Firstly, following perfect server tutorials has been a great learning opportunity and I want to still believe that all hope is not lost with creating a very secure server for all of these websites I want to change the world with. Problem #1: Some hacker is successfully sending mail with my mail server via POSTFIX/PICKUP (some "[email protected]" email), which isn't listed on my ISPCONFIG 3 emails. The mail is getting passed to amavis then injected into postfix to be sent. P.S. There is no wordpress on the previously mentioned "@site" but there is a wordpress on a different website built through ISPCONFIG (same server). Problem #2: I was previously under the impression that the only way to access Postfix was via Roundcube-Password-Login or SSH. Maybe even some site-side PHP Mail vulnerabilities (if there were any). Problem #3: I do not understand fully what postfix's anvil "max connection rate 1/60s" is actually limiting. ------------------------------------------------ Server Specs: Perfect server tutorial (Debian 10, Nginx, ISPconfig, roundcube, postfix, dovecot, mariadb). I skipped and successfully disabled clamav for the memory. All the passwords are randomly generated and 256 character where permissible length. Fail2Ban is very strict. SSH-only root access with private key on computer. Dhparams 4096. Roundcube Config Specs: (defaults.inc.php) $config['force_https'] = true; $config['smtp_port'] = 25; $config['smtp_server'] = 'tls://localhost'; Some Mail.log data: (postfix/pickup/amavis gateway)(note: mydomain2 is a domain on ISPconfig; mydomain1 is the main /etc/hosts domain without the hostname) Master.cf: Main.cf: Let's solve some issues for everyone here, and thank you to the major names who I have seen over the years helping many many people with their servers here on Howtoforge, from ISPconfig to Postfix and everything in between. It would be an honor to even see your names popping up in my issue. Thank Devs and Super Mods! You guys keep the world spinning! >>About me<< Ive been learning how to forge a perfect server for two years straight; trying to perfect a server for so long now that it's mind blowing. I am running into spam folder issues and vulnerabilities which land my URL's into blacklists for many a year now. I really need help from the experts. I am so tired of spending weeks and weeks and month after month, all day every day trying to learn and fix servers just for them not to be up to par. I am very grateful for the thousands of forums I have read, I have learned a lot, but its time to get the server walking on its own two feet. Oops, did I say walking? I meant working. Cuz that's why I made this child. To work for me. For ever. Thank you robots: You are humans' best friends.