Charles Richard:
> Hi,
>
> I have inherited a postfix 2.6 mail server which also uses Dovecot 1.1.14 .
>
> This is basically a legacy mail server that can't be shutoff because it is
> now used only to forward the emails sent to a few mailboxes to the new
> email addresses now being used.
>
> This email server has been compromised and from what I can tell. it is
> sending spam from localhost. I don't know much about postfix.
>
> Any suggestions on how to fix this? We don't need the local mailboxes to be
> able to send messages anymore. We only want messages sent to valid
> mailboxes to be fowarded as per the forward rules we have setup.
Before you can stop the spam, you must find out how it enters Postfix.
You will have to examine the maillog (mail.log, or whatever) file
to find out if it enters via smtpd (network) or via pickup (local
submission). It if arrives from the network, perhaps a user account
was compromised. If it comes from a local web application, that
requires different measures.
Wietse
