13 Replies Latest reply: May 14, 2010 5:00 PM by MrHoffman
justinmang Level 1 Level 1 (0 points)
Hi Everyone-

I have the option checked in Server Admin to send an account on my server a copy of all the undeliverable mail. This morning, I wake up and there's 400+ new emails from Mail Delivery Subsystem saying things like Mail timed out.

My server isn't setup as a relay and I require authentication, but it seems like I'm sending out spam email. The email is coming from Paypal@mydomain.com, even though there's no account with that email address.

Here's a sample out of mail.log:

Apr 22 17:44:49 mail postfix/smtp[21153]: DA72E115D4C: to=<min171@lycos.com.my>, relay=none, delay=34129, delays=34098/0.05/30/0, dsn=4.4.1, status=deferred (connect to lycos.com.my[216.8.179.23]:25: Operation timed out)


Any ideas?

Thanks!

Penyrn MacBook Pro (Pre Unibody), Mac OS X (10.6.3), Mac mini Server
  • 1. Re: Snow Leopard Server possibly sending out spam
    MrHoffman Level 6 Level 6 (12,470 points)
    Get your box disconnected as a start, then post the output of +postconf -n+ for the mail server, and start looking at anything on your site (web-based php or otherwise) that can be used to inject mail into your server, and start looking at stuff "behind" your server that might be infested. See where the mail is coming from. From your knowledge of the servers, the configuration, and the mail server logs.
  • 2. Re: Snow Leopard Server possibly sending out spam
    justinmang Level 1 Level 1 (0 points)
    Here's the postconf -n:
    mail:~ admin$ postconf -n
    alias_maps = hash:/etc/aliases
    always_bcc = mailbackup@4rsmokehouse.com
    biff = no
    command_directory = /usr/sbin
    config_directory = /etc/postfix
    content_filter = smtp-amavis:[127.0.0.1]:10024
    daemon_directory = /usr/libexec/postfix
    debugpeerlevel = 2
    enableserveroptions = yes
    header_checks = pcre:/etc/postfix/customheaderchecks
    html_directory = /usr/share/doc/postfix/html
    inet_interfaces = all
    localrecipientmaps = proxy:unix:passwd.byname $alias_maps
    mail_owner = _postfix
    mailboxsizelimit = 0
    mailbox_transport = dovecot
    mailq_path = /usr/bin/mailq
    manpage_directory = /usr/share/man
    mapsrbldomains =
    messagesizelimit = 31457280
    mydestination = $myhostname, localhost.$mydomain, localhost, 4rsmokehouse.com
    mydomain = 4rsmokehouse.com
    mydomain_fallback = localhost
    myhostname = mail.4rsmokehouse.com
    mynetworks = 127.0.0.1
    newaliases_path = /usr/bin/newaliases
    ownerrequestspecial = no
    queue_directory = /private/var/spool/postfix
    readme_directory = /usr/share/doc/postfix
    recipient_delimiter = +
    relayhost =
    sample_directory = /usr/share/doc/postfix/examples
    sendmail_path = /usr/sbin/sendmail
    setgid_group = _postdrop
    smtpsasl_passwordmaps =
    smtpdclientrestrictions = permit_mynetworks permitsaslauthenticated rejectrblclient zen.spamhaus.org rejectrblclient sbl.spamhaus.org permit
    smtpdenforcetls = no
    smtpdhelorequired = yes
    smtpdhelorestrictions = permitsaslauthenticated permit_mynetworks rejectinvalid_helohostname rejectnon_fqdn_helohostname
    smtpdpw_server_securityoptions = login,plain,gssapi,cram-md5
    smtpdrecipientrestrictions = permitsaslauthenticated permit_mynetworks rejectunauthdestination
    smtpdsasl_authenable = yes
    smtpdtlsCAfile = /etc/certificates/mail.4rsmokehouse.com.4B754B688A83A75362870382726606DFCB727FD 1.chain.pem
    smtpdtls_certfile = /etc/certificates/mail.4rsmokehouse.com.4B754B688A83A75362870382726606DFCB727FD 1.cert.pem
    smtpdtls_excludeciphers = SSLv2, aNULL, ADH, eNULL
    smtpdtls_keyfile = /etc/certificates/mail.4rsmokehouse.com.4B754B688A83A75362870382726606DFCB727FD 1.key.pem
    smtpdtlsloglevel = 0
    smtpduse_pwserver = yes
    smtpdusetls = yes
    unknownlocal_recipient_rejectcode = 550
    virtualaliasdomains = $virtualaliasmaps hash:/etc/postfix/virtual_domains
    virtualaliasmaps = hash:/etc/postfix/virtual_users




    Disconnecting the server isn't an option as it's in use as a primary mail server for a company.

    I checked and turned the web service off earlier today (around 4:00pm) and it's 9:00pm now and the spam seems to have stopped around 6:00pm. I'll check and see about the client machines being infected.

    Any other ideas?
  • 3. Re: Snow Leopard Server possibly sending out spam
    MrHoffman Level 6 Level 6 (12,470 points)
    Primary mail server or not, you need to figure out why this box is sending spam. The longer the box sends out spam, the more likely the company will get its legitimate outbound mail blacklisted; that this server will find itself listed on spamhaus.

    Nothing obviously spam-wrong in the SMTP configuration.

    Definitely investigate your web server and whatever it's running. Do you have any mechanisms on your web site that can send mail? Are there any "new" files on your web server? Are your web directories writable by the web server?

    In addition to the web server logs, also check the mail logs and sort out where the mail was arriving from. That can help you spot an infested client, or web activity; a source on the server or among your clients.
  • 4. Re: Snow Leopard Server possibly sending out spam
    justinmang Level 1 Level 1 (0 points)
    I can't seem to see where the mail is coming from. Here's from my SMTP logs. I shut the web service down and it still is sending out spam. I don't think it's a client because everything IMAP connection count shows 0. How do I found where this is coming from?

    Apr 23 07:11:59 mail postfix/pipe[19664]: 703FD11DA97: to=<PayPal@mail.4rsmokehouse.com>, relay=dovecot, delay=0.06, delays=0.01/0/0/0.05, dsn=2.0.0, status=sent (delivered via dovecot service)
  • 5. Re: Snow Leopard Server possibly sending out spam
    Dan Charlton Level 1 Level 1 (35 points)
    Could it be one of your users account has been hacked/password guessed?

    I had a similar issue a few weeks ago in that one of my users had a weak password & it had been guessed, so spam was being sent out.

    Dan
  • 6. Re: Snow Leopard Server possibly sending out spam
    MrHoffman Level 6 Level 6 (12,470 points)
    Check the logs for pop and imap and mail access within Server Admin mail logs, too. As was mentioned else-thread, it is possible that a password has been exposed, though malware on your local network can also be a trigger.
  • 7. Re: Snow Leopard Server possibly sending out spam
    pterobyte Level 6 Level 6 (10,910 points)
    to=<PayPal@mail.4rsmokehouse.com>, relay=dovecot, delay=0.06, delays=0.01/0/0/0.05, dsn=2.0.0, status=sent (delivered via dovecot service)


    You say you do not have an account named PayPal at your domain, yet your server is accepting mails for PayPal.
    Check WGM to see if an account or account alias for PayPal was created. If yes AND if you are sure you never created one, then your server has been compromised severely.

    You also said that once you stopped webmail, spam stopped. Chances are some account password was guessed. Make sure you change ALL user's passwords.

    Other than that, you will need to check /var/log/mail.log and follow one of those mails and post more complete log snippets.
  • 8. Re: Snow Leopard Server possibly sending out spam
    justinmang Level 1 Level 1 (0 points)
    Spam mail is still being sent. Web service is off. There is no user alias or user for "Paypal".

