Ok, running virtualmin gpl here on a CentOS 6.5 virtual server.
I’m suddenly having a huge problem with spam, hundreds of emails a minute, slowing down the server.
My maillog has a lot of “to’s” in it that looks like outgoing spam. No one should be able to relay through my server, all the tests I run online (like mailradar.com ) say that it can’t be relayed through… but, something is happening.
I have someone looking into it that doesn’t know virtualmin, but otherwise has proven to be very competent in server admin. She wants to uninstall postfix and install and configure sendmail and use that to fix the issues I’m having.
Question - will doing that break virtualmin? Will I still be able to manage setting up users and sites through virtualmin as before?
Virtualmin supports sendmail. However, installing it won’t solve this problem. You have something with local user level access sending email, which they will still be able to do after switching to sendmail.
I’m guessing you have an exploited web application installed on the system (i.e. an old version of Wordpress, Drupal, Joomla, etc.). Fix that before doing something dramatic like switching MTAs (which, again, will not solve this problem).
hmm, my wordpress installs are up to date, but I do have some old plugin’s installed… would there be any particular code snippet or any other clues as to what might be causing this?
Rather than turning plugins off one by one, if I disable sites one by one, the sending should stop when the site is disabled (no scripts run when a site is disabled, right?),
Just visited webmaster tools and there was a note dated today saying they found one of my sites was hacked. Had some freaky links on it. This despite firewalls. It’s got to be related to the outgoing emails.