Postfix user is not allowed to submit mail

linux spam postfix

I am running a webserver on debian wheezy with postfix and about 3 months ago I had a major spam problem with one my domains with web21 id. I made a fresh wordpress install and everything and the problem was gone for about 3 months and this time although I have set !web21 in my main.cf to disallow this user to send mail I still get tones of :

May 8 13:53:05 htz postfix/sendmail[16190]: fatal: User web21(5012) is not allowed to submit mail
May 8 13:53:06 htz postfix/sendmail[16191]: fatal: User web21(5012) is not allowed to submit mail
May 8 13:53:07 htz postfix/sendmail[16192]: fatal: User web21(5012) is not allowed to     submit mail
May 8 13:53:07 htz postfix/sendmail[16193]: fatal: User web21(5012) is not allowed to submit mail
May 8 13:53:08 htz postfix/sendmail[16194]: fatal: User web21(5012) is not allowed to submit mail
May 8 13:53:09 htz postfix/sendmail[16195]: fatal: User web21(5012) is not allowed to submit mail
May 8 13:53:26 htz postfix/sendmail[16196]: fatal: User web21(5012) is not allowed to submit mail
May 8 13:53:27 htz postfix/sendmail[16197]: fatal: User web21(5012) is not allowed to submit mail
May 8 13:53:28 htz postfix/sendmail[16198]: fatal: User web21(5012) is not allowed to submit mail
May 8 13:53:29 htz postfix/sendmail[16199]: fatal: User web21(5012) is not allowed to submit mail
May 8 13:53:29 htz postfix/sendmail[16200]: fatal: User web21(5012) is not allowed to submit mail
May 8 13:53:31 htz postfix/sendmail[16201]: fatal: User web21(5012) is not allowed to submit mail
May 8 13:53:31 htz postfix/sendmail[16202]: fatal: User web21(5012) is not allowed to submit mail
May 8 13:53:32 htz postfix/sendmail[16203]: fatal: User web21(5012) is not allowed to submit mail
May 8 13:53:32 htz postfix/sendmail[16204]: fatal: User web21(5012) is not allowed to submit mail
May 8 13:53:33 htz postfix/sendmail[16205]: fatal: User web21(5012) is not allowed to submit mail
May 8 14:07:22 htz postfix/sendmail[16468]: fatal: User web21(5012) is not allowed to submit mail
May 8 14:07:23 htz postfix/sendmail[16469]: fatal: User web21(5012) is not allowed to submit mail
May 8 14:07:25 htz postfix/sendmail[16470]: fatal: User web21(5012) is not allowed to submit mail
May 8 14:07:26 htz postfix/sendmail[16471]: fatal: User web21(5012) is not allowed to submit mail
May 8 14:07:27 htz postfix/sendmail[16472]: fatal: User web21(5012) is not allowed to submit mail
May 8 14:07:28 htz postfix/sendmail[16473]: fatal: User web21(5012) is not allowed to submit mail

I have run the antivirus multiple times and there was no infected file found.

I wonder how am I able to understand what these mails are / where are they going / and how can I track down the method they are using to send all these spams ?


First you can list all files owned by web21 user. Try to identify a strange filename, maybe in an strange location too. To do this, you can use this command find / -user web21.

Second try look process with ps to identify process which sending spam. Maybe you can catch it there.

Third, maybe spammer periodically send by crontab, check every crontab in your system to identified the bogus script.

Fourth, the spammer could be send email by send POST/GET request to particular page in your website. Check your web server log, this will point out which page the spammer targeted.

Related

Android SimpleCursorAdapter doesn't update when database changes
Notify activity from service
Export table to file with column headers (column names) using the bcp utility and SQL Server 2008
Can I safely use OpenMP with C++11?
How to generate 11 char hash key for Sms Retriever with Google App signing
How to display an IFRAME inside a jQuery UI dialog
How to get all the AD groups for a particular user?
JPA Criteria API - How to add JOIN clause (as general sentence as possible)
How to find spark RDD/Dataframe size?
Unobtrusive validation not working on dynamically-added partial view
Difference between Subquery and Correlated Subquery
Closed form for $\sum^\infty_{n=1}\frac{H_n}{2^n\,(2n+1)^2}$