You can follow the steps below to identify a PHP script that sending out SPAM through Postfix
- Connect to your SSH terminal
- Execute “mailq” command to check the mail queue
- The first column of the mail queue list shows unique mail ID’s, copy one from an obvious spam email
- Execute “postcat -q ” using the unique mail ID you copied in place of to check this email’s details
- Identify the line starting with “X-PHP-Originating-Script”. This should show which script is generating the spam emails
- Remove the script, patch the website with latest security fixes and make sure folder and file permissions are secure
- Execute “postsuper -d ALL” to empty the mail queue
- Check the mail queue again with command “mailq” to see if more emails are now generated. If the problem persists, repeat the above steps and see if you find other scripts causing the problem.