    Here is a pretty long chunk of Mail.log:

    Apr 23 10:14:04 mail postfix/smtp[5645]: connect to mygfx.co.uk[80.168.100.101]:25: Operation timed out
    Apr 23 10:14:04 mail postfix/smtp[5645]: 04D1411D814: to=<blow.jobs@mygfx.co.uk>, relay=none, delay=11149, delays=11119/0.04/30/0, dsn=4.4.1, status=deferred (connect to mygfx.co.uk[80.168.100.101]:25: Operation timed out)
    Apr 23 10:14:04 mail postfix/smtp[5645]: 04D1411D814: to=<blow_jobs@mygfx.co.uk>, relay=none, delay=11149, delays=11119/0.04/30/0, dsn=4.4.1, status=deferred (connect to mygfx.co.uk[80.168.100.101]:25: Operation timed out)
    Apr 23 10:16:57 mail postfix/smtpd[5710]: connect from mobile-166-137-138-184.mycingular.net[166.137.138.184]
    Apr 23 10:16:58 mail postfix/smtpd[5710]: lost connection after EHLO from mobile-166-137-138-184.mycingular.net[166.137.138.184]
    Apr 23 10:16:58 mail postfix/smtpd[5710]: disconnect from mobile-166-137-138-184.mycingular.net[166.137.138.184]
    Apr 23 10:18:34 mail postfix/qmgr[123]: 1A95F11DCE5: from=<PayPal@mail.4rsmokehouse.com>, size=10652, nrcpt=50 (queue active)
    Apr 23 10:18:34 mail postfix/qmgr[123]: 3607611DC9A: from=<PayPal@mail.4rsmokehouse.com>, size=10652, nrcpt=50 (queue active)
    Apr 23 10:18:34 mail postfix/smtp[5738]: 3607611DC9A: host mx1.mail.eu.yahoo.com[77.238.177.9] refused to talk to me: 421 4.7.0 [TS01] Messages from 24.227.121.138 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
    Apr 23 10:18:35 mail postfix/smtp[5738]: 3607611DC9A: to=<ddolittle98@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11052, delays=11051/0.04/0.62/0, dsn=4.7.0, status=deferred (host mx2.mail.eu.yahoo.com[77.238.184.241] refused to talk to me: 421 4.7.0 [TS01] Messages from 24.227.121.138 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
    Apr 23 10:19:04 mail postfix/smtp[5733]: connect to eden.com[71.103.248.51]:25: Operation timed out
    Apr 23 10:19:04 mail postfix/smtp[5733]: 1A95F11DCE5: to=<derex@eden.com>, relay=none, delay=11067, delays=11037/0.02/30/0, dsn=4.4.1, status=deferred (connect to eden.com[71.103.248.51]:25: Operation timed out)
    Apr 23 10:19:04 mail postfix/smtp[5734]: connect to sonnyclean.teradyne.com[206.114.21.197]:25: Operation timed out
    Apr 23 10:19:04 mail postfix/smtp[5736]: connect to hq.tcfarm.com[216.8.179.23]:25: Operation timed out
    Apr 23 10:19:04 mail postfix/smtp[5736]: 3607611DC9A: to=<ddoman@hq.tcfarm.com>, relay=none, delay=11082, delays=11051/0.03/30/0, dsn=4.4.1, status=deferred (connect to hq.tcfarm.com[216.8.179.23]:25: Operation timed out)
    Apr 23 10:19:34 mail postfix/smtp[5734]: connect to mrsclean.teradyne-agoura.com[206.114.21.196]:25: Operation timed out
    Apr 23 10:20:04 mail postfix/smtp[5734]: connect to hazelclean.teradyne.com[198.51.251.107]:25: Operation timed out
    Apr 23 10:20:18 mail postfix/anvil[5714]: statistics: max connection rate 1/60s for (submission:166.137.138.184) at Apr 23 10:16:57
    Apr 23 10:20:18 mail postfix/anvil[5714]: statistics: max connection count 1 for (submission:166.137.138.184) at Apr 23 10:16:57
    Apr 23 10:20:18 mail postfix/anvil[5714]: statistics: max cache size 1 at Apr 23 10:16:57
    Apr 23 10:20:34 mail postfix/smtp[5734]: connect to mrclean.teradyne.com[198.51.251.105]:25: Operation timed out
    Apr 23 10:20:34 mail postfix/smtp[5734]: 1A95F11DCE5: to=<derf@ttd.teradyne.com>, relay=none, delay=11157, delays=11037/0.03/120/0, dsn=4.4.1, status=deferred (connect to mrclean.teradyne.com[198.51.251.105]:25: Operation timed out)
    Apr 23 10:27:23 mail postfix/smtpd[5887]: connect from 178.101.188.72.cfl.res.rr.com[72.188.101.178]
    Apr 23 10:27:23 mail postfix/trivial-rewrite[5892]: warning: do not list domain 4rsmokehouse.com in BOTH mydestination and virtualaliasdomains
    Apr 23 10:27:23 mail postfix/smtpd[5887]: F166111ECD4: client=178.101.188.72.cfl.res.rr.com[72.188.101.178], sasl_method=LOGIN, sasl_username=martha
    Apr 23 10:27:27 mail postfix/smtpd[5887]: 60F8511ECD5: client=178.101.188.72.cfl.res.rr.com[72.188.101.178], sasl_method=LOGIN, sasl_username=martha
    Apr 23 10:27:27 mail postfix/cleanup[5893]: 60F8511ECD5: message-id=<010401cae2f1$1b4ac0c0$51e04240$@com>
    Apr 23 10:27:27 mail postfix/qmgr[123]: 60F8511ECD5: from=<martha@4rsmokehouse.com>, size=5783, nrcpt=2 (queue active)
    Apr 23 10:27:27 mail postfix/smtpd[5887]: disconnect from 178.101.188.72.cfl.res.rr.com[72.188.101.178]
    Apr 23 10:27:27 mail postfix/smtpd[5896]: connect from localhost[127.0.0.1]
    Apr 23 10:27:27 mail postfix/trivial-rewrite[5892]: warning: do not list domain 4rsmokehouse.com in BOTH mydestination and virtualaliasdomains
    Apr 23 10:27:27 mail postfix/smtpd[5896]: D06C211ECE6: client=localhost[127.0.0.1]
    Apr 23 10:27:27 mail postfix/cleanup[5893]: D06C211ECE6: message-id=<010401cae2f1$1b4ac0c0$51e04240$@com>
    Apr 23 10:27:27 mail postfix/smtpd[5896]: disconnect from localhost[127.0.0.1]
    Apr 23 10:27:27 mail postfix/qmgr[123]: D06C211ECE6: from=<martha@4rsmokehouse.com>, size=6184, nrcpt=3 (queue active)
    Apr 23 10:27:27 mail postfix/smtp[5894]: 60F8511ECD5: to=<graphics@itbsg.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.5, delays=0.1/0.01/0/0.39, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=04705-04, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D06C211ECE6)
    Apr 23 10:27:27 mail postfix/smtp[5894]: 60F8511ECD5: to=<mailbackup@mail.4rsmokehouse.com>, orig_to=<mailbackup@4rsmokehouse.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.5, delays=0.1/0.01/0/0.39, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=04705-04, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D06C211ECE6)
    Apr 23 10:27:27 mail postfix/qmgr[123]: 60F8511ECD5: removed
    Apr 23 10:27:27 mail postfix/pipe[5901]: D06C211ECE6: to=<mailbackup@mail.4rsmokehouse.com>, relay=dovecot, delay=0.07, delays=0.01/0.05/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
    Apr 23 10:27:27 mail postfix/pipe[5903]: D06C211ECE6: to=<mailbackup@mail.4rsmokehouse.com>, orig_to=<mailbackup@4rsmokehouse.com>, relay=dovecot, delay=0.09, delays=0.01/0.05/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
    Apr 23 10:27:32 mail postfix/smtp[5899]: D06C211ECE6: to=<graphics@itbsg.com>, relay=itbsg.com[72.34.46.140]:25, delay=4.2, delays=0.01/0.05/0.43/3.7, dsn=2.0.0, status=sent (250 OK id=1O5Jqt-0006Z8-NK)
    Apr 23 10:27:32 mail postfix/qmgr[123]: D06C211ECE6: removed
    Apr 23 10:28:20 mail postfix/smtpd[5887]: connect from elasmtp-kukur.atl.sa.earthlink.net[209.86.89.65]
    Apr 23 10:28:20 mail postfix/trivial-rewrite[5920]: warning: do not list domain 4rsmokehouse.com in BOTH mydestination and virtualaliasdomains
    Apr 23 10:28:20 mail postfix/smtpd[5887]: 75C4211ECF4: client=elasmtp-kukur.atl.sa.earthlink.net[209.86.89.65]
    Apr 23 10:28:20 mail postfix/cleanup[5893]: 75C4211ECF4: message-id=<328F6752485D4E16BCD6E4090060D04B@jc2010>
    Apr 23 10:28:20 mail postfix/qmgr[123]: 75C4211ECF4: from=<azanazanian@mpinet.net>, size=4041, nrcpt=2 (queue active)
    Apr 23 10:28:20 mail postfix/smtpd[5887]: disconnect from elasmtp-kukur.atl.sa.earthlink.net[209.86.89.65]
    Apr 23 10:28:21 mail postfix/smtpd[5896]: connect from localhost[127.0.0.1]
    Apr 23 10:28:21 mail postfix/smtpd[5896]: 16E9911ED01: client=localhost[127.0.0.1]
    Apr 23 10:28:21 mail postfix/cleanup[5893]: 16E9911ED01: message-id=<328F6752485D4E16BCD6E4090060D04B@jc2010>
    Apr 23 10:28:21 mail postfix/smtpd[5896]: disconnect from localhost[127.0.0.1]
    Apr 23 10:28:21 mail postfix/qmgr[123]: 16E9911ED01: from=<azanazanian@mpinet.net>, size=4651, nrcpt=3 (queue active)
    Apr 23 10:28:21 mail postfix/smtp[5894]: 75C4211ECF4: to=<john@mail.4rsmokehouse.com>, orig_to=<john@4rsmokehouse.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.83, delays=0.26/0/0/0.57, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02711-09, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 16E9911ED01)
