my server yesterday started sending thousands of spam emails. I blocked it adding default_transport=No transport to the postfix main.cf. But now of course I can't send legit emails as well.
I have 10+ websites in my Centos Server, using Nginx. I went via FTP to see if there were new strange files or recently edited (checking the dates). I couldn't find anything suspicious.
I want to track the source of the script sending emails - they are being sent using the generic email address configured in the server.
In my php.ini I added:
mail.log = /var/log/phpmail.log
And I created the file phpmail.log via touch on /var/log/ and I restarted the server using the command systemctl restart php-fpm
The file phpmail.log is not populating, still 0KB. Now it has the following righs:
-rwxrwxrwx 1 apache apache 0 Aug 10 12:47 phpmail.log
But I tried to give him nginx.nginx, root, root, web.web, but nothing seems to work. (of course after each chmod change I restarted once again php-fpm, and tried to send emails using for example the mail() contact form on my website).
And I tried also to make this file populate before adding default_transport=No transport to main.cf.
Not sure if it's useful for you, but mailq is full of mails in the queue.
Do you have any idea what is wrong with the file phpmail.log and why it's not populating, and/or how to find the root cause that is preventing it to populate?
