I have Postfix server that runs pretty well, today a user got reject, our
server got listed on lashback and one other list as 'spam sender';
looking through logs it seems a sasl user is/was hacked few days ago:
# grep username /var/log/maillog | wc
4382 59184 765780
# grep username /var/log/maillog.1 | wc
1148 14914 190332
# grep username /var/log/maillog.2 | wc
67 1385 18475
# grep username /var/log/maillog.3 | wc
76 910 13651
# grep username /var/log/maillog.4 | wc
22 364 4692
I've now edited that username sasl password
what sort of monitoring can one do to have a chance to pick up such
'failure' earlier ?
is monitoring blacklists just 'a good idea'? a must ? or?
as for 'cleanup' : if this user's home PC is 'infected/hacked', if I just
issue a new password, spam will start again ?
thanks for any pointers, sorry for ot post
V
