How?
Postfix accepts local mail traffic on the machine (based on the logs).
Postfix is not accepting any connections from the internet email open relay testing tools.
The OP has a LAMP server and is running Wordpress. That means that wordpress and php are both loaded, which are highly likely to be compromised. OP also claims that emails should be going only to WP admins.
To me, that all adds up to a hacked webserver. Is there some other explanation?
Bookmarks