Is my server being exploited?
Recently, I have received a lot of Mailer-Daemon type messages with undeliverable messages from mailservers I KNOW my users haven't been mailing to. Some are anti-spam messages from these mailservers spam-filters.
I suspect that someone is using my mailserver to relay spam. Also my mail.warn file contains many warnings like:
These are all unknown hosts to me. So, as you see, I supect foul play.
Apr 20 13:59:21 mail2 postfix/smtpd: warning: 126.96.36.199: hostname dsl88.230-12409.ttnet.net.tr verification failed: Name or service not known
How do I go about detecting what is going on, and how can I prevent my mailserver from being exploited?
Appeciate any help on this...