Flushing PostFix outbound mail queue after servers hacked

Zombie Mail Servers will show constant disk activity without much processor consumption

After your server got hacked with SQL injection (perhaps via Drupageddon) you cleaned your Apache server and removed all malicious code, but your hard drive is still on fire and the disk I/O light never shuts off. You ran TOP but you don't see any process taking more than a few percent of processor time, what do you do?

Check your local SMTP server to see if it is flooded with outbound traffic. Your server has probably become a zombie for spammers, and your retry queue could have hundreds of thousands of outbound messages retrying continuously.


Subscribe to RSS - Activity