SMTP Monitoring to find origin of messages
Posted on 2014-08-05
I have a issue and do not really find a feasible solution to my problem. I hope that maybe someone has a good pointer on how to tackle this issue.
Basically the problem is that I have a Linux server with postfix. I also have logwatch installed and get a daily report. There are maybe about 200 mail accounts on this server. Most of them are not to active but logwatch says that 7k messages are send. So I do suspect maybe some of the programs hosted on this server has some exploit that allows some outside person to maybe send messages using my server by exploding a possible faulty script.
I wonder if there is any way to find something like this with some monitoring script or reporting script. Any tips on how to tackle a situation like this so that I can tighten the server and ensure nobody is using my machine to possible send spam.