How to resolve the spamming issue with your postfix mailserver having CWP.

Before starting we should stop the postfix mailserver.

service postix stop

For start lets count the number of emails stuck in the mail server queue:

postqueue -p | grep -c "^[A-Z0-9]"

Select few similar emails and use IDs to check them

postqueue -p

you will get something like:
47071F9C08 2262516 Thu Jan 21 13:14:52 erica.bello@abc.com

Now we need to read that email by ID

postcat -q 47071F9C08

By reading the content of the email we can determinate if that is a spam or not.
If the email is spam then you need to locate the source of it.

If the email source contains something similar like sasl login:
named_attribute: sasl_method=LOGIN
named_attribute: sasl_username=info@abc.com

That means that “sasl” password login was hacked for the email account “info@abc.com”.
To protect your server you need to change the email account password.

Once you have changed the account password then you should restart the postfix.

service postfix restart
Don’t forget to install mod security with automatic update of rules within you CWP to prevent any further hacking of your sites.

This article will be updated from time to time!!!