Centos Server Guide

Today, many e-mail applications such as Sendmail, Postfix, or even MS Exchange was re-designed to minimize the possibility of becoming "spam-​​relay." From our experience, most relay SMTP auth attack compromised due to weak password-protected accounts. Once you have found and compromised accounts. Spammers authenticate using user credentials, they are approved through the relay server, which is then used to send spam.
Below are simple steps to stop these e-mail spam and quickly identify which account (s) is compromised.
Step1: Stop waiting on mail order .
Large quantities of spam e-mail to keep waiting for e-mail spool. What is worse is all the spam filling out all your / var. Therefore, it is always to keep mail order for provisional until you know your account has been exploited by spammer and send a large amount of e-mail.
Step2:. Check your mail log
Go to / var / log / maillog to have a quick look at the line of: <>. Maybe you'll see a lot of e-mail domains that do not belong even your organization. This is due to a false-mail spammers from :<>.
Step 3: Identifying the compromised account authentication SMTP auth link
Now, let us check those e-mail accounts that use. Running is sasl_username cat grep and sort. You should see a long list of attempts to login and session for those exploiting the account. You can also do a quick calculation by running wc-l command to see the total sessions for a specific user.
Step4:. Disable exploit e-mail
After SASL_username series, which has an account. We encourage you to disabled or to change the password for complex passwords.
Step 5: Move a mail order or delete unsolicited e-mail
Now, we need to deal with our mail order. Easier and quickest way is to move its mail order and make a home later. Or, you can delete those spam e-mail using a Bash script.
Step 6: Release Mail Order
Remember to start mail order after our household and keep the process on the monitor mail traffic.