View Single Post
  #2  
Old 28th July 2010, 04:58
fishtenors fishtenors is offline
Junior Member
 
Join Date: May 2007
Posts: 4
Thanks: 0
Thanked 2 Times in 2 Posts
Default

I had a similar issue where one of my user's password had been compromised, and some spammer was using the account to blast messages through my server. See what's in the queue with:

#postqueue -p

There is a great Perl script called pfdel that I used to clear out the queue:

http://www.ustrem.org/en/articles/po...eue-delete-en/

Save that script somewhere, and then add execute permissions:

#chmod +x /some/path/pfdel

Execution of the script is really simple. Usage: pfdel <email_address>:

#/some/path/pfdel email@spammer.org

If you are running Postfix with SASL, run:

#cat /var/log/mail.log | grep sasl

to see if you have any user that is authenticating at a higher rate than normal. That is how I was able to identify the hijacked account. Hope that helps!
Reply With Quote