0.1 default_destination_concurrency_limit = 10 home_mailbox = Maildir/ local_destination_concurrency_limit = 2 local_recipient_maps = proxy:unix:passwd.byname $alias_maps mailbox_command = mailbox_size_limit = 240800000 message_size_limit = 25000000 mydestination = domain.com mail.domain.com localhost.domain.com localhost mail mydomain = domain.com myhostname = mail.domain.com mynetworks = 127.0.0.0/8 192.168.0.0/24 myorigin = /etc/mailname recipient_delimiter = + relay_recipient_maps = hash:/etc/postfix/relay_recipients smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_banner = $myhostname ESMTP smtpd_data_restrictions = reject_unauth_pipelining permit smtpd_helo_required = yes smtpd_recipient_limit = 100 smtpd_recipient_restrictions = permit_sasl_authenticated reject_non_fqdn_sender reject_unknown_sender_domain permit_mynetworks reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = permit_sasl_authenticated permit_mynetworks smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom master.cf: smtp-antivirus unix - - n - 4 smtp -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes
