My Wordpress website rockitpro (dot) com is on my Plesk dedicated server & only sends mail (using postfix) when a user registers (sends 1 email to the user and 1 to me) and when a user purchases a digital product (the download link is sent to their email), that's it. I got a bounced email from Hotmail 2 days ago which led me to check my domain/ip and I found that my domain is on 20+ blacklists I manically searched Google because this stuff is over my head and found this gem mailq|grep ^[A-F0-9]|cut -c 42-80|sort |uniq -c|sort -n|tail which shows me where most of the emails come from. The weird thing is, like 20 of the thousands of emails were coming from a domain I created years ago on my server just to put my test website on, the site is blocked by robots & never linked out. The other 100,000+ mails were coming from firstname.lastname@example.org which is my server. I cleared the postfix mail queue but they kept piling up by the second and only stopped when I deleted my test website domain. So I'm thinking the test site domain on my server might have gotten hacked or something? My IP/domain is not a relay, already checked that, I turned on Spamassassin, turned on DomainKeys spam protection, and switched on SPF spam protection. An example header from one of the mails is: Apache serverSemail@example.com "MaddenCraftcmqce" <MaddenCraftcmqce@adelphia.com>,"nmacdonald 478" <firstname.lastname@example.org>,"oneineagle" <email@example.com>NSubject:Trans Jet AirwaysN(X-PHP-Originating-Script: 50versia.php MIME-Version: 1.0 -Content-type: text/plain; charset=iso-8859-1 From: Gia Deere <Deere@bowtown.com> (Reply-To: Gia Deere <Deere@bowtown.com> Subject: Trans Jet Airways X-Mailer: PHP/5.3.3NEMessage-Id: <20140303164218.F2E1A5785A1@xx-xxxx-xxxxx.privatedns.com>N+Date: Mon, 3 Mar 2014 11:42:18 -0500 (EST)p I noticed the User ID was always 504 which I don't remember creating a user "504" or whatever, and the originating php script was 504:versia.php or 504:mspcomt.php. Any tips so this doesn't happen again? Like I said I activated spamassassin, turned on the Plesk antivirus, and tightened up mail server settings. I'm also fixing all the warnings mxtoolbox throws. I have Fal2Ban but not sure that'll work with an issue like this. Maybe install mod_security?