    Apr 23 10:28:21 mail postfix/smtp[5894]: 75C4211ECF4: to=<mailbackup@mail.4rsmokehouse.com>, orig_to=<mailbackup@4rsmokehouse.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.83, delays=0.26/0/0/0.57, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02711-09, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 16E9911ED01)
    Apr 23 10:28:21 mail postfix/qmgr[123]: 75C4211ECF4: removed
    Apr 23 10:28:21 mail postfix/pipe[5901]: 16E9911ED01: to=<mailbackup@mail.4rsmokehouse.com>, relay=dovecot, delay=0.03, delays=0.01/0/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
    Apr 23 10:28:21 mail postfix/pipe[5903]: 16E9911ED01: to=<john@mail.4rsmokehouse.com>, relay=dovecot, delay=0.04, delays=0.01/0/0/0.03, dsn=2.0.0, status=sent (delivered via dovecot service)
    Apr 23 10:28:21 mail postfix/pipe[5901]: 16E9911ED01: to=<mailbackup@mail.4rsmokehouse.com>, orig_to=<mailbackup@4rsmokehouse.com>, relay=dovecot, delay=0.04, delays=0.01/0.01/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
    Apr 23 10:28:21 mail postfix/qmgr[123]: 16E9911ED01: removed
    Apr 23 10:28:34 mail postfix/qmgr[123]: B27E811D8CA: from=<PayPal@mail.4rsmokehouse.com>, size=10652, nrcpt=50 (queue active)
    Apr 23 10:28:34 mail postfix/smtp[5899]: connect to domcollect.mailrejector.com[188.40.178.59]:25: Connection refused
    Apr 23 10:28:34 mail postfix/smtp[5899]: B27E811D8CA: to=<cancel@bitsandpixels.co.uk>, relay=none, delay=11960, delays=11959/0.01/0.25/0, dsn=4.4.1, status=deferred (connect to domcollect.mailrejector.com[188.40.178.59]:25: Connection refused)
    Apr 23 10:28:34 mail postfix/smtp[5933]: connect to lycos.co.uk[209.202.254.14]:25: Connection refused
    Apr 23 10:28:34 mail postfix/smtp[5933]: B27E811D8CA: to=<cancel@lycos.co.uk>, relay=none, delay=11960, delays=11959/0.03/0.35/0, dsn=4.4.1, status=deferred (connect to lycos.co.uk[209.202.254.14]:25: Connection refused)
    Apr 23 10:28:34 mail postfix/smtp[5930]: B27E811D8CA: to=<cancer@lists.meds.com>, relay=lists.meds.com[209.131.124.44]:25, delay=11960, delays=11959/0.02/0.32/0.07, dsn=5.1.1, status=bounced (host lists.meds.com[209.131.124.44] said: 550 5.1.1 <cancer@lists.meds.com>... User unknown (in reply to RCPT TO command))
    Apr 23 10:28:34 mail postfix/smtp[5929]: connect to boystuff.co.uk[194.154.164.82]:25: Connection refused
    Apr 23 10:28:34 mail postfix/smtp[5929]: B27E811D8CA: to=<cancellations@boystuff.co.uk>, relay=none, delay=11960, delays=11959/0.02/0.39/0, dsn=4.4.1, status=deferred (connect to boystuff.co.uk[194.154.164.82]:25: Connection refused)
    Apr 23 10:29:04 mail postfix/smtp[5934]: connect to mygfx.co.uk[80.168.100.101]:25: Operation timed out
    Apr 23 10:29:04 mail postfix/smtp[5934]: B27E811D8CA: to=<cancel@mygfx.co.uk>, relay=none, delay=11990, delays=11959/0.04/30/0, dsn=4.4.1, status=deferred (connect to mygfx.co.uk[80.168.100.101]:25: Operation timed out)
    Apr 23 10:29:04 mail postfix/cleanup[5893]: 3E9FA11ED0F: message-id=<20100423142904.3E9FA11ED0F@mail.4rsmokehouse.com>
    Apr 23 10:29:04 mail postfix/bounce[5936]: B27E811D8CA: sender non-delivery notification: 3E9FA11ED0F
    Apr 23 10:29:04 mail postfix/qmgr[123]: 3E9FA11ED0F: from=, size=12629, nrcpt=1 (queue active)
    Apr 23 10:29:04 mail postfix/local[5900]: error: od[getpwnam_ext]: No record for user paypal
    Apr 23 10:29:04 mail postfix/pipe[5925]: 3E9FA11ED0F: to=<PayPal@mail.4rsmokehouse.com>, relay=dovecot, delay=0.03, delays=0.01/0/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service)
    Apr 23 10:29:04 mail postfix/qmgr[123]: 3E9FA11ED0F: removed
    Apr 23 10:29:22 mail postfix/smtpd[5887]: connect from 178.101.188.72.cfl.res.rr.com[72.188.101.178]
    Apr 23 10:29:22 mail postfix/trivial-rewrite[5954]: warning: do not list domain 4rsmokehouse.com in BOTH mydestination and virtualaliasdomains
    Apr 23 10:29:22 mail postfix/smtpd[5887]: CDDB811ED14: client=178.101.188.72.cfl.res.rr.com[72.188.101.178], sasl_method=LOGIN, sasl_username=martha
    Apr 23 10:29:26 mail postfix/smtpd[5887]: 2A3BF11ED15: client=178.101.188.72.cfl.res.rr.com[72.188.101.178], sasl_method=LOGIN, sasl_username=martha
    Apr 23 10:29:26 mail postfix/cleanup[5893]: 2A3BF11ED15: message-id=<010901cae2f1$6222bd40$266837c0$@com>
    Apr 23 10:29:26 mail postfix/qmgr[123]: 2A3BF11ED15: from=<martha@4rsmokehouse.com>, size=1347, nrcpt=2 (queue active)
    Apr 23 10:29:26 mail postfix/smtpd[5887]: disconnect from 178.101.188.72.cfl.res.rr.com[72.188.101.178]
    Apr 23 10:29:26 mail postfix/smtpd[5896]: connect from localhost[127.0.0.1]
    Apr 23 10:29:26 mail postfix/smtpd[5896]: 6666811ED20: client=localhost[127.0.0.1]
    Apr 23 10:29:26 mail postfix/cleanup[5893]: 6666811ED20: message-id=<010901cae2f1$6222bd40$266837c0$@com>
    Apr 23 10:29:26 mail postfix/smtpd[5896]: disconnect from localhost[127.0.0.1]
    Apr 23 10:29:26 mail postfix/qmgr[123]: 6666811ED20: from=<martha@4rsmokehouse.com>, size=1748, nrcpt=3 (queue active)
    Apr 23 10:29:26 mail postfix/smtp[5894]: 2A3BF11ED15: to=<jeff@mail.4rsmokehouse.com>, orig_to=<jeff@4rsmokehouse.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.29, delays=0.09/0/0/0.2, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=04705-05, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6666811ED20)
    Apr 23 10:29:26 mail postfix/smtp[5894]: 2A3BF11ED15: to=<mailbackup@mail.4rsmokehouse.com>, orig_to=<mailbackup@4rsmokehouse.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.29, delays=0.09/0/0/0.2, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=04705-05, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6666811ED20)
    Apr 23 10:29:26 mail postfix/qmgr[123]: 2A3BF11ED15: removed
    Apr 23 10:29:26 mail postfix/pipe[5901]: 6666811ED20: to=<jeff@mail.4rsmokehouse.com>, relay=dovecot, delay=0.03, delays=0.01/0/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
    Apr 23 10:29:26 mail postfix/pipe[5903]: 6666811ED20: to=<mailbackup@mail.4rsmokehouse.com>, relay=dovecot, delay=0.03, delays=0.01/0/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
    Apr 23 10:29:26 mail postfix/pipe[5925]: 6666811ED20: to=<mailbackup@mail.4rsmokehouse.com>, orig_to=<mailbackup@4rsmokehouse.com>, relay=dovecot, delay=0.05, delays=0.01/0.01/0/0.03, dsn=2.0.0, status=sent (delivered via dovecot service)
    Apr 23 10:29:26 mail postfix/qmgr[123]: 6666811ED20: removed
    Apr 23 10:32:46 mail postfix/anvil[5891]: statistics: max connection rate 1/60s for (smtp:72.188.101.178) at Apr 23 10:27:23
    Apr 23 10:32:46 mail postfix/anvil[5891]: statistics: max connection count 1 for (smtp:72.188.101.178) at Apr 23 10:27:23
    Apr 23 10:32:46 mail postfix/anvil[5891]: statistics: max cache size 2 at Apr 23 10:28:20
    Apr 23 10:33:34 mail postfix/qmgr[123]: 86DD811E1EC: from=<PayPal@mail.4rsmokehouse.com>, size=10652, nrcpt=50 (queue active)
    Apr 23 10:33:34 mail postfix/smtp[6036]: connect to onion.com[168.143.174.97]:25: Connection refused
    Apr 23 10:33:34 mail postfix/smtp[6036]: 86DD811E1EC: to=<deacon@onion.com>, relay=none, delay=10988, delays=10988/0.04/0.12/0, dsn=4.4.1, status=deferred (connect to onion.com[168.143.174.97]:25: Connection refused)
    Apr 23 10:33:41 mail postfix/smtpd[6039]: connect from mobile-166-137-138-184.mycingular.net[166.137.138.184]
    Apr 23 10:33:42 mail postfix/smtpd[6039]: lost connection after EHLO from mobile-166-137-138-184.mycingular.net[166.137.138.184]
    Apr 23 10:33:42 mail postfix/smtpd[6039]: disconnect from mobile-166-137-138-184.mycingular.net[166.137.138.184]
    Apr 23 10:33:46 mail postfix/smtp[6032]: 86DD811E1EC: to=<deactivate@finor.com>, relay=none, delay=11000, delays=10988/0.03/12/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=finor.com type=MX: Host not found, try again)
