My Wordpress website rockitpro (dot) com is on my Plesk dedicated server & only sends mail (using postfix) when a user registers (sends 1 email to the user and 1 to me) and when a user purchases a digital product (the download link is sent to their email), that's it. I got a bounced email from Hotmail 2 days ago which led me to check my domain/ip and I found that my domain is on 20+ blacklists I manically searched Google because this stuff is over my head and found this gem mailq|grep ^[A-F0-9]|cut -c 42-80|sort |uniq -c|sort -n|tail which shows me where most of the emails come from. The weird thing is, like 20 of the thousands of emails were coming from a domain I created years ago on my server just to put my test website on, the site is blocked by robots & never linked out. The other 100,000+ mails were coming from [email protected] which is my server. I cleared the postfix mail queue but they kept piling up by the second and only stopped when I deleted my test website domain. So I'm thinking the test site domain on my server might have gotten hacked or something? My IP/domain is not a relay, already checked that, I turned on Spamassassin, turned on DomainKeys spam protection, and switched on SPF spam protection. An example header from one of the mails is: Apache [email protected] "MaddenCraftcmqce" <[email protected][email protected][email protected] MIME-Version: 1.0 -Content-type: text/plain; charset=iso-8859-1 From: Gia Deere <[email protected] (Reply-To: Gia Deere <[email protected] Subject: Trans Jet Airways X-Mailer: PHP/5.3.3NEMessage-Id: <[email protected] I noticed the User ID was always 504 which I don't remember creating a user "504" or whatever, and the originating php script was 504:versia.php or 504:mspcomt.php. Any tips so this doesn't happen again? Like I said I activated spamassassin, turned on the Plesk antivirus, and tightened up mail server settings. I'm also fixing all the warnings mxtoolbox throws. I have Fal2Ban but not sure that'll work with an issue like this. Maybe install mod_security?