On 12/30/2011 11:19 AM, Stephen Atkins wrote: > On 12/30/2011 10:17 AM, Gary Smith wrote: >>> I've been administering the same postfix server for years so I'm >>> a little >>> confused as to how this happened. Granted postifx hasn't been >>> updated in a >>> year or so. >>> >>> This morning I came in to a mailq of over 93000 messages all >>> destine to >>> @yahoo.com.tw >>> >>> For now I'm just blocking all email destined for this domain but >>> I would >>> really like to find out what happened. I haven't changed my main.cf >>> file for over a year. I can post it if needed. >> >> >> Are you an open relay or did one of your user accounts get >> hacked. I'd check the envelope of one of the messages, cross that >> with where it originated and go from there. Just a shoot from the >> hip guess with little information. > > I'm pretty sure. I'm watching the connections coming in and they > are from external IP addresses. A who is shows them as being from > south America and Europe. >
Show all the postfix logging for one of the suspect transactions. Show your "postconf -n" output. http://www.postfix.org/DEBUG_README.html#mail -- Noel Jones
