Hi, I recently discovered that my Ubuntu 10.4 server was blaclisted at several sites (I used http://mxtoolbox.com
Checking the logs I could see that one email account was sending several spam messages every second!
I have disabled the account, but my questions are:
1) How can I troubleshoot this problem in the best way? How can I see if the spam was sent from the persons own computer or from some exploit on my server? (I already checket for rootkits - none were discovered, and I have amavis running)
2) How can I make sure this doesn't happen again?
3) Should I contact the blacklisting servers directly to be removed or does that happen automatically after some time? Google is not accepting mails from my servers for instance :-(
This is a real big problem as it affects all my users, so any help is greatly appreciated :-)