Identifying spammers in your shared web service (featuring Postfix, auditd, and iptables)

Over the last week, we’ve been having a problem with spam in our shared web service: Something was sending out lots of low-quality, easily-blockable spam, and the bouncebacks were filling up the Postfix queues in our outgoing email cluster. ┬áThe way we tracked down the spammer was interesting, so I’m writing it up here in case it’s of interest to anyone else!

Continue reading