    Apr 23 10:34:04 mail postfix/smtp[6031]: connect to enterprise.america.com[68.178.232.99]:25: Operation timed out
    Apr 23 10:34:04 mail postfix/smtp[6031]: 86DD811E1EC: to=<dead@enterprise.america.com>, relay=none, delay=11018, delays=10988/0.02/30/0, dsn=4.4.1, status=deferred (connect to enterprise.america.com[68.178.232.99]:25: Operation timed out)
    Apr 23 10:34:04 mail postfix/smtp[6037]: connect to seo411.com[69.64.155.15]:25: Operation timed out
    Apr 23 10:34:04 mail postfix/smtp[6037]: 86DD811E1EC: to=<dead@seo411.com>, relay=none, delay=11018, delays=10988/0.05/30/0, dsn=4.4.1, status=deferred (connect to seo411.com[69.64.155.15]:25: Operation timed out)
    Apr 23 10:34:04 mail postfix/smtp[6035]: connect to gnn.com[205.188.100.58]:25: Operation timed out
    Apr 23 10:34:34 mail postfix/smtp[6035]: connect to gnn.com[64.12.79.57]:25: Operation timed out
    Apr 23 10:35:04 mail postfix/smtp[6035]: connect to gnn.com[207.200.74.38]:25: Operation timed out
    Apr 23 10:35:04 mail postfix/smtp[6035]: 86DD811E1EC: to=<deacon12@gnn.com>, relay=none, delay=11078, delays=10988/0.03/90/0, dsn=4.4.1, status=deferred (connect to gnn.com[207.200.74.38]:25: Operation timed out)
    Apr 23 10:37:02 mail postfix/anvil[6041]: statistics: max connection rate 1/60s for (submission:166.137.138.184) at Apr 23 10:33:41
    Apr 23 10:37:02 mail postfix/anvil[6041]: statistics: max connection count 1 for (submission:166.137.138.184) at Apr 23 10:33:41
    Apr 23 10:37:02 mail postfix/anvil[6041]: statistics: max cache size 1 at Apr 23 10:33:41
    Apr 23 10:38:55 mail postfix/smtpd[6134]: connect from web50903.mail.re2.yahoo.com[206.190.38.123]
    Apr 23 10:38:55 mail postfix/trivial-rewrite[6139]: warning: do not list domain 4rsmokehouse.com in BOTH mydestination and virtualaliasdomains
    Apr 23 10:38:55 mail postfix/smtpd[6134]: 81B5111ED6B: client=web50903.mail.re2.yahoo.com[206.190.38.123]
    Apr 23 10:38:55 mail postfix/cleanup[6140]: 81B5111ED6B: message-id=<631979.1218.qm@web50903.mail.re2.yahoo.com>
    Apr 23 10:38:55 mail postfix/qmgr[123]: 81B5111ED6B: from=<jaworskidj@yahoo.com>, size=11541, nrcpt=2 (queue active)
    Apr 23 10:38:55 mail postfix/smtpd[6134]: disconnect from web50903.mail.re2.yahoo.com[206.190.38.123]
    Apr 23 10:38:56 mail postfix/smtpd[6143]: connect from localhost[127.0.0.1]
    Apr 23 10:38:56 mail postfix/smtpd[6143]: 383D711ED78: client=localhost[127.0.0.1]
    Apr 23 10:38:56 mail postfix/cleanup[6140]: 383D711ED78: message-id=<631979.1218.qm@web50903.mail.re2.yahoo.com>
    Apr 23 10:38:56 mail postfix/smtpd[6143]: disconnect from localhost[127.0.0.1]
    Apr 23 10:38:56 mail postfix/qmgr[123]: 383D711ED78: from=<jaworskidj@yahoo.com>, size=11942, nrcpt=3 (queue active)
    Apr 23 10:38:56 mail postfix/smtp[6141]: 81B5111ED6B: to=<john@mail.4rsmokehouse.com>, orig_to=<john@4rsmokehouse.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.1, delays=0.5/0.01/0/0.57, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02711-10, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 383D711ED78)
    Apr 23 10:38:56 mail postfix/smtp[6141]: 81B5111ED6B: to=<mailbackup@mail.4rsmokehouse.com>, orig_to=<mailbackup@4rsmokehouse.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.1, delays=0.5/0.01/0/0.57, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02711-10, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 383D711ED78)
    Apr 23 10:38:56 mail postfix/qmgr[123]: 81B5111ED6B: removed
    Apr 23 10:38:56 mail postfix/pipe[6147]: 383D711ED78: to=<john@mail.4rsmokehouse.com>, relay=dovecot, delay=0.08, delays=0.01/0.04/0/0.03, dsn=2.0.0, status=sent (delivered via dovecot service)
    Apr 23 10:38:56 mail postfix/pipe[6149]: 383D711ED78: to=<mailbackup@mail.4rsmokehouse.com>, relay=dovecot, delay=0.09, delays=0.01/0.05/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
    Apr 23 10:38:56 mail postfix/pipe[6152]: 383D711ED78: to=<mailbackup@mail.4rsmokehouse.com>, orig_to=<mailbackup@4rsmokehouse.com>, relay=dovecot, delay=0.09, delays=0.01/0.06/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
    Apr 23 10:38:56 mail postfix/qmgr[123]: 383D711ED78: removed
    Apr 23 10:39:09 mail postfix/smtpd[6134]: connect from 178.101.188.72.cfl.res.rr.com[72.188.101.178]
    Apr 23 10:39:09 mail postfix/trivial-rewrite[6155]: warning: do not list domain 4rsmokehouse.com in BOTH mydestination and virtualaliasdomains
    Apr 23 10:39:09 mail postfix/smtpd[6134]: 635B511ED7F: client=178.101.188.72.cfl.res.rr.com[72.188.101.178], sasl_method=LOGIN, sasl_username=martha
    Apr 23 10:39:12 mail postfix/smtpd[6134]: C24D411ED80: client=178.101.188.72.cfl.res.rr.com[72.188.101.178], sasl_method=LOGIN, sasl_username=martha
    Apr 23 10:39:12 mail postfix/cleanup[6140]: C24D411ED80: message-id=<010a01cae2f2$bfc34950$3f49dbf0$@com>
    Apr 23 10:39:12 mail postfix/qmgr[123]: C24D411ED80: from=<martha@4rsmokehouse.com>, size=8809, nrcpt=2 (queue active)
    Apr 23 10:39:12 mail postfix/smtpd[6134]: disconnect from 178.101.188.72.cfl.res.rr.com[72.188.101.178]
    Apr 23 10:39:13 mail postfix/smtpd[6143]: connect from localhost[127.0.0.1]
    Apr 23 10:39:13 mail postfix/trivial-rewrite[6155]: warning: do not list domain 4rsmokehouse.com in BOTH mydestination and virtualaliasdomains
    Apr 23 10:39:13 mail postfix/smtpd[6143]: 8D7F011ED91: client=localhost[127.0.0.1]
    Apr 23 10:39:13 mail postfix/cleanup[6140]: 8D7F011ED91: message-id=<010a01cae2f2$bfc34950$3f49dbf0$@com>
    Apr 23 10:39:13 mail postfix/smtpd[6143]: disconnect from localhost[127.0.0.1]
    Apr 23 10:39:13 mail postfix/qmgr[123]: 8D7F011ED91: from=<martha@4rsmokehouse.com>, size=9210, nrcpt=3 (queue active)
    Apr 23 10:39:13 mail postfix/smtp[6141]: C24D411ED80: to=<carl@cacpos.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.83, delays=0.12/0/0/0.71, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=04705-06, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 8D7F011ED91)
    Apr 23 10:39:13 mail postfix/smtp[6141]: C24D411ED80: to=<mailbackup@mail.4rsmokehouse.com>, orig_to=<mailbackup@4rsmokehouse.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.83, delays=0.12/0/0/0.71, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=04705-06, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 8D7F011ED91)
    Apr 23 10:39:13 mail postfix/qmgr[123]: C24D411ED80: removed
    Apr 23 10:39:13 mail postfix/pipe[6149]: 8D7F011ED91: to=<mailbackup@mail.4rsmokehouse.com>, relay=dovecot, delay=0.03, delays=0.01/0/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
    Apr 23 10:39:13 mail postfix/pipe[6147]: 8D7F011ED91: to=<mailbackup@mail.4rsmokehouse.com>, orig_to=<mailbackup@4rsmokehouse.com>, relay=dovecot, delay=0.05, delays=0.01/0/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
    Apr 23 10:39:18 mail postfix/smtp[6157]: 8D7F011ED91: host ninja1.spamninjas.com[71.43.194.115] said: 451 4.7.1 <carl@cacpos.com>: Recipient address rejected: Greylisted for 5 minutes (in reply to RCPT TO command)
    Apr 23 10:39:30 mail postfix/smtp[6157]: 8D7F011ED91: to=<carl@cacpos.com>, relay=ninja2.spamninjas.com[72.19.140.201]:25, delay=17, delays=0.01/0.02/5.4/11, dsn=4.7.1, status=deferred (host ninja2.spamninjas.com[72.19.140.201] said: 451 4.7.1 <carl@cacpos.com>: Recipient address rejected: Greylisted for 5 minutes (in reply to RCPT TO command))
    Apr 23 10:40:51 mail postfix/smtpd[6134]: connect from ecbiz71.inmotionhosting.com[173.205.124.201]
    Apr 23 10:40:51 mail postfix/trivial-rewrite[6191]: warning: do not list domain 4RSmokehouse.com in BOTH mydestination and virtualaliasdomains
    Apr 23 10:40:51 mail postfix/smtpd[6134]: CED4A11ED9F: client=ecbiz71.inmotionhosting.com[173.205.124.201]
    Apr 23 10:40:51 mail postfix/cleanup[6140]: CED4A11ED9F: message-id=<327E4EFC97B54A38A18BD14F51A801AE@oci.local>
