Hi,
I have a little Ubuntu 14.04.3 server using postfix for those few
users who want it. Generally smooth. But yesterday a huge bandwidth
increase on the system as a whole led me to outgoing spam mails being
sent by this system. I can prevent this (and have) by turning postfix
off. Brief periods or operation confirm that the spamming starts as
soon as postfix is started, within a minute or so. In each case I can
stop postfix and the outbound spam stops too.
I suspected a compromised wordpress install and ran updates on every
aspect of wordpress that I can think of. I have no reason now to think
that WP is responsible for the ongoing spamming. I don't have any more
good ideas,a dn am reproducing below the postscript portion of
logwatch I ran just now, hoping someone will see more in it than I do.
Ideas about this much appreciated, those of my users who use email
really need it.
Dave
ps this report was run with postfix not running
--------------------- Postfix Begin ------------------------
3 *Fatal: General fatal
1 *Warning: Error writing queue file
34 SASL authentication failed
58 Miscellaneous warnings
21.219M Bytes accepted 22,249,818
7.515M Bytes sent via SMTP 7,880,014
83.760K Bytes delivered 85,770
12.324K Bytes forwarded 12,620
======== ==================================================
18609 Accepted 99.80%
37 Rejected 0.20%
-------- --------------------------------------------------
18646 Total 100.00%
======== ==================================================
37 5xx Reject unknown user 100.00%
-------- --------------------------------------------------
37 Total 5xx Rejects 100.00%
======== ==================================================
91 4xx Reject relay denied 100.00%
-------- --------------------------------------------------
91 Total 4xx Rejects 100.00%
======== ==================================================
172 Connections
42 Connections lost (inbound)
12011 Connections lost (outbound)
172 Disconnections
71164 Removed from queue
18 Delivered
5503 Sent via SMTP
9 Forwarded
54722 Deferred
539046 Deferrals
9658 Bounced (local)
5477 Bounced (remote)
3842 Expired and returned to sender
9470 Notifications sent
18747 Connection failures (outbound)
22 Timeouts (inbound)
29 DNS lookup errors
11 Hostname verification errors (FCRDNS)
23 Hostname validation errors
2 PIX workaround enabled
1 SASL authenticated messages
2 Postfix start
4 Postfix stop
1 Postfix waiting to terminate
---------------------- Postfix End -------------------------
--
"As long as politics is the shadow cast on society by big business,
the attenuation of the shadow will not change the substance."
-- John Dewey
