WordPress + postfix + unsolicited emails being sent even if the email account wasn’t created

I run a blog on wordpress. Recently I received a abuse complaints from the server which when verified returned this:

============================================================ 
Received: from [192.241.188.154] by usfamily.net 
(USFamily MTA v5/:PG5vcm1hX2NoYW1iZXJzQG1yaW5hbHB1cm9oaXQuY29tPjxkamtpbm5leUB1c2ZhbWlseS5uZXQ_)
with SMTP id <20140301115044001084500013> for <djkinney@usfamily.net>; 
Sat, 01 Mar 2014 11:50:44 -0600 (CST) 
(envelope-from norma_chambers@myblog.com, notifiable emailnetwork 192.241.188.) 
Received: by myprimarydomain.com (Postfix, from userid 498) 
id 1C5EE1305AE; Sat, 1 Mar 2014 17:12:39 +0000 (UTC) 
To: djkinney@usfamily.net 
Subject: FW: Good day 
X-PHP-Originating-Script: 498:sslnEn.php 
From: "Norma Chambers" <norma_chambers@myblog.com> 
Reply-To: "Norma Chambers" <norma_chambers@myblog.com> 
X-Priority: 3 (Normal) 
MIME-Version: 1.0 
Content-Type: text/html; charset="iso-8859-1" 
Message-Id: <20140301171239.1C5EE1305AE@myblog.com> 
Date: Sat, 1 Mar 2014 17:12:39 +0000 (UTC) 
Content-Transfer-Encoding: quoted-printable

<div> 
<p> 
Top Meds Website good deal <a href=3D"http://dumantarim.com/modules/mod_= 
araticlhess/rlf.html">http://dumantarim.com/modules/mod_araticlhess/rlf.h= 
tml</a> 
</p> 
</div>

============================================================

Now I assumed that it meant this:
Several unsolicited emails were sent from the id norma_chambers@myblog.com. If my assumption is correct, this email id should have existed on the VPS AND user had access to the email account to send mails. Does it really means that my server (VPS) was hacked?

Am I on the correct path to trace this problem? Please shed some light.

Read more here: WordPress + postfix + unsolicited emails being sent even if the email account wasn’t created

Leave a Reply

Your email address will not be published. Required fields are marked *