System Administrator Documents

Commands to check spamming in POSTFIX mail server 1. To see the mail queue: # mailq 2. To flush the mail queue: # postfix flush  OR # postfix -f 3. To remove all mails from the queue: # postsuper -d ALL 4. To remove all mails in the deferred queue: # postsuper -d ALL deferred 5. To delete all queued messages from or to the domain called  spamdomain.com : # ./ postfix-delete.pl   spamdomain.com 6. To delete all queued messages that contain the word “abc” in the e-mail address: # ./ postfix-delete.pl  abc 7. To know the number of messages sitting in the deferred queue: # find /var/spool/postfix/deferred -type f | wc -l 8. To get a sorted list of the accounts that have the most mail in the queue. This usually means a maximum of 2 or 3 spammers at the end of the list: # mailq|grep ^[A-F0-9]|cut -c 42-80|sort |uniq -c|sort -n|tail 9.Get the mailids of all email currently in queue: postqueue -p|egrep “[A-F0-9]{11}”|awk ‘{print $1}’ 10.To view messag

You get information that your server is sending out spam emails. You have to find the source of the problem to fix it and stop it as soon as possible. Switch to a user with sudo rights Check the mail queue with command mailq The first column of the mail queue list shows unique mail ID's, pick one from an obvious spam email and copy it Check this email's details with command postcat -q <ID> using the unique mail ID you copied in place of <ID> Identify the line starting with "X-PHP-Originating-Script". This should show which script is generating the spam emails Remove the script, patch the website with latest security fixes and make sure folder and file permissions are secure Empty the mail queue with command postsuper -d ALL Check the mail queue again with command mailq to see if more emails are now generated. If the problem persists, repeat the above steps and see if you find other scripts causing you problems. Ref: https://frontmag.no/artikl