Hi, I am running Ispconfig 2 on Debian. I found out that the server is misused for spam sending. What I have checked is: - port 25 is closed from external, only connections from localhost/127.0.0.1 are allowed So this system is not a open relay. But still there are many mails popping up in the queue. this is one message: Code: May 13 10:27:50 ip2 postfix/pickup: 42EC21076B: uid=33 from=<email@example.com> May 13 10:27:50 ip2 postfix/cleanup: 42EC21076B: message-id=<20140513082750.42EC21076B@ip2.localserver> May 13 10:27:50 ip2 postfix/qmgr: 42EC21076B: from=<firstname.lastname@example.org>, size=661, nrcpt=1 (queue active) May 13 10:27:50 ip2 postfix/smtp: 42EC21076B: to=<email@example.com>, relay=gateway[x.x.x.22]:25, delay=0.03, delays=0.01/0/0.02/0, dsn=5.0.0, status=bounced (host gateway[x.x.x.22] said: 550 Sender is not allowed. (in reply to MAIL FROM command)) May 13 10:27:50 ip2 postfix/bounce: 42EC21076B: sender non-delivery notification: 49A211080E May 13 10:27:50 ip2 postfix/qmgr: 42EC21076B: removed I don't understand where the messages come from, where/how they are generated. When I look at the "/etc/passwd" file the id 33 is this: So this means that the webserver is generating all these mails? Can you help me?