1
1
I have a server, running postfix MTA. There is currently a spam issue. It seems one of the local users got some infected software/script/binary, that is connecting to the postfix via TCP port 25 locally and sending junk e-mail.
In the postfix logfiles, I can only see the mails are coming from the local IP address, port 25. And postfix allows it, since the server's own IP address is allowed to send e-mail.
Does anyone have a clue, how I can get more insight within postfix, on which user is sending that mail to the postfix daemon? Any hint would be appreciated.
use LSOF to List Open Files (upper case so you could see the L) Command would be: lsof -i -n -P if you pipe it through GREP for 25 you may find it. Another possibility ps -afux the process may show up that way.. use a wide screen or capture to a text file to help you read through long lines. – TG2 – 2016-09-10T12:39:27.820