My postfix is used for spamming

Asked Jan 06 '21 at 20:35

Active Jan 06 '21 at 20:35

Viewed 18 times

I need your help.

My postfix is sending spam mails.

I checked my main.cf and it should be fine. In the following a snippet of my mail.log

Jan  3 22:35:41 mail postfix/pickup[104179]: 866352963F01: uid=33 from=<web424794656434@mydomain.net>
Jan  3 22:35:41 mail postfix/cleanup[104027]: 866352963F01: message-id=<06760aed1118c62b0c4fb17967316e92@www.mydomain.net>
Jan  3 22:35:41 mail opendkim[3895]: 866352963F01: DKIM-Signature field added (s=key1, d=mydomain.net)
Jan  3 22:35:41 mail postfix/qmgr[27451]: 866352963F01: from=<web424794656434@mydomain.net>, size=6867, nrcpt=1 (queue active)

Any clue what happen?

Thanks in advance!

asked Jan 06 '21 at 20:35

Mike

2

The user with uid 33 sent the mail. Look to see which user that is. My money is on the web user `www-data`, which would mean your web site was compromised. – Michael Hampton Jan 06 '21 at 20:55
1

I wouldn't jump into the conclusion the server is compromised. A simple web application vulnerability could enable anyone to send email without giving possibilities for persistent access. There could be e.g. PHP `mail()` function that allows setting arbitrary recipients. – Esa Jokinen Jan 07 '21 at 04:27

My postfix is used for spamming

0 Answers0