OSX server sending out "spam?"

Similar Messages

• Snow Leopard Server possibly sending out spam

  Hi Everyone-
  I have the option checked in Server Admin to send an account on my server a copy of all the undeliverable mail. This morning, I wake up and there's 400+ new emails from Mail Delivery Subsystem saying things like Mail timed out.
  My server isn't setup as a relay and I require authentication, but it seems like I'm sending out spam email. The email is coming from [email protected], even though there's no account with that email address.
  Here's a sample out of mail.log:
  Apr 22 17:44:49 mail postfix/smtp[21153]: DA72E115D4C: to=<[email protected]>, relay=none, delay=34129, delays=34098/0.05/30/0, dsn=4.4.1, status=deferred (connect to lycos.com.my[216.8.179.23]:25: Operation timed out)
  Any ideas?
  Thanks!

  Spam mail is still being sent. Web service is off. There is no user alias or user for "Paypal".
  Here is a pretty long chunk of Mail.log:
  Apr 23 10:14:04 mail postfix/smtp[5645]: connect to mygfx.co.uk[80.168.100.101]:25: Operation timed out
  Apr 23 10:14:04 mail postfix/smtp[5645]: 04D1411D814: to=<[email protected]>, relay=none, delay=11149, delays=11119/0.04/30/0, dsn=4.4.1, status=deferred (connect to mygfx.co.uk[80.168.100.101]:25: Operation timed out)
  Apr 23 10:14:04 mail postfix/smtp[5645]: 04D1411D814: to=<[email protected]>, relay=none, delay=11149, delays=11119/0.04/30/0, dsn=4.4.1, status=deferred (connect to mygfx.co.uk[80.168.100.101]:25: Operation timed out)
  Apr 23 10:16:57 mail postfix/smtpd[5710]: connect from mobile-166-137-138-184.mycingular.net[166.137.138.184]
  Apr 23 10:16:58 mail postfix/smtpd[5710]: lost connection after EHLO from mobile-166-137-138-184.mycingular.net[166.137.138.184]
  Apr 23 10:16:58 mail postfix/smtpd[5710]: disconnect from mobile-166-137-138-184.mycingular.net[166.137.138.184]
  Apr 23 10:18:34 mail postfix/qmgr[123]: 1A95F11DCE5: from=<[email protected]>, size=10652, nrcpt=50 (queue active)
  Apr 23 10:18:34 mail postfix/qmgr[123]: 3607611DC9A: from=<[email protected]>, size=10652, nrcpt=50 (queue active)
  Apr 23 10:18:34 mail postfix/smtp[5738]: 3607611DC9A: host mx1.mail.eu.yahoo.com[77.238.177.9] refused to talk to me: 421 4.7.0 [TS01] Messages from 24.227.121.138 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
  Apr 23 10:18:35 mail postfix/smtp[5738]: 3607611DC9A: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11052, delays=11051/0.04/0.62/0, dsn=4.7.0, status=deferred (host mx2.mail.eu.yahoo.com[77.238.184.241] refused to talk to me: 421 4.7.0 [TS01] Messages from 24.227.121.138 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
  Apr 23 10:19:04 mail postfix/smtp[5733]: connect to eden.com[71.103.248.51]:25: Operation timed out
  Apr 23 10:19:04 mail postfix/smtp[5733]: 1A95F11DCE5: to=<[email protected]>, relay=none, delay=11067, delays=11037/0.02/30/0, dsn=4.4.1, status=deferred (connect to eden.com[71.103.248.51]:25: Operation timed out)
  Apr 23 10:19:04 mail postfix/smtp[5734]: connect to sonnyclean.teradyne.com[206.114.21.197]:25: Operation timed out
  Apr 23 10:19:04 mail postfix/smtp[5736]: connect to hq.tcfarm.com[216.8.179.23]:25: Operation timed out
  Apr 23 10:19:04 mail postfix/smtp[5736]: 3607611DC9A: to=<[email protected]>, relay=none, delay=11082, delays=11051/0.03/30/0, dsn=4.4.1, status=deferred (connect to hq.tcfarm.com[216.8.179.23]:25: Operation timed out)
  Apr 23 10:19:34 mail postfix/smtp[5734]: connect to mrsclean.teradyne-agoura.com[206.114.21.196]:25: Operation timed out
  Apr 23 10:20:04 mail postfix/smtp[5734]: connect to hazelclean.teradyne.com[198.51.251.107]:25: Operation timed out
  Apr 23 10:20:18 mail postfix/anvil[5714]: statistics: max connection rate 1/60s for (submission:166.137.138.184) at Apr 23 10:16:57
  Apr 23 10:20:18 mail postfix/anvil[5714]: statistics: max connection count 1 for (submission:166.137.138.184) at Apr 23 10:16:57
  Apr 23 10:20:18 mail postfix/anvil[5714]: statistics: max cache size 1 at Apr 23 10:16:57
  Apr 23 10:20:34 mail postfix/smtp[5734]: connect to mrclean.teradyne.com[198.51.251.105]:25: Operation timed out
  Apr 23 10:20:34 mail postfix/smtp[5734]: 1A95F11DCE5: to=<[email protected]>, relay=none, delay=11157, delays=11037/0.03/120/0, dsn=4.4.1, status=deferred (connect to mrclean.teradyne.com[198.51.251.105]:25: Operation timed out)
  Apr 23 10:27:23 mail postfix/smtpd[5887]: connect from 178.101.188.72.cfl.res.rr.com[72.188.101.178]
  Apr 23 10:27:23 mail postfix/trivial-rewrite[5892]: warning: do not list domain 4rsmokehouse.com in BOTH mydestination and virtualaliasdomains
  Apr 23 10:27:23 mail postfix/smtpd[5887]: F166111ECD4: client=178.101.188.72.cfl.res.rr.com[72.188.101.178], sasl_method=LOGIN, sasl_username=martha
  Apr 23 10:27:27 mail postfix/smtpd[5887]: 60F8511ECD5: client=178.101.188.72.cfl.res.rr.com[72.188.101.178], sasl_method=LOGIN, sasl_username=martha
  Apr 23 10:27:27 mail postfix/cleanup[5893]: 60F8511ECD5: message-id=<010401cae2f1$1b4ac0c0$51e04240$@com>
  Apr 23 10:27:27 mail postfix/qmgr[123]: 60F8511ECD5: from=<[email protected]>, size=5783, nrcpt=2 (queue active)
  Apr 23 10:27:27 mail postfix/smtpd[5887]: disconnect from 178.101.188.72.cfl.res.rr.com[72.188.101.178]
  Apr 23 10:27:27 mail postfix/smtpd[5896]: connect from localhost[127.0.0.1]
  Apr 23 10:27:27 mail postfix/trivial-rewrite[5892]: warning: do not list domain 4rsmokehouse.com in BOTH mydestination and virtualaliasdomains
  Apr 23 10:27:27 mail postfix/smtpd[5896]: D06C211ECE6: client=localhost[127.0.0.1]
  Apr 23 10:27:27 mail postfix/cleanup[5893]: D06C211ECE6: message-id=<010401cae2f1$1b4ac0c0$51e04240$@com>
  Apr 23 10:27:27 mail postfix/smtpd[5896]: disconnect from localhost[127.0.0.1]
  Apr 23 10:27:27 mail postfix/qmgr[123]: D06C211ECE6: from=<[email protected]>, size=6184, nrcpt=3 (queue active)
  Apr 23 10:27:27 mail postfix/smtp[5894]: 60F8511ECD5: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.5, delays=0.1/0.01/0/0.39, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=04705-04, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D06C211ECE6)
  Apr 23 10:27:27 mail postfix/smtp[5894]: 60F8511ECD5: to=<[email protected]>, orig_to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.5, delays=0.1/0.01/0/0.39, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=04705-04, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D06C211ECE6)
  Apr 23 10:27:27 mail postfix/qmgr[123]: 60F8511ECD5: removed
  Apr 23 10:27:27 mail postfix/pipe[5901]: D06C211ECE6: to=<[email protected]>, relay=dovecot, delay=0.07, delays=0.01/0.05/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
  Apr 23 10:27:27 mail postfix/pipe[5903]: D06C211ECE6: to=<[email protected]>, orig_to=<[email protected]>, relay=dovecot, delay=0.09, delays=0.01/0.05/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
  Apr 23 10:27:32 mail postfix/smtp[5899]: D06C211ECE6: to=<[email protected]>, relay=itbsg.com[72.34.46.140]:25, delay=4.2, delays=0.01/0.05/0.43/3.7, dsn=2.0.0, status=sent (250 OK id=1O5Jqt-0006Z8-NK)
  Apr 23 10:27:32 mail postfix/qmgr[123]: D06C211ECE6: removed
  Apr 23 10:28:20 mail postfix/smtpd[5887]: connect from elasmtp-kukur.atl.sa.earthlink.net[209.86.89.65]
  Apr 23 10:28:20 mail postfix/trivial-rewrite[5920]: warning: do not list domain 4rsmokehouse.com in BOTH mydestination and virtualaliasdomains
