Yes i was using the latest version of iredmail.. and on saturday morning i found that my server was compromised and sending spams..
My /var/log/maillog was full of outgoing emails and i checked the malicious code in temp files... checked for rootkit with chkrootkit , and also checked for any newly created user.. but i found nothing..
From the server processes... postfix was heavily used process during that process...
My mail server IP was listed on RBL, PBL.. i instantly changed the IP address of the server.. but i could not stop the spam emails from going out my server..
Then i updated my server.. From /var/log/maillog i found that many email addresses to which emails are sending are coming from mail queue.. that's why i first asked to clear the mail queue..
After server update i restarted the server thinking that it'll close all the connections that have made and also it will clear the mail queue..
But to my bad luck... i got the "kernel panic .. not syncing. Attempting to kill init.."
And the server never came up ..
Thankfully i have everything in the backups except that the emails that were bounced during the period when my server IP was listed on RBL and PBL and Trend micro databases...
One very annoying thing i found was, during this period(when the server was sending spam emails) my ldap logs were increasing like crazy.. /var/log/ldap.log went for 5GB in one day... and it was increasing heavily...
can spammers log into through my ldap and send emails.. this way..
