Postfix continue sending email from deleted mail account

**Operating system: Debian
**OS version:9
Hello, Im using virtualmin for at least 6 years, never happened this to me before. Today some camera become crazy sending email once per second. It was on a remote location and connects smtp to my server for sending email. So i cant shutdown the camera i tried to lock the account.
I changed the password, temporarily disable login, disable primery email and also deleted the account, and it is still sending email. Dont understand what happens. I restarted postfix, reload config, etc
I have anonymous login rejected so i dont know why i cant stop this account for sending email…

Virtualmin can be configured to limit the rate at which a virtual server can send mail. See Virtualmin → Email Settings → Mail Rate Limits. Additionally, the following are handy for finding most used email addresses in mail logs, its not authoritative, but a handy pointer:

grep -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" /var/log/mail.log | sort | uniq -c | sort -n | tail -n 10

grep "status=sent" /var/log/mail.log | grep -E -o "\b[A-Za-z0–9._%+-]+@[A-Za-z0–9.-]+\.[A-Za-z]{2,6}\b" | sort | uniq -c | sort -n | tail -n 10

Maybe these were the mail which were already queued.

As a great man said recently: once you’ve eliminated the impossible, whatever is left, however improbable, must be the truth.


Postfix SMTP is little stupid. Lock account - not help you. For some reason you must restart postfix and saslauth deamon (“service postfix restart” and “service saslauthd restart”).

When Postfix was being built, a decision was taken to make it stupid on the assumption that the admin would not be.

Postfix has been optimised to process as much mail as possible. It would have been quite easy to get Postfix to check for change in config files every few seconds and if resources are diverted to do this repeated check for changes to config files, then Postfix would not be as optimised as it currently is for the purpose of processing mail.

I think I like Postfix to be optimised to process mail and don’t mind occasionally restarting Postfix manually. Don’t you?

i already restarted postfix several times, but dont know about restarting saslauthd, that would be the issue. Thanks!

Authentication is also a critical issue. There are multiple reasons you could revoke access to an account. I think should be ways to make postfix check user data in main tables instead of whatever it does when it starts.

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.