  Apr 23 10:28:20 mail postfix/smtpd[5887]: 75C4211ECF4: client=elasmtp-kukur.atl.sa.earthlink.net[209.86.89.65]
  Apr 23 10:28:20 mail postfix/cleanup[5893]: 75C4211ECF4: message-id=<328F6752485D4E16BCD6E4090060D04B@jc2010>
  Apr 23 10:28:20 mail postfix/qmgr[123]: 75C4211ECF4: from=<[email protected]>, size=4041, nrcpt=2 (queue active)
  Apr 23 10:28:20 mail postfix/smtpd[5887]: disconnect from elasmtp-kukur.atl.sa.earthlink.net[209.86.89.65]
  Apr 23 10:28:21 mail postfix/smtpd[5896]: connect from localhost[127.0.0.1]
  Apr 23 10:28:21 mail postfix/smtpd[5896]: 16E9911ED01: client=localhost[127.0.0.1]
  Apr 23 10:28:21 mail postfix/cleanup[5893]: 16E9911ED01: message-id=<328F6752485D4E16BCD6E4090060D04B@jc2010>
  Apr 23 10:28:21 mail postfix/smtpd[5896]: disconnect from localhost[127.0.0.1]
  Apr 23 10:28:21 mail postfix/qmgr[123]: 16E9911ED01: from=<[email protected]>, size=4651, nrcpt=3 (queue active)
  Apr 23 10:28:21 mail postfix/smtp[5894]: 75C4211ECF4: to=<[email protected]>, orig_to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.83, delays=0.26/0/0/0.57, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02711-09, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 16E9911ED01)
  Apr 23 10:28:21 mail postfix/smtp[5894]: 75C4211ECF4: to=<[email protected]>, orig_to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.83, delays=0.26/0/0/0.57, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02711-09, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 16E9911ED01)
  Apr 23 10:28:21 mail postfix/qmgr[123]: 75C4211ECF4: removed
  Apr 23 10:28:21 mail postfix/pipe[5901]: 16E9911ED01: to=<[email protected]>, relay=dovecot, delay=0.03, delays=0.01/0/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
  Apr 23 10:28:21 mail postfix/pipe[5903]: 16E9911ED01: to=<[email protected]>, relay=dovecot, delay=0.04, delays=0.01/0/0/0.03, dsn=2.0.0, status=sent (delivered via dovecot service)
  Apr 23 10:28:21 mail postfix/pipe[5901]: 16E9911ED01: to=<[email protected]>, orig_to=<[email protected]>, relay=dovecot, delay=0.04, delays=0.01/0.01/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
  Apr 23 10:28:21 mail postfix/qmgr[123]: 16E9911ED01: removed
  Apr 23 10:28:34 mail postfix/qmgr[123]: B27E811D8CA: from=<[email protected]>, size=10652, nrcpt=50 (queue active)
  Apr 23 10:28:34 mail postfix/smtp[5899]: connect to domcollect.mailrejector.com[188.40.178.59]:25: Connection refused
  Apr 23 10:28:34 mail postfix/smtp[5899]: B27E811D8CA: to=<[email protected]>, relay=none, delay=11960, delays=11959/0.01/0.25/0, dsn=4.4.1, status=deferred (connect to domcollect.mailrejector.com[188.40.178.59]:25: Connection refused)
  Apr 23 10:28:34 mail postfix/smtp[5933]: connect to lycos.co.uk[209.202.254.14]:25: Connection refused
  Apr 23 10:28:34 mail postfix/smtp[5933]: B27E811D8CA: to=<[email protected]>, relay=none, delay=11960, delays=11959/0.03/0.35/0, dsn=4.4.1, status=deferred (connect to lycos.co.uk[209.202.254.14]:25: Connection refused)
  Apr 23 10:28:34 mail postfix/smtp[5930]: B27E811D8CA: to=<[email protected]>, relay=lists.meds.com[209.131.124.44]:25, delay=11960, delays=11959/0.02/0.32/0.07, dsn=5.1.1, status=bounced (host lists.meds.com[209.131.124.44] said: 550 5.1.1 <[email protected]>... User unknown (in reply to RCPT TO command))
  Apr 23 10:28:34 mail postfix/smtp[5929]: connect to boystuff.co.uk[194.154.164.82]:25: Connection refused
  Apr 23 10:28:34 mail postfix/smtp[5929]: B27E811D8CA: to=<[email protected]>, relay=none, delay=11960, delays=11959/0.02/0.39/0, dsn=4.4.1, status=deferred (connect to boystuff.co.uk[194.154.164.82]:25: Connection refused)
  Apr 23 10:29:04 mail postfix/smtp[5934]: connect to mygfx.co.uk[80.168.100.101]:25: Operation timed out
  Apr 23 10:29:04 mail postfix/smtp[5934]: B27E811D8CA: to=<[email protected]>, relay=none, delay=11990, delays=11959/0.04/30/0, dsn=4.4.1, status=deferred (connect to mygfx.co.uk[80.168.100.101]:25: Operation timed out)
  Apr 23 10:29:04 mail postfix/cleanup[5893]: 3E9FA11ED0F: message-id=<[email protected]>
  Apr 23 10:29:04 mail postfix/bounce[5936]: B27E811D8CA: sender non-delivery notification: 3E9FA11ED0F
  Apr 23 10:29:04 mail postfix/qmgr[123]: 3E9FA11ED0F: from=, size=12629, nrcpt=1 (queue active)
  Apr 23 10:29:04 mail postfix/local[5900]: error: od[getpwnam_ext]: No record for user paypal
  Apr 23 10:29:04 mail postfix/pipe[5925]: 3E9FA11ED0F: to=<[email protected]>, relay=dovecot, delay=0.03, delays=0.01/0/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service)
  Apr 23 10:29:04 mail postfix/qmgr[123]: 3E9FA11ED0F: removed
  Apr 23 10:29:22 mail postfix/smtpd[5887]: connect from 178.101.188.72.cfl.res.rr.com[72.188.101.178]
  Apr 23 10:29:22 mail postfix/trivial-rewrite[5954]: warning: do not list domain 4rsmokehouse.com in BOTH mydestination and virtualaliasdomains
  Apr 23 10:29:22 mail postfix/smtpd[5887]: CDDB811ED14: client=178.101.188.72.cfl.res.rr.com[72.188.101.178], sasl_method=LOGIN, sasl_username=martha
  Apr 23 10:29:26 mail postfix/smtpd[5887]: 2A3BF11ED15: client=178.101.188.72.cfl.res.rr.com[72.188.101.178], sasl_method=LOGIN, sasl_username=martha
  Apr 23 10:29:26 mail postfix/cleanup[5893]: 2A3BF11ED15: message-id=<010901cae2f1$6222bd40$266837c0$@com>
  Apr 23 10:29:26 mail postfix/qmgr[123]: 2A3BF11ED15: from=<[email protected]>, size=1347, nrcpt=2 (queue active)
  Apr 23 10:29:26 mail postfix/smtpd[5887]: disconnect from 178.101.188.72.cfl.res.rr.com[72.188.101.178]
  Apr 23 10:29:26 mail postfix/smtpd[5896]: connect from localhost[127.0.0.1]
  Apr 23 10:29:26 mail postfix/smtpd[5896]: 6666811ED20: client=localhost[127.0.0.1]
  Apr 23 10:29:26 mail postfix/cleanup[5893]: 6666811ED20: message-id=<010901cae2f1$6222bd40$266837c0$@com>
  Apr 23 10:29:26 mail postfix/smtpd[5896]: disconnect from localhost[127.0.0.1]
  Apr 23 10:29:26 mail postfix/qmgr[123]: 6666811ED20: from=<[email protected]>, size=1748, nrcpt=3 (queue active)
  Apr 23 10:29:26 mail postfix/smtp[5894]: 2A3BF11ED15: to=<[email protected]>, orig_to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.29, delays=0.09/0/0/0.2, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=04705-05, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6666811ED20)
  Apr 23 10:29:26 mail postfix/smtp[5894]: 2A3BF11ED15: to=<[email protected]>, orig_to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.29, delays=0.09/0/0/0.2, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=04705-05, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6666811ED20)
  Apr 23 10:29:26 mail postfix/qmgr[123]: 2A3BF11ED15: removed
  Apr 23 10:29:26 mail postfix/pipe[5901]: 6666811ED20: to=<[email protected]>, relay=dovecot, delay=0.03, delays=0.01/0/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
  Apr 23 10:29:26 mail postfix/pipe[5903]: 6666811ED20: to=<[email protected]>, relay=dovecot, delay=0.03, delays=0.01/0/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
  Apr 23 10:29:26 mail postfix/pipe[5925]: 6666811ED20: to=<[email protected]>, orig_to=<[email protected]>, relay=dovecot, delay=0.05, delays=0.01/0.01/0/0.03, dsn=2.0.0, status=sent (delivered via dovecot service)
  Apr 23 10:29:26 mail postfix/qmgr[123]: 6666811ED20: removed
