Mariano Aliaga:
> Hi,
> I'm currently running a Postfix (2.7.1) + Amavisd-new server. I
> think it's been somehow comprimised, because I'm seeing spams being
> originated from localhost, and as 127.0.0.1 is listed on mynetworks,
> it is accepted and sent to amavis which sometimes stops it, and
> sometimes not.
> My questions are:
>
> 1) Is there a way I can find the "process" or origin from these mails?
All OS distributions:
# lsof -ni | grep 127.0.0.1
With some OSes, the netstat command will report the PID.
# netstat -nap | grep 127.0.0.1
Wietse
