So, we have a server based on Debian.
Complaint outgoing spam from the server.
Objective: To clear all items and find the cause.
Solution: options, of course, a lot. Consider one of them.
1. connect via SSH and see all the letters: the mailq
Yes, a lot of letters.
2. Turning off the mail server (standing for postfix) /etc/init.d/postfix the stop
3. Look at the connection port on the 25th: the netstat -apn | grep: 25 If there Established — means no spam is sent through a malicious script that sends mail, bypassing the local mail server.
4. Clear the place of letters. Of course, provided that we can do it (in the queue can be a real letter real users). Postsuper -d the ALL postsuper: the Deleted: 72 849 messages
5. Try to include extended logging-mail: the mv / usr / sbin / the sendmail /usr/sbin/sendmail.org touch, / usr / sbin / the sendmail the chmod + x / usr / sbin / the sendmail
-n the echo '# / bin directory / the bash!
the logger -p mail.info the sendmail-the ext-the log: $ site = {} HTTP_HOST, the client = $ {REMOTE_ADDR}, script = $ {SCRIPT_NAME}, the pwd = $ {} the PWD, = $ {the uid} the UID, the user = $ (the whoami)
/usr/sbin/sendmail.org -t -i '> / usr / sbin / the sendmail
6. Run the mail server /etc/init.d/postfix start
7. Watch the log tail -f /var/log/mail.info see something like:
Jan 23 16:25:25 danma logger: sendmail-ext- log: site =, client =, script = send.php, pwd = / var / www / danma / data / www / site.ru, uid = 33, user the data-the www =
Jan 23 16:25:25 danma postfix / pickup [11520]: E3CD259403D: uid = 33 = from
Jan 23 16:25:25 danma postfix / cleanup [11522]: E3CD259403D: message-id = <b381adaa7a41abcb0359b5233047a74b @ www.site.ru>
I draw your attention that this is one of the options.
If there is a ID letter in the complaint — should see it in the log items.
It so happens that the server is openreley.
And sometimes, it just picked up the password to the box — it just should pay Attention!
How to delete all messages?
Here are typical command to delete all messages in the queue. The Exim : exipick -i | xargs exim -Mrm
Postfix : postsuper -d the ALL
Sendmail : rm -rf / the var / the spool / mqueue / *