  Apr 23 10:32:46 mail postfix/anvil[5891]: statistics: max connection rate 1/60s for (smtp:72.188.101.178) at Apr 23 10:27:23
  Apr 23 10:32:46 mail postfix/anvil[5891]: statistics: max connection count 1 for (smtp:72.188.101.178) at Apr 23 10:27:23
  Apr 23 10:32:46 mail postfix/anvil[5891]: statistics: max cache size 2 at Apr 23 10:28:20
  Apr 23 10:33:34 mail postfix/qmgr[123]: 86DD811E1EC: from=<[email protected]>, size=10652, nrcpt=50 (queue active)
  Apr 23 10:33:34 mail postfix/smtp[6036]: connect to onion.com[168.143.174.97]:25: Connection refused
  Apr 23 10:33:34 mail postfix/smtp[6036]: 86DD811E1EC: to=<[email protected]>, relay=none, delay=10988, delays=10988/0.04/0.12/0, dsn=4.4.1, status=deferred (connect to onion.com[168.143.174.97]:25: Connection refused)
  Apr 23 10:33:41 mail postfix/smtpd[6039]: connect from mobile-166-137-138-184.mycingular.net[166.137.138.184]
  Apr 23 10:33:42 mail postfix/smtpd[6039]: lost connection after EHLO from mobile-166-137-138-184.mycingular.net[166.137.138.184]
  Apr 23 10:33:42 mail postfix/smtpd[6039]: disconnect from mobile-166-137-138-184.mycingular.net[166.137.138.184]
  Apr 23 10:33:46 mail postfix/smtp[6032]: 86DD811E1EC: to=<[email protected]>, relay=none, delay=11000, delays=10988/0.03/12/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=finor.com type=MX: Host not found, try again)
  Apr 23 10:34:04 mail postfix/smtp[6031]: connect to enterprise.america.com[68.178.232.99]:25: Operation timed out
  Apr 23 10:34:04 mail postfix/smtp[6031]: 86DD811E1EC: to=<[email protected]>, relay=none, delay=11018, delays=10988/0.02/30/0, dsn=4.4.1, status=deferred (connect to enterprise.america.com[68.178.232.99]:25: Operation timed out)
  Apr 23 10:34:04 mail postfix/smtp[6037]: connect to seo411.com[69.64.155.15]:25: Operation timed out
  Apr 23 10:34:04 mail postfix/smtp[6037]: 86DD811E1EC: to=<[email protected]>, relay=none, delay=11018, delays=10988/0.05/30/0, dsn=4.4.1, status=deferred (connect to seo411.com[69.64.155.15]:25: Operation timed out)
  Apr 23 10:34:04 mail postfix/smtp[6035]: connect to gnn.com[205.188.100.58]:25: Operation timed out
  Apr 23 10:34:34 mail postfix/smtp[6035]: connect to gnn.com[64.12.79.57]:25: Operation timed out
  Apr 23 10:35:04 mail postfix/smtp[6035]: connect to gnn.com[207.200.74.38]:25: Operation timed out
  Apr 23 10:35:04 mail postfix/smtp[6035]: 86DD811E1EC: to=<[email protected]>, relay=none, delay=11078, delays=10988/0.03/90/0, dsn=4.4.1, status=deferred (connect to gnn.com[207.200.74.38]:25: Operation timed out)
  Apr 23 10:37:02 mail postfix/anvil[6041]: statistics: max connection rate 1/60s for (submission:166.137.138.184) at Apr 23 10:33:41
  Apr 23 10:37:02 mail postfix/anvil[6041]: statistics: max connection count 1 for (submission:166.137.138.184) at Apr 23 10:33:41
  Apr 23 10:37:02 mail postfix/anvil[6041]: statistics: max cache size 1 at Apr 23 10:33:41
  Apr 23 10:38:55 mail postfix/smtpd[6134]: connect from web50903.mail.re2.yahoo.com[206.190.38.123]
  Apr 23 10:38:55 mail postfix/trivial-rewrite[6139]: warning: do not list domain 4rsmokehouse.com in BOTH mydestination and virtualaliasdomains
  Apr 23 10:38:55 mail postfix/smtpd[6134]: 81B5111ED6B: client=web50903.mail.re2.yahoo.com[206.190.38.123]
  Apr 23 10:38:55 mail postfix/cleanup[6140]: 81B5111ED6B: message-id=<[email protected]>
  Apr 23 10:38:55 mail postfix/qmgr[123]: 81B5111ED6B: from=<[email protected]>, size=11541, nrcpt=2 (queue active)
  Apr 23 10:38:55 mail postfix/smtpd[6134]: disconnect from web50903.mail.re2.yahoo.com[206.190.38.123]
  Apr 23 10:38:56 mail postfix/smtpd[6143]: connect from localhost[127.0.0.1]
  Apr 23 10:38:56 mail postfix/smtpd[6143]: 383D711ED78: client=localhost[127.0.0.1]
  Apr 23 10:38:56 mail postfix/cleanup[6140]: 383D711ED78: message-id=<[email protected]>
  Apr 23 10:38:56 mail postfix/smtpd[6143]: disconnect from localhost[127.0.0.1]
  Apr 23 10:38:56 mail postfix/qmgr[123]: 383D711ED78: from=<[email protected]>, size=11942, nrcpt=3 (queue active)
  Apr 23 10:38:56 mail postfix/smtp[6141]: 81B5111ED6B: to=<[email protected]>, orig_to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.1, delays=0.5/0.01/0/0.57, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02711-10, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 383D711ED78)
  Apr 23 10:38:56 mail postfix/smtp[6141]: 81B5111ED6B: to=<[email protected]>, orig_to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.1, delays=0.5/0.01/0/0.57, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02711-10, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 383D711ED78)
  Apr 23 10:38:56 mail postfix/qmgr[123]: 81B5111ED6B: removed
  Apr 23 10:38:56 mail postfix/pipe[6147]: 383D711ED78: to=<[email protected]>, relay=dovecot, delay=0.08, delays=0.01/0.04/0/0.03, dsn=2.0.0, status=sent (delivered via dovecot service)
  Apr 23 10:38:56 mail postfix/pipe[6149]: 383D711ED78: to=<[email protected]>, relay=dovecot, delay=0.09, delays=0.01/0.05/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
  Apr 23 10:38:56 mail postfix/pipe[6152]: 383D711ED78: to=<[email protected]>, orig_to=<[email protected]>, relay=dovecot, delay=0.09, delays=0.01/0.06/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
  Apr 23 10:38:56 mail postfix/qmgr[123]: 383D711ED78: removed
  Apr 23 10:39:09 mail postfix/smtpd[6134]: connect from 178.101.188.72.cfl.res.rr.com[72.188.101.178]
  Apr 23 10:39:09 mail postfix/trivial-rewrite[6155]: warning: do not list domain 4rsmokehouse.com in BOTH mydestination and virtualaliasdomains
  Apr 23 10:39:09 mail postfix/smtpd[6134]: 635B511ED7F: client=178.101.188.72.cfl.res.rr.com[72.188.101.178], sasl_method=LOGIN, sasl_username=martha
  Apr 23 10:39:12 mail postfix/smtpd[6134]: C24D411ED80: client=178.101.188.72.cfl.res.rr.com[72.188.101.178], sasl_method=LOGIN, sasl_username=martha
  Apr 23 10:39:12 mail postfix/cleanup[6140]: C24D411ED80: message-id=<010a01cae2f2$bfc34950$3f49dbf0$@com>
  Apr 23 10:39:12 mail postfix/qmgr[123]: C24D411ED80: from=<[email protected]>, size=8809, nrcpt=2 (queue active)
  Apr 23 10:39:12 mail postfix/smtpd[6134]: disconnect from 178.101.188.72.cfl.res.rr.com[72.188.101.178]
  Apr 23 10:39:13 mail postfix/smtpd[6143]: connect from localhost[127.0.0.1]
  Apr 23 10:39:13 mail postfix/trivial-rewrite[6155]: warning: do not list domain 4rsmokehouse.com in BOTH mydestination and virtualaliasdomains
  Apr 23 10:39:13 mail postfix/smtpd[6143]: 8D7F011ED91: client=localhost[127.0.0.1]
  Apr 23 10:39:13 mail postfix/cleanup[6140]: 8D7F011ED91: message-id=<010a01cae2f2$bfc34950$3f49dbf0$@com>
  Apr 23 10:39:13 mail postfix/smtpd[6143]: disconnect from localhost[127.0.0.1]
  Apr 23 10:39:13 mail postfix/qmgr[123]: 8D7F011ED91: from=<[email protected]>, size=9210, nrcpt=3 (queue active)
  Apr 23 10:39:13 mail postfix/smtp[6141]: C24D411ED80: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.83, delays=0.12/0/0/0.71, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=04705-06, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 8D7F011ED91)
  Apr 23 10:39:13 mail postfix/smtp[6141]: C24D411ED80: to=<[email protected]>, orig_to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.83, delays=0.12/0/0/0.71, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=04705-06, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 8D7F011ED91)
