All, I have VM on the internet that for the last day or so is sending out 10's of thousands of malicious emails. openSUSE 42.2 Fully updated with security patches. I know I need to update to 42.3, but at least for now it is still getting security patches. I assume the bad guys are somehow using it as a relay site, but I'm not sure. The server has a GUI on it I think, but I rarely, if ever use it. Almost all admin is via ssh. Troubleshooting advice appreciated. First all the malicious emails have "Banco" in the content of the email, so I'm cleaning up all the deferred emails that are now accumulating via: cd /var/spool/postfix/deferred grep -l Banco */* | sed -r 's/^.{2}//' | postsuper -d - I've deleted about 100,000 emails total by running the above a few times over the last day. But additional emails show up within several hours. (I'm not checking every hour or more.) The contents of /etc/postfix/relay are: # for relaying domain # domain.de OK IAC-Forensics.com OK So, I think I only relay emails for that domain, but the malicious emails are not to or from that domain. FYI: The server has been RBL Blacklisted. It's a minor issue that I assume will clear up in a day or two. In the meantime, I can ignore the problem. This server originates very little email. Thanks Greg -- Greg Freemyer Advances are made by answering questions. Discoveries are made by questioning answers. — Bernard Haisch -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org