Greetings, I have hacked server. One particular email account is persistently sending spam messages. The server is currently isolated from the internet. However, analyzing the log files reveals an ongoing attempt to send emails. How to find problem ?
Nov 27 19:44:03 srv postfix/error[46181]: BF39BA3C6728: to=mark110@o2.com, relay=none, delay=80326, delays=80326/0/0/0, dsn=4.4.3, status=deferred (delivery temporarily suspended: Host or domain name not found. Name service error for name=com.pl type=MX: Host not found, try again)
Nov 27 19:44:03 srv postfix/error[47483]: B50A3A382DDB: to=lolzonk@o2.com, relay=none, delay=91721, delays=91721/0/0/0, dsn=4.4.3, status=deferred (delivery temporarily suspended: Host or domain name not found. Name service error for name=com.pl type=MX: Host not found, try again)
|OS type and version|ubuntu 20|
|Webmin version|newsest|
|Virtualmin version|newsest|
First have a look at the mail queue, may be it is just that?
Usually hacked email accounts send a lot to wrong mail adresses, which then hang in the mail queue.
If you can empty all mails from the queue (i.e. there are only spam mails, no production mails),
and after that you find no newly created mails - it was only the hacked email account and perhaps nothing else.
To clear mails from the queue: have a look at man postsuper and search for “ALL” …
To have a look in the different queues: pfqueue may help.