  Apr 23 10:39:13 mail postfix/qmgr[123]: C24D411ED80: removed
  Apr 23 10:39:13 mail postfix/pipe[6149]: 8D7F011ED91: to=<[email protected]>, relay=dovecot, delay=0.03, delays=0.01/0/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
  Apr 23 10:39:13 mail postfix/pipe[6147]: 8D7F011ED91: to=<[email protected]>, orig_to=<[email protected]>, relay=dovecot, delay=0.05, delays=0.01/0/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
  Apr 23 10:39:18 mail postfix/smtp[6157]: 8D7F011ED91: host ninja1.spamninjas.com[71.43.194.115] said: 451 4.7.1 <[email protected]>: Recipient address rejected: Greylisted for 5 minutes (in reply to RCPT TO command)
  Apr 23 10:39:30 mail postfix/smtp[6157]: 8D7F011ED91: to=<[email protected]>, relay=ninja2.spamninjas.com[72.19.140.201]:25, delay=17, delays=0.01/0.02/5.4/11, dsn=4.7.1, status=deferred (host ninja2.spamninjas.com[72.19.140.201] said: 451 4.7.1 <[email protected]>: Recipient address rejected: Greylisted for 5 minutes (in reply to RCPT TO command))
  Apr 23 10:40:51 mail postfix/smtpd[6134]: connect from ecbiz71.inmotionhosting.com[173.205.124.201]
  Apr 23 10:40:51 mail postfix/trivial-rewrite[6191]: warning: do not list domain 4RSmokehouse.com in BOTH mydestination and virtualaliasdomains
  Apr 23 10:40:51 mail postfix/smtpd[6134]: CED4A11ED9F: client=ecbiz71.inmotionhosting.com[173.205.124.201]
  Apr 23 10:40:51 mail postfix/cleanup[6140]: CED4A11ED9F: message-id=<[email protected]>
  Apr 23 10:40:51 mail postfix/qmgr[123]: CED4A11ED9F: from=<[email protected]>, size=9492, nrcpt=2 (queue active)
  Apr 23 10:40:52 mail postfix/smtpd[6134]: disconnect from ecbiz71.inmotionhosting.com[173.205.124.201]
  Apr 23 10:40:52 mail postfix/smtpd[6143]: connect from localhost[127.0.0.1]
  Apr 23 10:40:52 mail postfix/smtpd[6143]: 6B83111EDB5: client=localhost[127.0.0.1]
  Apr 23 10:40:52 mail postfix/cleanup[6140]: 6B83111EDB5: message-id=<[email protected]>
  Apr 23 10:40:52 mail postfix/smtpd[6143]: disconnect from localhost[127.0.0.1]
  Apr 23 10:40:52 mail postfix/qmgr[123]: 6B83111EDB5: from=<[email protected]>, size=9893, nrcpt=3 (queue active)
  Apr 23 10:40:52 mail postfix/smtp[6141]: CED4A11ED9F: to=<[email protected]>, orig_to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.1, delays=0.58/0/0/0.5, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02711-11, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6B83111EDB5)
  Apr 23 10:40:52 mail postfix/smtp[6141]: CED4A11ED9F: to=<[email protected]>, orig_to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.1, delays=0.58/0/0/0.5, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02711-11, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6B83111EDB5)
  Apr 23 10:40:52 mail postfix/qmgr[123]: CED4A11ED9F: removed
  Apr 23 10:40:52 mail postfix/pipe[6149]: 6B83111EDB5: to=<[email protected]>, relay=dovecot, delay=0.03, delays=0.01/0/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
  Apr 23 10:40:52 mail postfix/pipe[6149]: 6B83111EDB5: to=<[email protected]>, orig_to=<[email protected]>, relay=dovecot, delay=0.13, delays=0.01/0.02/0/0.1, dsn=2.0.0, status=sent (delivered via dovecot service)
  Apr 23 10:40:52 mail postfix/pipe[6147]: 6B83111EDB5: to=<[email protected]>, relay=dovecot, delay=0.13, delays=0.01/0/0/0.12, dsn=2.0.0, status=sent (delivered via dovecot service)
  Apr 23 10:40:52 mail postfix/qmgr[123]: 6B83111EDB5: removed
  Apr 23 10:43:34 mail postfix/qmgr[123]: 4BB8111D76B: from=<[email protected]>, size=10652, nrcpt=50 (queue active)
  Apr 23 10:43:47 mail postfix/smtp[6240]: 4BB8111D76B: to=<[email protected]>, relay=none, delay=13025, delays=13012/0.02/13/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=twbg.co.uk type=MX: Host not found, try again)
  Apr 23 10:44:12 mail postfix/anvil[6138]: statistics: max connection rate 1/60s for (smtp:206.190.38.123) at Apr 23 10:38:55
  Apr 23 10:44:12 mail postfix/anvil[6138]: statistics: max connection count 1 for (smtp:206.190.38.123) at Apr 23 10:38:55
  Apr 23 10:44:12 mail postfix/anvil[6138]: statistics: max cache size 2 at Apr 23 10:39:09
  Apr 23 10:48:20 mail postfix/smtpd[6320]: connect from mobile-166-137-138-184.mycingular.net[166.137.138.184]
  Apr 23 10:48:21 mail postfix/smtpd[6320]: lost connection after EHLO from mobile-166-137-138-184.mycingular.net[166.137.138.184]
  Apr 23 10:48:21 mail postfix/smtpd[6320]: disconnect from mobile-166-137-138-184.mycingular.net[166.137.138.184]
  Apr 23 10:48:34 mail postfix/qmgr[123]: 3711011DA69: from=<[email protected]>, size=10726, nrcpt=2 (queue active)
  Apr 23 10:48:34 mail postfix/qmgr[123]: 56E4F11DAC5: from=<[email protected]>, size=10652, nrcpt=50 (queue active)
  Apr 23 10:48:34 mail postfix/qmgr[123]: 5CC8B11E265: from=<[email protected]>, size=10652, nrcpt=50 (queue active)
  Apr 23 10:48:34 mail postfix/qmgr[123]: 8D7F011ED91: from=<[email protected]>, size=9210, nrcpt=3 (queue active)
  Apr 23 10:48:34 mail postfix/qmgr[123]: CAA4E11D93C: from=<[email protected]>, size=10652, nrcpt=50 (queue active)
  Apr 23 10:48:34 mail postfix/smtp[6328]: connect to lycos.co.uk[209.202.254.14]:25: Connection refused
  Apr 23 10:48:34 mail postfix/smtp[6328]: 56E4F11DAC5: to=<[email protected]>, relay=none, delay=12967, delays=12967/0.01/0.1/0, dsn=4.4.1, status=deferred (connect to lycos.co.uk[209.202.254.14]:25: Connection refused)
  Apr 23 10:48:34 mail postfix/smtp[6332]: connect to sylvester.faho.rwth-aachen.de[134.130.57.2]:25: Connection refused
  Apr 23 10:48:34 mail postfix/smtp[6332]: 56E4F11DAC5: to=<[email protected]>, relay=none, delay=12967, delays=12967/0.04/0.26/0, dsn=4.4.1, status=deferred (connect to sylvester.faho.rwth-aachen.de[134.130.57.2]:25: Connection refused)
  Apr 23 10:48:34 mail postfix/smtp[6335]: 5CC8B11E265: host mx1.mail.eu.yahoo.com[77.238.177.9] refused to talk to me: 421 4.7.0 [GL01] Message from (24.227.121.138) temporarily deferred - 4.16.50. Please refer to http://postmaster.yahoo.com/errors/postmaster-21.html
  Apr 23 10:48:35 mail postfix/smtp[6337]: connect to mail.suchknecht.at[62.93.251.235]:25: Connection refused
  Apr 23 10:48:35 mail postfix/smtp[6337]: CAA4E11D93C: to=<[email protected]>, relay=none, delay=13115, delays=13115/0.07/0.59/0, dsn=4.4.1, status=deferred (connect to mail.suchknecht.at[62.93.251.235]:25: Connection refused)
  Apr 23 10:48:35 mail postfix/smtp[6336]: 8D7F011ED91: to=<[email protected]>, relay=ninja1.spamninjas.com[71.43.194.115]:25, delay=562, delays=561/0.07/0.12/0.58, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as ECE28106F97)
  Apr 23 10:48:35 mail postfix/qmgr[123]: 8D7F011ED91: removed
  Apr 23 10:48:35 mail postfix/smtp[6327]: 3711011DA69: to=<[email protected]>, relay=h.mx.mail.yahoo.com[66.94.236.34]:25, delay=13006, delays=13005/0.02/0.38/0.62, dsn=5.7.5, status=bounced (host h.mx.mail.yahoo.com[66.94.236.34] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:35 mail postfix/cleanup[6340]: 7D22411EDF0: message-id=<[email protected]>
  Apr 23 10:48:35 mail postfix/bounce[6339]: 3711011DA69: sender non-delivery notification: 7D22411EDF0
  Apr 23 10:48:35 mail postfix/qmgr[123]: 7D22411EDF0: from=, size=12888, nrcpt=1 (queue active)
  Apr 23 10:48:35 mail postfix/qmgr[123]: 3711011DA69: removed
  Apr 23 10:48:35 mail postfix/local[6341]: error: od[getpwnam_ext]: No record for user paypal