    Apr 23 10:40:51 mail postfix/qmgr[123]: CED4A11ED9F: from=<rstewart@ociassociates.com>, size=9492, nrcpt=2 (queue active)
    Apr 23 10:40:52 mail postfix/smtpd[6134]: disconnect from ecbiz71.inmotionhosting.com[173.205.124.201]
    Apr 23 10:40:52 mail postfix/smtpd[6143]: connect from localhost[127.0.0.1]
    Apr 23 10:40:52 mail postfix/smtpd[6143]: 6B83111EDB5: client=localhost[127.0.0.1]
    Apr 23 10:40:52 mail postfix/cleanup[6140]: 6B83111EDB5: message-id=<327E4EFC97B54A38A18BD14F51A801AE@oci.local>
    Apr 23 10:40:52 mail postfix/smtpd[6143]: disconnect from localhost[127.0.0.1]
    Apr 23 10:40:52 mail postfix/qmgr[123]: 6B83111EDB5: from=<rstewart@ociassociates.com>, size=9893, nrcpt=3 (queue active)
    Apr 23 10:40:52 mail postfix/smtp[6141]: CED4A11ED9F: to=<mailbackup@mail.4rsmokehouse.com>, orig_to=<mailbackup@4rsmokehouse.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.1, delays=0.58/0/0/0.5, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02711-11, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6B83111EDB5)
    Apr 23 10:40:52 mail postfix/smtp[6141]: CED4A11ED9F: to=<tom@mail.4rsmokehouse.com>, orig_to=<tom@4RSmokehouse.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.1, delays=0.58/0/0/0.5, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02711-11, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6B83111EDB5)
    Apr 23 10:40:52 mail postfix/qmgr[123]: CED4A11ED9F: removed
    Apr 23 10:40:52 mail postfix/pipe[6149]: 6B83111EDB5: to=<mailbackup@mail.4rsmokehouse.com>, relay=dovecot, delay=0.03, delays=0.01/0/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
    Apr 23 10:40:52 mail postfix/pipe[6149]: 6B83111EDB5: to=<mailbackup@mail.4rsmokehouse.com>, orig_to=<mailbackup@4rsmokehouse.com>, relay=dovecot, delay=0.13, delays=0.01/0.02/0/0.1, dsn=2.0.0, status=sent (delivered via dovecot service)
    Apr 23 10:40:52 mail postfix/pipe[6147]: 6B83111EDB5: to=<tom@mail.4rsmokehouse.com>, relay=dovecot, delay=0.13, delays=0.01/0/0/0.12, dsn=2.0.0, status=sent (delivered via dovecot service)
    Apr 23 10:40:52 mail postfix/qmgr[123]: 6B83111EDB5: removed
    Apr 23 10:43:34 mail postfix/qmgr[123]: 4BB8111D76B: from=<PayPal@mail.4rsmokehouse.com>, size=10652, nrcpt=50 (queue active)
    Apr 23 10:43:47 mail postfix/smtp[6240]: 4BB8111D76B: to=<barbara.boote@twbg.co.uk>, relay=none, delay=13025, delays=13012/0.02/13/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=twbg.co.uk type=MX: Host not found, try again)
    Apr 23 10:44:12 mail postfix/anvil[6138]: statistics: max connection rate 1/60s for (smtp:206.190.38.123) at Apr 23 10:38:55
    Apr 23 10:44:12 mail postfix/anvil[6138]: statistics: max connection count 1 for (smtp:206.190.38.123) at Apr 23 10:38:55
    Apr 23 10:44:12 mail postfix/anvil[6138]: statistics: max cache size 2 at Apr 23 10:39:09
    Apr 23 10:48:20 mail postfix/smtpd[6320]: connect from mobile-166-137-138-184.mycingular.net[166.137.138.184]
    Apr 23 10:48:21 mail postfix/smtpd[6320]: lost connection after EHLO from mobile-166-137-138-184.mycingular.net[166.137.138.184]
    Apr 23 10:48:21 mail postfix/smtpd[6320]: disconnect from mobile-166-137-138-184.mycingular.net[166.137.138.184]
    Apr 23 10:48:34 mail postfix/qmgr[123]: 3711011DA69: from=<PayPal@mail.4rsmokehouse.com>, size=10726, nrcpt=2 (queue active)
    Apr 23 10:48:34 mail postfix/qmgr[123]: 56E4F11DAC5: from=<PayPal@mail.4rsmokehouse.com>, size=10652, nrcpt=50 (queue active)
    Apr 23 10:48:34 mail postfix/qmgr[123]: 5CC8B11E265: from=<PayPal@mail.4rsmokehouse.com>, size=10652, nrcpt=50 (queue active)
    Apr 23 10:48:34 mail postfix/qmgr[123]: 8D7F011ED91: from=<martha@4rsmokehouse.com>, size=9210, nrcpt=3 (queue active)
    Apr 23 10:48:34 mail postfix/qmgr[123]: CAA4E11D93C: from=<PayPal@mail.4rsmokehouse.com>, size=10652, nrcpt=50 (queue active)
    Apr 23 10:48:34 mail postfix/smtp[6328]: connect to lycos.co.uk[209.202.254.14]:25: Connection refused
    Apr 23 10:48:34 mail postfix/smtp[6328]: 56E4F11DAC5: to=<daemon@lycos.co.uk>, relay=none, delay=12967, delays=12967/0.01/0.1/0, dsn=4.4.1, status=deferred (connect to lycos.co.uk[209.202.254.14]:25: Connection refused)
    Apr 23 10:48:34 mail postfix/smtp[6332]: connect to sylvester.faho.rwth-aachen.de[134.130.57.2]:25: Connection refused
    Apr 23 10:48:34 mail postfix/smtp[6332]: 56E4F11DAC5: to=<daemon@sylvester.faho.rwth-aachen.de>, relay=none, delay=12967, delays=12967/0.04/0.26/0, dsn=4.4.1, status=deferred (connect to sylvester.faho.rwth-aachen.de[134.130.57.2]:25: Connection refused)
    Apr 23 10:48:34 mail postfix/smtp[6335]: 5CC8B11E265: host mx1.mail.eu.yahoo.com[77.238.177.9] refused to talk to me: 421 4.7.0 [GL01] Message from (24.227.121.138) temporarily deferred - 4.16.50. Please refer to http://postmaster.yahoo.com/errors/postmaster-21.html
    Apr 23 10:48:35 mail postfix/smtp[6337]: connect to mail.suchknecht.at[62.93.251.235]:25: Connection refused
    Apr 23 10:48:35 mail postfix/smtp[6337]: CAA4E11D93C: to=<cfc@counterfeitcriminal.co.uk>, relay=none, delay=13115, delays=13115/0.07/0.59/0, dsn=4.4.1, status=deferred (connect to mail.suchknecht.at[62.93.251.235]:25: Connection refused)
    Apr 23 10:48:35 mail postfix/smtp[6336]: 8D7F011ED91: to=<carl@cacpos.com>, relay=ninja1.spamninjas.com[71.43.194.115]:25, delay=562, delays=561/0.07/0.12/0.58, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as ECE28106F97)
    Apr 23 10:48:35 mail postfix/qmgr[123]: 8D7F011ED91: removed
    Apr 23 10:48:35 mail postfix/smtp[6327]: 3711011DA69: to=<coolthingswholesale@yahoo.com>, relay=h.mx.mail.yahoo.com[66.94.236.34]:25, delay=13006, delays=13005/0.02/0.38/0.62, dsn=5.7.5, status=bounced (host h.mx.mail.yahoo.com[66.94.236.34] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:35 mail postfix/cleanup[6340]: 7D22411EDF0: message-id=<20100423144835.7D22411EDF0@mail.4rsmokehouse.com>
    Apr 23 10:48:35 mail postfix/bounce[6339]: 3711011DA69: sender non-delivery notification: 7D22411EDF0
    Apr 23 10:48:35 mail postfix/qmgr[123]: 7D22411EDF0: from=, size=12888, nrcpt=1 (queue active)
    Apr 23 10:48:35 mail postfix/qmgr[123]: 3711011DA69: removed
    Apr 23 10:48:35 mail postfix/local[6341]: error: od[getpwnam_ext]: No record for user paypal
    Apr 23 10:48:35 mail postfix/pipe[6342]: 7D22411EDF0: to=<PayPal@mail.4rsmokehouse.com>, relay=dovecot, delay=0.03, delays=0.01/0.01/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
    Apr 23 10:48:35 mail postfix/qmgr[123]: 7D22411EDF0: removed
    Apr 23 10:48:36 mail postfix/smtp[6330]: 56E4F11DAC5: host www.poleboy.de[62.75.143.131] said: 451 Temporary local problem - please try later (in reply to RCPT TO command)
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alyson_hallett@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alysonlbailey@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alysonchadwick@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alysoncockeram@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alysondennis@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alysonharkness@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alysonliversedge@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alysonsich@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alysonthomas1@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alyssa1234uk@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alyssa4655673@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alyssadnkwigtcfod@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alyssaeggertsen@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alyssagdmxyprxtut@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alyssahgvroghbwew@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alyssajzchufkrqajw@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alyssajzzkoftsrugc@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alyssay2knz@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alystangawizi_uk@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alytig2001@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alz_me@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alzafri@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alzamel67@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alzarokm@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alzawi2001@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alzayir@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alzeeb2001@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alzeepark@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<alzer18@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<amacmenamin@yahoo.co.uk>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:48:41 mail postfix/smtp[6330]: 56E4F11DAC5: to=<daemon@poleboy.de>, relay=poleboy.de[62.75.143.131]:25, delay=12975, delays=12967/0.03/2.2/5.1, dsn=4.0.0, status=deferred (host poleboy.de[62.75.143.131] said: 451 Temporary local problem - please try later (in reply to RCPT TO command))
