Almost always I can see many smtp processes in ps aux command output like this:
postfix 924674 0.4 0.0 44460 9212 ? S 18:54 0:00 smtp -t unix -u -c postfix 924675 0.2 0.0 44460 9108 ? S 18:54 0:00 smtp -t unix -u -c postfix 924676 0.2 0.0 44460 9352 ? S 18:54 0:00 smtp -t unix -u -c postfix 924677 0.5 0.0 44460 9156 ? S 18:54 0:00 smtp -t unix -u -c postfix 924678 0.2 0.0 44460 9316 ? S 18:54 0:00 smtp -t unix -u -c postfix 924679 0.2 0.0 44460 9268 ? S 18:54 0:00 smtp -t unix -u -c postfix 924680 0.2 0.0 44460 9208 ? S 18:54 0:00 smtp -t unix -u -c postfix 924681 0.2 0.0 44460 9328 ? S 18:54 0:00 smtp -t unix -u -c postfix 924682 0.2 0.0 44460 9152 ? S 18:54 0:00 smtp -t unix -u -c The total memory (VSZ column) of these processes is sometimes even 1 GBytes.
Is my server hacked and used by hackers for sending emails?
How can I stop it?
- Note that smtp server is not installed on my server
smtpis postfix's SMTP and LMTP delivery agent (in contrast,smtpdwith adis postfix's SMTP daemon which listens for incoming connections) - i.e. it delivers both local and smtp mail. You can check if there's any mail in the queue withmailq, and check whether smtp is attempting to deliver any mail withnetstat -tpan | grep smtp$. Also, have you looked in/var/log/mail.logfor evidence of unusual mail activity? or tried runningjournalctl -u postfix -S todayto see today's mail logs?