  Apr 23 10:48:35 mail postfix/pipe[6342]: 7D22411EDF0: to=<[email protected]>, relay=dovecot, delay=0.03, delays=0.01/0.01/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
  Apr 23 10:48:35 mail postfix/qmgr[123]: 7D22411EDF0: removed
  Apr 23 10:48:36 mail postfix/smtp[6330]: 56E4F11DAC5: host www.poleboy.de[62.75.143.131] said: 451 Temporary local problem - please try later (in reply to RCPT TO command)
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:36 mail postfix/smtp[6335]: 5CC8B11E265: to=<[email protected]>, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=11640, delays=11638/0.07/0.95/1, dsn=5.7.5, status=bounced (host mx2.mail.eu.yahoo.com[77.238.184.241] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:48:41 mail postfix/smtp[6330]: 56E4F11DAC5: to=<[email protected]>, relay=poleboy.de[62.75.143.131]:25, delay=12975, delays=12967/0.03/2.2/5.1, dsn=4.0.0, status=deferred (host poleboy.de[62.75.143.131] said: 451 Temporary local problem - please try later (in reply to RCPT TO command))
  Apr 23 10:48:47 mail postfix/smtp[6331]: 56E4F11DAC5: to=<[email protected]>, relay=none, delay=12980, delays=12967/0.04/13/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=sanffo.co.uk type=MX: Host not found, try again)
  Apr 23 10:48:47 mail postfix/smtp[6333]: 5CC8B11E265: to=<[email protected]>, relay=none, delay=11651, delays=11638/0.05/13/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=alyssiasgrove.co.uk type=MX: Host not found, try again)
  Apr 23 10:49:04 mail postfix/smtp[6329]: connect to mygfx.co.uk[80.168.100.101]:25: Operation timed out
  Apr 23 10:49:04 mail postfix/smtp[6329]: 56E4F11DAC5: to=<[email protected]>, relay=none, delay=12997, delays=12967/0.02/30/0, dsn=4.4.1, status=deferred (connect to mygfx.co.uk[80.168.100.101]:25: Operation timed out)
  Apr 23 10:49:04 mail postfix/smtp[6334]: connect to nationalvoice.org[216.8.179.23]:25: Operation timed out
  Apr 23 10:49:04 mail postfix/smtp[6334]: 5CC8B11E265: to=<[email protected]>, relay=none, delay=11669, delays=11638/0.05/30/0, dsn=4.4.1, status=deferred (connect to nationalvoice.org[216.8.179.23]:25: Operation timed out)
  Apr 23 10:49:04 mail postfix/cleanup[6340]: E0FE911EDF8: message-id=<[email protected]>
  Apr 23 10:49:04 mail postfix/bounce[6339]: 5CC8B11E265: sender non-delivery notification: E0FE911EDF8
  Apr 23 10:49:04 mail postfix/qmgr[123]: E0FE911EDF8: from=, size=29336, nrcpt=1 (queue active)
  Apr 23 10:49:04 mail postfix/local[6341]: error: od[getpwnam_ext]: No record for user paypal
  Apr 23 10:49:04 mail postfix/pipe[6342]: E0FE911EDF8: to=<[email protected]>, relay=dovecot, delay=0.02, delays=0.01/0/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service)
  Apr 23 10:49:04 mail postfix/qmgr[123]: E0FE911EDF8: removed
  Apr 23 10:51:41 mail postfix/anvil[6324]: statistics: max connection rate 1/60s for (submission:166.137.138.184) at Apr 23 10:48:20
  Apr 23 10:51:41 mail postfix/anvil[6324]: statistics: max connection count 1 for (submission:166.137.138.184) at Apr 23 10:48:20
  Apr 23 10:51:41 mail postfix/anvil[6324]: statistics: max cache size 1 at Apr 23 10:48:20
  Apr 23 10:53:34 mail postfix/qmgr[123]: 5318011DDFB: from=<[email protected]>, size=10710, nrcpt=2 (queue active)
  Apr 23 10:53:34 mail postfix/qmgr[123]: 7723311DE03: from=<[email protected]>, size=10652, nrcpt=50 (queue active)
  Apr 23 10:53:34 mail postfix/qmgr[123]: A63AD11DDCA: from=<[email protected]>, size=10704, nrcpt=2 (queue active)
  Apr 23 10:53:34 mail postfix/qmgr[123]: BC71311DCA6: from=<[email protected]>, size=10708, nrcpt=2 (queue active)
  Apr 23 10:53:34 mail postfix/qmgr[123]: CA71611DDD3: from=<[email protected]>, size=10652, nrcpt=50 (queue active)
  Apr 23 10:53:34 mail postfix/qmgr[123]: F07E311DCDD: from=<[email protected]>, size=10706, nrcpt=2 (queue active)
  Apr 23 10:53:34 mail postfix/smtp[6435]: connect to lycos.co.uk[209.202.254.14]:25: Connection refused
  Apr 23 10:53:34 mail postfix/smtp[6435]: 7723311DE03: to=<[email protected]>, relay=none, delay=12957, delays=12957/0.03/0.06/0, dsn=4.4.1, status=deferred (connect to lycos.co.uk[209.202.254.14]:25: Connection refused)
  Apr 23 10:53:34 mail postfix/smtp[6435]: 7723311DE03: to=<[email protected]>, relay=none, delay=12957, delays=12957/0.03/0.06/0, dsn=4.4.1, status=deferred (connect to lycos.co.uk[209.202.254.14]:25: Connection refused)
  Apr 23 10:53:34 mail postfix/smtp[6432]: 5318011DDFB: host d.mx.mail.yahoo.com[209.191.88.254] refused to talk to me: 421 4.7.0 [GL01] Message from (24.227.121.138) temporarily deferred - 4.16.50. Please refer to http://postmaster.yahoo.com/errors/postmaster-21.html
  Apr 23 10:53:34 mail postfix/smtp[6438]: 7723311DE03: host mx1.mail.eu.yahoo.com[77.238.177.9] refused to talk to me: 421 4.7.0 [GL01] Message from (24.227.121.138) temporarily deferred - 4.16.50. Please refer to http://postmaster.yahoo.com/errors/postmaster-21.html
  Apr 23 10:53:35 mail postfix/smtp[6439]: A63AD11DDCA: host mx2.mail.eu.yahoo.com[77.238.184.241] refused to talk to me: 421 4.7.0 [GL01] Message from (24.227.121.138) temporarily deferred - 4.16.50. Please refer to http://postmaster.yahoo.com/errors/postmaster-21.html
  Apr 23 10:53:35 mail postfix/smtp[6444]: F07E311DCDD: to=<[email protected]>, relay=e.mx.mail.yahoo.com[67.195.168.230]:25, delay=13138, delays=13137/0.07/0.12/0.53, dsn=5.7.5, status=bounced (host e.mx.mail.yahoo.com[67.195.168.230] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))
  Apr 23 10:53:35 mail postfix/cleanup[6447]: 367E111EE16: message-id=<[email protected]>
  Apr 23 10:53:35 mail postfix/bounce[6446]: F07E311DCDD: sender non-delivery notification: 367E111EE16
  Apr 23 10:53:35 mail postfix/qmgr[123]: 367E111EE16: from=, size=12840, nrcpt=1 (queue active)
  Apr 23 10:53:35 mail postfix/qmgr[123]: F07E311DCDD: removed
  Apr 23 10:53:35 mail postfix/local[6448]: error: od[getpwnam_ext]: No record for user paypal
  Apr 23 10:53:35 mail postfix/pipe[6449]: 367E111EE16: to=<[email protected]>, relay=dovecot, delay=0.03, delays=0.01/0.01/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
  Apr 23 10:53:35 mail postfix/qmgr[123]: 367E111EE16: removed
  Apr 23 10:53:35 mail postfix/smtp[6432]: 5318011DDFB: host a.mx.mail.yahoo.com[67.195.168.31] refused to talk to me: 421 4.7.0 [GL01] Message from (24.227.121.138) temporarily deferred - 4.16.50. Please refer to http://postmaster.yahoo.com/errors/postmaster-21.html
  Apr 23 10:53:35 mail postfix/smtp[6440]: BC71311DCA6: host h.mx.mail.yahoo.com[66.94.236.34] refused to talk to me: 421 4.7.0 [GL01] Message from (24.227.121.138) temporarily deferred - 4.16.50. Please refer to http://postmaster.yahoo.com/errors/postmaster-21.html
  Apr 23 10:53:35 mail postfix/smtp[6440]: BC71311DCA6: host d.mx.mail.yahoo.com[209.191.88.254] refused to talk to me: 421 4.7.0 [GL01] Message from (24.227.121.138) temporarily deferred - 4.16.50. Please refer to http://postmaster.yahoo.com/errors/postmaster-21.html
  Apr 23 10:53:35 mail postfix/smtp[6433]: 7723311DE03: to=<[email protected]>, relay=mx1.bt.mail.yahoo.com[212.82.111.207]:25, delay=12958, delays=12957/0.02/0.58/0.86, dsn=5.7.5, status=bounced (host mx1.bt.mail.yahoo.com[212.82.111.207] said: 554 5.7.5 (AU01) Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))