    Apr 23 10:48:47 mail postfix/smtp[6331]: 56E4F11DAC5: to=<daemonica@sanffo.co.uk>, relay=none, delay=12980, delays=12967/0.04/13/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=sanffo.co.uk type=MX: Host not found, try again)
    Apr 23 10:48:47 mail postfix/smtp[6333]: 5CC8B11E265: to=<alyssia@alyssiasgrove.co.uk>, relay=none, delay=11651, delays=11638/0.05/13/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=alyssiasgrove.co.uk type=MX: Host not found, try again)
    Apr 23 10:49:04 mail postfix/smtp[6329]: connect to mygfx.co.uk[80.168.100.101]:25: Operation timed out
    Apr 23 10:49:04 mail postfix/smtp[6329]: 56E4F11DAC5: to=<daemon@mygfx.co.uk>, relay=none, delay=12997, delays=12967/0.02/30/0, dsn=4.4.1, status=deferred (connect to mygfx.co.uk[80.168.100.101]:25: Operation timed out)
    Apr 23 10:49:04 mail postfix/smtp[6334]: connect to nationalvoice.org[216.8.179.23]:25: Operation timed out
    Apr 23 10:49:04 mail postfix/smtp[6334]: 5CC8B11E265: to=<alyssa@nationalvoice.org>, relay=none, delay=11669, delays=11638/0.05/30/0, dsn=4.4.1, status=deferred (connect to nationalvoice.org[216.8.179.23]:25: Operation timed out)
    Apr 23 10:49:04 mail postfix/cleanup[6340]: E0FE911EDF8: message-id=<20100423144904.E0FE911EDF8@mail.4rsmokehouse.com>
    Apr 23 10:49:04 mail postfix/bounce[6339]: 5CC8B11E265: sender non-delivery notification: E0FE911EDF8
    Apr 23 10:49:04 mail postfix/qmgr[123]: E0FE911EDF8: from=, size=29336, nrcpt=1 (queue active)
    Apr 23 10:49:04 mail postfix/local[6341]: error: od[getpwnam_ext]: No record for user paypal
    Apr 23 10:49:04 mail postfix/pipe[6342]: E0FE911EDF8: to=<PayPal@mail.4rsmokehouse.com>, relay=dovecot, delay=0.02, delays=0.01/0/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service)
    Apr 23 10:49:04 mail postfix/qmgr[123]: E0FE911EDF8: removed
    Apr 23 10:51:41 mail postfix/anvil[6324]: statistics: max connection rate 1/60s for (submission:166.137.138.184) at Apr 23 10:48:20
    Apr 23 10:51:41 mail postfix/anvil[6324]: statistics: max connection count 1 for (submission:166.137.138.184) at Apr 23 10:48:20
    Apr 23 10:51:41 mail postfix/anvil[6324]: statistics: max cache size 1 at Apr 23 10:48:20
    Apr 23 10:53:34 mail postfix/qmgr[123]: 5318011DDFB: from=<PayPal@mail.4rsmokehouse.com>, size=10710, nrcpt=2 (queue active)
    Apr 23 10:53:34 mail postfix/qmgr[123]: 7723311DE03: from=<PayPal@mail.4rsmokehouse.com>, size=10652, nrcpt=50 (queue active)
    Apr 23 10:53:34 mail postfix/qmgr[123]: A63AD11DDCA: from=<PayPal@mail.4rsmokehouse.com>, size=10704, nrcpt=2 (queue active)
    Apr 23 10:53:34 mail postfix/qmgr[123]: BC71311DCA6: from=<PayPal@mail.4rsmokehouse.com>, size=10708, nrcpt=2 (queue active)
    Apr 23 10:53:34 mail postfix/qmgr[123]: CA71611DDD3: from=<PayPal@mail.4rsmokehouse.com>, size=10652, nrcpt=50 (queue active)
    Apr 23 10:53:34 mail postfix/qmgr[123]: F07E311DCDD: from=<PayPal@mail.4rsmokehouse.com>, size=10706, nrcpt=2 (queue active)
    Apr 23 10:53:34 mail postfix/smtp[6435]: connect to lycos.co.uk[209.202.254.14]:25: Connection refused
    Apr 23 10:53:34 mail postfix/smtp[6435]: 7723311DE03: to=<all-free-pictures@lycos.co.uk>, relay=none, delay=12957, delays=12957/0.03/0.06/0, dsn=4.4.1, status=deferred (connect to lycos.co.uk[209.202.254.14]:25: Connection refused)
    Apr 23 10:53:34 mail postfix/smtp[6435]: 7723311DE03: to=<allfreepictures@lycos.co.uk>, relay=none, delay=12957, delays=12957/0.03/0.06/0, dsn=4.4.1, status=deferred (connect to lycos.co.uk[209.202.254.14]:25: Connection refused)
    Apr 23 10:53:34 mail postfix/smtp[6432]: 5318011DDFB: host d.mx.mail.yahoo.com[209.191.88.254] refused to talk to me: 421 4.7.0 [GL01] Message from (24.227.121.138) temporarily deferred - 4.16.50. Please refer to http://postmaster.yahoo.com/errors/postmaster-21.html
    Apr 23 10:53:34 mail postfix/smtp[6438]: 7723311DE03: host mx1.mail.eu.yahoo.com[77.238.177.9] refused to talk to me: 421 4.7.0 [GL01] Message from (24.227.121.138) temporarily deferred - 4.16.50. Please refer to http://postmaster.yahoo.com/errors/postmaster-21.html
    Apr 23 10:53:35 mail postfix/smtp[6439]: A63AD11DDCA: host mx2.mail.eu.yahoo.com[77.238.184.241] refused to talk to me: 421 4.7.0 [GL01] Message from (24.227.121.138) temporarily deferred - 4.16.50. Please refer to http://postmaster.yahoo.com/errors/postmaster-21.html
    Apr 23 10:53:35 mail postfix/smtp[6444]: F07E311DCDD: to=<derf56_99@yahoo.com>, relay=e.mx.mail.yahoo.com[67.195.168.230]:25, delay=13138, delays=13137/0.07/0.12/0.53, dsn=5.7.5, status=bounced (host e.mx.mail.yahoo.com[67.195.168.230] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
    Apr 23 10:53:35 mail postfix/cleanup[6447]: 367E111EE16: message-id=<20100423145335.367E111EE16@mail.4rsmokehouse.com>
    Apr 23 10:53:35 mail postfix/bounce[6446]: F07E311DCDD: sender non-delivery notification: 367E111EE16
    Apr 23 10:53:35 mail postfix/qmgr[123]: 367E111EE16: from=, size=12840, nrcpt=1 (queue active)
    Apr 23 10:53:35 mail postfix/qmgr[123]: F07E311DCDD: removed
    Apr 23 10:53:35 mail postfix/local[6448]: error: od[getpwnam_ext]: No record for user paypal
    Apr 23 10:53:35 mail postfix/pipe[6449]: 367E111EE16: to=<PayPal@mail.4rsmokehouse.com>, relay=dovecot, delay=0.03, delays=0.01/0.01/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
    Apr 23 10:53:35 mail postfix/qmgr[123]: 367E111EE16: removed
    Apr 23 10:53:35 mail postfix/smtp[6432]: 5318011DDFB: host a.mx.mail.yahoo.com[67.195.168.31] refused to talk to me: 421 4.7.0 [GL01] Message from (24.227.121.138) temporarily deferred - 4.16.50. Please refer to http://postmaster.yahoo.com/errors/postmaster-21.html
    Apr 23 10:53:35 mail postfix/smtp[6440]: BC71311DCA6: host h.mx.mail.yahoo.com[66.94.236.34] refused to talk to me: 421 4.7.0 [GL01] Message from (24.227.121.138) temporarily deferred - 4.16.50. Please refer to http://postmaster.yahoo.com/errors/postmaster-21.html
    Apr 23 10:53:35 mail postfix/smtp[6440]: BC71311DCA6: host d.mx.mail.yahoo.com[209.191.88.254] refused to talk to me: 421 4.7.0 [GL01] Message from (24.227.121.138) temporarily deferred - 4.16.50. Please refer to http://postmaster.yahoo.com/errors/postmaster-21.html
    Apr 23 10:53:35 mail postfix/smtp[6433]: 7723311DE03: to=<alleycat66@btinternet.com>, relay=mx1.bt.mail.yahoo.com[212.82.111.207]:25, delay=12958, delays=12957/0.02/0.58/0.86, dsn=5.7.5, status=bounced (host mx1.bt.mail.yahoo.com[212.82.111.207] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  • 9. Re: Snow Leopard Server possibly sending out spam
    justinmang Level 1 Level 1 (0 points)
    I'm not sure this if this helps either but here it is. It seems like the user "paypal" is being mapped to the user "justin"

