How to identify a script sending spam through Postfix

How to identify a script sending spam through Postfix

Spam - we all hate it

... and get rid of your problem. If you have a Linux server you will probably need this information at some point.

Case:

You get information that your server is sending out spam emails. You have to find the source of the problem to fix it and stop it as soon as possible.

How (step by step):

  1. Switch to a user with sudo rights
  2. Check the mail queue with command mailq
  3. The first column of the mail queue list shows unique mail ID's, pick one from an obvious spam email and copy it
  4. Check this email's details with command postcat -q <ID> using the unique mail ID you copied in place of <ID>
  5. Identify the line starting with "X-PHP-Originating-Script". This should show which script is generating the spam emails
  6. Remove the script, patch the website with latest security fixes and make sure folder and file permissions are secure
  7. Empty the mail queue with command postsuper -d ALL
  8. Check the mail queue again with command mailq to see if more emails are now generated. If the problem persists, repeat the above steps and see if you find other scripts causing you problems.

Good luck!

Jan-Helge Hansen

Jan-Helge Hansen

Les flere artikler fra Jan-Helge Hansen.

Prosjektkoordinator i Frontkom, ivrig opptatt av SEO og sosiale medier. Finnes blant annet på . Blir glad av raske nettsider.