• My e-mail account is sending out spam mails; how can i delete the virus?

  My e.mail account is sending out spam mails; I have got a spam virus probably during download of my e.mails over the i phone. How can i detect and delete the virus?

  You do not have a virus on your Mac or iPhone.
  An AOL account is accessed as an IMAP account with the Mail app or email client on your Mac, and with the iPhone's Mail app. The sent spam messages being available in the account's Sent mailbox means your AOL account has been compromised.
  Change the password for your AOL email account.

• TS4006 Mail sending out spam

  My email acct. on my ipadi sending out spam.  What do I need to do ?

  Change the password associated with that email account.

• My E-Mail address is sending out spam to all my contact

   I have not been able to get response from verizon on someone has been sending out spam from my e-email address to all my contacts. Does anyone know how to resolve this issue?

  #1 Sounds like your account could be compromised. You should reset your password and secret question/answer, for starters. #2 If your account is not compromised, then it sounds like your computer is compromised. Clean your computer free of malware.
  If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.

• GWIA sending out SPAM

  we recently cam under attack from a spammer who's using our system to relay SPAM messages. I have not figured out of they're doing some sort of smtp hacking, or using a groupwise username/password to gain access. I did see an Ip address in the SPAM server log "208.98.175.242" which is also in a blacklist. The sender isn't using our domain to send the spam, they've been using "[email protected]" as the sender address. how do I go about blocking any connections from that IP address???
  GroupWise 8.0.2
  M+ Guardian SPAM filter

  You can set GWIA to only allow specific IP addresses or ranges to relay through it.
  The only reason you might want GWIA to serve as an internal relay is for non-GroupWise messages. Things from scanners, pages and text messages from monitoring systems, etc. In this case you would want to set Allow addresses in GWIA to limit its use to internal senders only.
  Another option (better, I think, and how we do it) is to setup a Windows VM with IIS and SMTP installed. Use this box as a relay for non-GroupWise messages. This keeps outgoing things out of the GroupWise stream and provides a separate path for important notices from your monitoring systems. You can also bring one down for maintenance and it wont affect the other.
  If you are using an external email host that forwards mail to your GWIA then you should set an Allow address to that host specifically. You'll find this option under Access Control...SMTP Relay Settings of GWIA properties.
  >>> Bob-O-Rama<[email protected]> 9/13/2012 9:26 PM >>>
  Call your spam filter vendor... they should have an opinion.
  Ensure the GWIA is *configured to prevent relaying * There is no
  reason the GWIA should be relaying even for internal users.
  You can, of course, review the GWIA logs, and relaying will be pretty
  apparent.
  If the messages are being sent from a bogus / external account, its
  relaying.
  If the messages are sent from some local GW user, then there is a
  compromised account. The user agent will also indicate this. We have
  seen webaccess
  exploited to send messages when the user has disclosed their password.
  -- Bob
  Bob Mahar -- Novell Knowledge Partner
  Do you do what you do at a .EDU? http://novell.com/ttp
  "Programming is like teaching a jellyfish to build a house."
  More Bob: 'Twitter' (http://twitter.com/BobMahar) 'Blog'
  (http://blog.trafficshaper.com) 'Vimeo' (http://vimeo.com/boborama) <--
  Click And Be Amazed!
  Bob-O-Rama's Profile: http://forums.novell.com/member.php?userid=5269
  View this thread: http://forums.novell.com/showthread.php?t=459925

• Want to use OSX server as virus/spam filter for existing mail server.