    deliver(paypal): Apr 22 16:52:56 Info: Module loaded: /usr/lib/dovecot/lda/lib90cmusieveplugin.so
    Apr 22 16:52:56 mail dovecot[184]: auth(default): master in: USER 1 paypal service=deliver
    Apr 22 16:52:56 mail dovecot[184]: auth(default): od(paypal): lookup user=paypal
    Apr 22 16:52:56 mail dovecot[184]: auth(default): od(paypal): directory lookup for: user=paypal
    Apr 22 16:52:56 mail dovecot[184]: auth(default): od[getpwnam_ext](paypal): No record for user
    Apr 22 16:52:56 mail dovecot[184]: auth(default): od(paypal): discarding stale user: justin in local table (age=8413)
    Apr 22 16:52:56 mail dovecot[184]: auth(default): od(paypal): directory lookup for: user=justin
    deliver(paypal): Apr 22 16:52:56 Info: auth input: paypal
    deliver(paypal): Apr 22 16:52:56 Info: auth input: uid=1025
    deliver(paypal): Apr 22 16:52:56 Info: auth input: gid=20
    deliver(paypal): Apr 22 16:52:56 Info: auth input: quota=maildir:User quota:noenforcing
    deliver(paypal): Apr 22 16:52:56 Info: auth input: quota_rule=*:storage=0
    deliver(paypal): Apr 22 16:52:56 Info: auth input: mail=maildir:/var/spool/imap/dovecot/mail/B42A169C-9C7B-47BD-A540-AACC6C99A6B3
    deliver(paypal): Apr 22 16:52:56 Info: auth input: mail_location=maildir:/var/spool/imap/dovecot/mail/B42A169C-9C7B-47BD-A540-AACC 6C99A6B3
    deliver(paypal): Apr 22 16:52:56 Info: auth input: sieve=/var/spool/imap/dovecot/sieve-scripts/B42A169C-9C7B-47BD-A540-AACC6C99A6B 3/dovecot.sieve
    deliver(paypal): Apr 22 16:52:56 Info: auth input: sieve_dir=/var/spool/imap/dovecot/sieve-scripts/B42A169C-9C7B-47BD-A540-AACC6C9 9A6B3
    deliver(paypal): Apr 22 16:52:56 Info: auth input: sieve_storage=/var/spool/imap/dovecot/sieve-scripts/B42A169C-9C7B-47BD-A540-AAC C6C99A6B3
    Apr 22 16:52:56 mail dovecot[184]: auth(default): od[getpwnam_ext](paypal): uid=1025 gid=20 state=0xe quota=0 guid=B42A169C-9C7B-47BD-A540-AACC6C99A6B3 name=justin loc=mail.4rsmokehouse.com alt=(null) fwd=(null)
    Apr 22 16:52:56 mail dovecot[184]: auth(default): od(paypal): adding user to table: justin
    Apr 22 16:52:56 mail dovecot[184]: auth(default): od(paypal): user record not found: paypal copying mail to undeliverable account: justin
    Apr 22 16:52:56 mail dovecot[184]: auth(default): od(paypal): record name=justin, uid=1025, gid=20
    Apr 22 16:52:56 mail dovecot[184]: auth(default): od(paypal): user=justin, quota=*:storage=0
    Apr 22 16:52:56 mail dovecot[184]: auth(default): od(paypal): data store location=maildir:/var/spool/imap/dovecot/mail/B42A169C-9C7B-47BD-A540-AACC6C99A 6B3
  • 10. Re: Snow Leopard Server possibly sending out spam
    pterobyte Level 6 Level 6 (10,910 points)
    Looks like you have set a catchall address which sends mail to unknown users at your domain to "justin". In this particular situation this is actually a good thing, so that you do not generate backscatter on top of the spam.

