1
1
I have a server, running postfix MTA. There is currently a spam issue. It seems one of the local users got some infected software/script/binary, that is connecting to the postfix via TCP port 25 locally and sending junk e-mail.
In the postfix logfiles, I can only see the mails are coming from the local IP address, port 25. And postfix allows it, since the server's own IP address is allowed to send e-mail.
Does anyone have a clue, how I can get more insight within postfix, on which user is sending that mail to the postfix daemon? Any hint would be appreciated.
Koren C
Posted 2016-09-10T12:01:20.353
Reputation: 11
use LSOF to List Open Files (upper case so you could see the L) Command would be: lsof -i -n -P if you pipe it through GREP for 25 you may find it. Another possibility ps -afux the process may show up that way.. use a wide screen or capture to a text file to help you read through long lines. – TG2 – 2016-09-10T12:39:27.820