  I have communigate pro completely configured and running on an iMac. hundreds of accounts, all working perfectly. The bummer is that the spam/virus filtering of Communigate Pro is weak, and I'd like to try the one built into my Xserve.
  Right now I have the domain company.com, with two A records for mail.company.com (the communigate pro server) and xserve.company.com (the xserve). And right now the MX record for company.com points to mail.company.com.
  I'd like to switch the MX record for company.com so that it points to xserve.company.com (which I know how to do). The xserve would then reject/delete/catch the spam/viruses and then forward on the remaining "good" messages to mail.company.com. The company.com clients would still get their mail from mail.company.com via Pop/Imap/Webmail.
  Any and all help is truly appreciated!!!

  imho... you may be over-complicating your system and adding additional points of failure to your architecture if you go this route.
  Communigate Pro allows you to run both SpamAssassin 3 and Clamd (the main antivirus/antispamspam tools provided in OSX Server) very easily on your CGPro box.
  MPP Free gives you a nice gui for configuring them.
  http://www.versiontracker.com/dyn/moreinfo/macosx/26139
  Here's install directions I used to get it all working:
  http://www.triksys.com/clamav.htm
  hth,
  b.

• My Account keeps sending out spam

  I, too, have reached the end of my tether with BT.
  Almost every month, around the 28th/29th, my BT account sends out hundreds of emails to recipients whose details are stored on a very old contacts list. The messages contain links like this: http://directlenderpaydayloans.com/hvrykj/wpxajnsjhzetukayxqjilmvsqdvvulbynpgyicsc
  Many of the recipients are important professional contacts and I am finding this incredibly frustrating - and humiliating, as the logical assumption is that I have somehow triggered these emails. The fact is I rarely visit BT and am desperately trying to wind down my BT email account.
  I now want to close the account and remove any trace of that old contacts list that must be lurking somewhere within BT's systems.
  Has anyone else experienced this appalling phenomenon?
  John

  Welcome to the forum. It sounds as though your email account was hacked at some time. If the hackers harvested your contacts list, they now have the details and even closing the account won't prevent them continuing to use the addresses or making it appear that their messages are still being sent from the account. If the messages are being sent by or on behalf of a genuine company it might be possible to take action against them to put a stop to the use of information obtained illegally.
  You wouldn't be alone in having your BT Yahoo! account hacked - Yahoo!'s vulnerability is a major reason why BT are in the process of migrating customers to a new BT Mail service (a process which alas is not without a fresh batch of problems for some).
  At the risk of appearing to be wise after the event, it's never a good idea to keep personal information in the cloud in my view. Ask the celebs who are finding their intimate photos scattered on the internet.
  You can click the white star next to this message if you think it was helpful.

• Personal BT Yahoo E-mail Account send out spam ema...

  Guess what at 02:36 this morning it appears my email account sent out a SPAM email to all of my contacts including myself containing a link to a website in Spain.
  My password is quite complicated, never opened anything dodgy, up to date virus and security protection, not replied to any phishing emails or phone calls I do use social networking but use a hotmail account rather than my BT Yahoo account. I've checked the sent box nothing sent from the actual mail box.
  Does this mean my account has been hacked and what needs to be done I've already changed password and checked things like alternate email addresses which doesn't seem to have been changed
  This is the first time this has happened so really concerned
  Thanks
  Simon

  Yahoo has the following Help page. I do not know if BTYahoo have an equivalent.
  http://help.yahoo.com/kb/index?locale=en_US&y=PROD_ACCT&page=answers&type=narrow&fac=CMS-CATEGORY-YA...

• Our Yahoo email account is sending out spam messages

  our yahoo email account received a spam message that I stupidly opened. Now we are receiving messages from our contacts saying they are receiving strange attachments. We changed the password.  Should we be sending a group message to all of our contacts? Should we be scanning the iPad for viruses?

  There is no known malware capable of infecting an iPad, unless it has been jailbroken (ie, hacked to allow apps from outside the App Store). So you didn't get infected with anything, and opening the message had nothing to do with it.
  Your e-mail account probably got hacked and is being used to send spam. Changing the password was all that is needed, just make sure it's a good, strong password not used by any other online accounts. Also, if you were using your old e-mail password for any other online accounts, they may have been compromised. There's a lot of information in the typical e-mail account that can help a hacker locate all your other online accounts.

• Phone is sending out spam email

  I have been receiving email messages notifying me that multiple messages that I sent to addresses I'm not familiar with were undeliverable. I did not initiate these emails . I have also noticed a marked decrease of battery life.
  I completely erased and reinstalled the ios and apps hoping to get rid of whatever is infecting muy phone but it appears that it is still doing it. Any one know of a fix or good antivirus app for my 4s phone? Thanks. ~Steve~

  This is not likely caused by your iPhone. Either your computer has been compromised and your email client there is filtering these messages or maybe more likely, spammers are simply using your email address as the "reply to" address in their emails. When they send to an unknown address, the error message comes back to you.
  In any casem you should scan your computer for viruses and other malware to be sure it isn't originating there. also check your sent email box as that will be one indicator of whether your computer has been compromised.