    That said, production server or not, you should shut down mail services and have somebody with the necessary skills look at your server. You are already being throttled by Yahoo, AOL and Lycos and it is only a matter of (short) time until your IP will be blacklisted.

    Until then, have a look at messages in the deferred queue (/var/spool/postfix/...) and see if you can spot where the messages originate.
  • 11. Re: Snow Leopard Server possibly sending out spam
    justinmang Level 1 Level 1 (0 points)
    Turns out it was a computer with a virus on it. Thanks for all the help guys!
  • 12. Re: Snow Leopard Server possibly sending out spam
    Tadd Williams Level 1 Level 1 (5 points)
    Justin-

    I seem to have this exact same problem on my server. You say the problem was a box with a virus. Was it your server or a workstation on your network or an outside system? Im curious where I should look

    Cheers,

    /tw/
  • 13. Re: Snow Leopard Server possibly sending out spam
    MrHoffman Level 6 Level 6 (12,470 points)
    The base question here was reportedly triggered by a malware-infested box elsewhere on the LAN. That could be a Windows box, Mac, Linux, printer (yes, printers can be hacked) or pretty much anything else connected onto your network.

    Read the thread. Grok it. Look through your mail logs.

    If you have an infested box elsewhere on your LAN, you can usually see evidence of the box connecting to the mail server on your box; log entries tracking back to one box.

    if you don't have evidence, crank up the logging settings on the mail server; log more of the traffic.

    For the basic mail configuration settings (if you want us to look at it), launch Terminal.app and post up the unexpurgated output from

    postconf -n

    This can also be triggered by password breaches. By a user and password exposed by the use of a cleartext protocol such as telnet or ftp. By a web site breach. All sorts of stuff.

    From the mail log, you may well be looking at another client, or (depending on the source of the messages) at your web server or other activity on your server.

    And though the OP here repeatedly rejected this recommendation, +disconnect off the network+ pending resolution or (depending on the breach) reload. You don't want to get blacklisted. And as is my usual recommendation, use an external firewall and (if you have one) have a look at the traffic through that device. If you see inbound traffic matching your outbound mail traffic, you have a different sort of a breach than if you only see outbound mail traffic, for instance.

    ps: In general, please start your own thread for your own question. You can manage your own thread, and your case and your discussion won't get mixed in with the reports elsewhere in this current thread. And your thread won't get buried. Thread-jacking can variously lead to the land of confusion, unfortunately.