View Single Post
Old 28th July 2010, 05:58
fishtenors fishtenors is offline
Junior Member
Join Date: May 2007
Posts: 4
Thanks: 0
Thanked 2 Times in 2 Posts

I had a similar issue where one of my user's password had been compromised, and some spammer was using the account to blast messages through my server. See what's in the queue with:

#postqueue -p

There is a great Perl script called pfdel that I used to clear out the queue:

Save that script somewhere, and then add execute permissions:

#chmod +x /some/path/pfdel

Execution of the script is really simple. Usage: pfdel <email_address>:


If you are running Postfix with SASL, run:

#cat /var/log/mail.log | grep sasl

to see if you have any user that is authenticating at a higher rate than normal. That is how I was able to identify the hijacked account. Hope that helps!
Reply With Quote