• ARD task server sending spam

  Forgive me if this is in the wrong thread - I'm not quite sure where to put it.
  I'm a student at a technical college and am working part time for the Mac admin guy. We have about 400 macs in the art dept. Yesterday our sysadmin said our server was sending out spam. We set up VirusBarrier and scanned the server. This is a copy of our console.log:
  Mac OS X Version 10.4.9 (Build 8P135)
  2007-08-08 10:20:50 -0500
  2007-08-08 10:20:55.538 SystemUIServer[486] lang is:en
  Aug 8 10:22:39 servername authexec: executing /Library/Intego/netupdated.bundle/Contents/Resources/NetUpdate Installer.app/Contents/MacOS/NetUpdate Installer
  Aug 8 10:49:43 servername servermgrd: servermgr_dns: no name available via DNS for our IP addy
  Aug 8 10:49:43 servername servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly
  virus OSX.Botch.Gen found in file: /Volumes/Startup OS X/private/var/tmp/ /mech/[kupdateb]
  virus OSX.Botch.Gen found in file: /Volumes/Startup OS X/private/var/tmp/ /mech/src/mech
  virus OSX.PsyBot.232 found in file: /Volumes/Startup OS X/private/var/tmp/psybnc/psybnc
  Aug 8 11:19:43 servername servermgrd: servermgr_dns: no name available via DNS for our IP addy
  Aug 8 11:19:43 servername servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly
  virus OSX.Botch.Gen found in file: /Volumes/Startup OS X/private/var/tmp/ /mech/[kupdateb]
  virus OSX.Botch.Gen found in file: /Volumes/Startup OS X/private/var/tmp/ /mech/src/mech
  <CFURL 0x62bd440 [0xa07bc150]>{type = 15, string = file://localhost/Library/Contextual%20Menu%20Items/PortfolioCM.plugin/, base = (null)}
  Finder tool: request to change uid to 501 gid to -1 for /private/tmp/vbx4smail_6v97Qz
  virus Resource structure error found in file: /Volumes/Image Backup Drive/Old Labs Images/345 iMacs/Macintosh HD/System Folder/Help/HP LaserJet Printer Help/Help/Graphics/printer_word.JPG
  Aug 8 11:49:43 servername servermgrd: servermgr_dns: no name available via DNS for our IP addy
  Aug 8 11:49:43 servername servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/animations/flahsbathtub/WS_FTP.LOG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/animations/WS_FTP.LOG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/contact/WS_FTP.LOG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/illustrations/photomontage/WS_FTP.LOG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/illustrations/WS_FTP.LOG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/images/WS_FTP.LOG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/greennotes/WS_FTP.LOG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/madisonframes/ARTWORK/WS_FTP.LOG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/makingcrepes/crepesjpeg/WS_FTP.LOG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/WS_FTP.LOG
  virus Resource structure error found in file: /Volumes/Image Backup Drive/.Trashes/501/printer_word.JPG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-08-37.LOG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-08-41.LOG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-08-45.LOG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-09-01.LOG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-09-15.LOG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-09-22.LOG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP.LOG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/greennotes/WS_FTP.LOG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/madisonframes/ARTWORK/WS_FTP.LOG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/makingcrepes/crepesjpeg/WS_FTP.LOG
  Aug 8 12:19:43 servername servermgrd: servermgr_dns: no name available via DNS for our IP addy
  Aug 8 12:19:43 servername servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly
  <CFURL 0x5004b0 [0xa07bc150]>{type = 15, string = file://localhost/Library/Contextual%20Menu%20Items/PortfolioCM.plugin/, base = (null)}
  <CFURL 0x3a5c30 [0xa07bc150]>{type = 15, string = file://localhost/Library/Contextual%20Menu%20Items/PortfolioCM.plugin/, base = (null)}
  Aug 8 12:26:21 servername ARDAgent [320]: no multicast
  virus Resource structure error found in file: /Volumes/Image Backup Drive/.Trashes/501/printer_word.JPG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-08-37.LOG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-08-41.LOG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-08-45.LOG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-09-01.LOG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-09-15.LOG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-09-22.LOG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP.LOG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/greennotes/WS_FTP.LOG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/madisonframes/ARTWORK/WS_FTP.LOG
  virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/makingcrepes/crepesjpeg/WS_FTP.LOG
  Aug 8 12:29:49 servername cyrus-quota[1693]: DBERROR: reading /var/imap/db/skipstamp, assuming the worst: No such file or directory
  at which point we rebooted.
  This server was not running mail.
  So we have changed all are passwords, are reimaging everything and had the sysadmin block all outgoing on port 25. In addition we have sent copies of the logs to our Apple rep and to the Intego rep.
  This is an incredibly vague question but what should we do now?
  Is there a way to find out where these virus' came from? It is not impossible they were put on by a student as we recently found out that a number of the help desk students had the Mac admin password. I've looked at the install logs and the only things I see are the Apple software updates and apps we installed ourselves.
  Are there other logs I can look in?
  A sample of our mail.log:
  Aug 8 10:11:57 servername postfix/qmgr[2338]: DADE98C3EB9: to=<[email protected]>, relay=none, delay=14040, status=deferred (delivery temporarily suspended: host ironport1.chron.com[130.80.29.15] refused to talk to me: 554 ironport1.chron.com)
  Aug 8 10:11:57 servername postfix/qmgr[2338]: E89098C1C03: to=<[email protected]>, relay=none, delay=14082, status=deferred (delivery temporarily suspended: host ironport1.chron.com[130.80.29.15] refused to talk to me: 554 ironport1.chron.com)
  Aug 8 10:11:57 servername postfix/qmgr[2338]: EEE378C2CB3: to=<[email protected]>, relay=none, delay=14231, status=deferred (delivery temporarily suspended: host ironport1.chron.com[130.80.29.15] refused to talk to me: 554 ironport1.chron.com)
  Aug 8 10:11:57 servername postfix/smtp[13748]: 2C26E8979B3: to=<[email protected]>, relay=mx-nj-2.pobox.com[208.210.124.72], delay=39263, status=deferred (host mx-nj-2.pobox.com[208.210.124.72] said: 450 <[email protected]>: Sender address rejected: Domain not found (in reply to RCPT TO command))
  Aug 8 10:11:57 servername postfix/smtp[13748]: 2BC7D8C61AC: to=<[email protected]>, relay=mail.cyberscope.net[64.95.223.22], delay=13796, status=deferred (host mail.cyberscope.net[64.95.223.22] said: 451 unable to accept non-FQDN HELO (#4.3.0) (in reply to MAIL FROM command))
  Aug 8 10:11:57 servername postfix/smtp[13748]: connect to cluster9.us.messagelabs.com[216.82.253.115]: Connection refused (port 25)
  Aug 8 10:11:57 servername postfix/smtp[13748]: connect to cluster9.us.messagelabs.com[216.82.250.99]: Connection refused (port 25)
  Aug 8 10:11:57 servername postfix/smtp[13748]: connect to cluster9.us.messagelabs.com[216.82.250.115]: Connection refused (port 25)
  Thanks in advance; any help would be appreciated.
  Lex

  The problem isn't related to ARD, per se, so you might get more opinions in the Mac OS X forums.
  But I can find no reference anywhere to any exploits, Mac OS X or Windows, titled "OSX.Botch.Gen" or "OSX.PsyBot.232" (or the same without the OSX prefix). So if these are direct cut-and-paste from the logs, then I don't have a clue what VirusBarrier is reporting. Nor has the existence of any Mac OS X virus or worm been confirmed in the wild. There is a trojan called "SpyBot.232", but from what little I can find, it's Windows only. You may want to consult Intego and try to confirm what these purported virus errors are.
  Resource errors usually mean that the virus checker just can't completely parse the file in question. It rarely reflects an actual exploit discovery.
  I'm therefore rather dubious as to the culpability of your server in the spam, particularly since you say that the mail server wasn't running. I'd be interested to know what evidence your IT people provided, or claimed, that would show that it was your server sending the spam. As I said, there's been nothing confirmed, or even mentioned, that I've seen regarding any virus or worm for Mac OS X that can send spam emails.
  Message was edited by: Dave Sawyer

• I have a virus - or something - where everyday someone is sending a spam email out to everyone on my mail list - how do i get it to stop?

  i have a virus - or something where someone is getting into my mail and sending out spam email to everyone on my mail list - people who i hardly even know.  how do i get this to stop?
  thanks.

  this is the message that is going out:
  Subject: (no subject)
  http://sharedimage.net/httq59foldroot2.php?subpage234
  Make seri0us m0ney 0nline
  Gone to see a friend is all right, but I wont have my love given tothem. marcylyn aethelwine
  Mon, 2 Apr 2012 18:04:48
  This mail has originated outside your organization, either from an external partner or the Global Internet.
  Keep this in mind if you answer this message.
  it is not going to my address book because a lot of these people are not in there.  it is going to people that i emailed from years ago....and it IS connected to either my me.com email or a cox.net email - these are both connected. i'll try the password change on both of these mail accounts and see if that works.  a lot of these people are getting three and four emails every day....

• Mac Mail sending out multiple e-mails

  Dear All,
  My friend reports that today he is receiving 3 copies of every e-mail message that I send him.  I'm working on a Mac Pro, Lion 10.7.5, using Mac Mail through Yahoo, and I have only one account.  I have an iPod touch, but I have never sent e-mail through that device nor signed up for it on the iPod -- I only use my Mac desktop for sending and receiving e-mails.  Anyone else having this recent problem?  I never had it before today!  Thanks.

  Are you sure it's the Mac sending out the spam, or just spam masquerading as coming from your email account (the From: line is ridiculously simple to forge)?
  While it's clearly possible to devise a system to cause a Mac to send out spam email (or any other computer for that matter), it wouldn't be terribly efficient for the spammer.  Even when they take over zombie machines (and unpatched Windows XP systems are the favorites there) the spammer would prefer to use the machine to send out all kinds of email *AND* would attempt not to draw attention to the actual machine sending out the stuff.
  That is, where it *appears* to be coming from will generally not be where it is coming from. 
  What malware prefers to do is "harvest" an address book from a user's computer (or, more often these days, from an online address book after phishing the credentials from the user) and then using that to send out emails to your contacts that look like they come from you so that they are more likely to be opened.  If that's what has happened, there's nothing you could do to the Mac at this point to get that data back. 
  Again, while it is clearly possible to harvest that data under either OSX or Windows 7 from your address book in either platform, it is considerably more difficult to do that than to go after your credentials for an online site using a phishing attack and then make use of the contact information.

• How to prevent email id from being used to send out bogus emails?

  My yahoo email id was "hijacked" last week and bogus emails were sent out under my id to my contact list. I have a macbook with snow leopard and norton antivirus. What can I do to prevent this from happening again.

  Welcome to Apple Support Communities.
  If you haven't already done so, change your Yahoo password to something extremely secure.
  Then go to Yahoo's recommendations for compromised accounts, found here:
  http://help.yahoo.com/kb/index?page=content&y=PROD_MAIL_CLASSIC&locale=en_US&id= SLN3420&pir=.ERun_NibUlqprOy6AQ5KLRAOrUdr0acOZBh12BjZ6uUgTx7O5KFy_g3RVY.usintguY mSbHjESfUDXQC_FwPo2Cxt_KEGnx3QnKIu6C7_5._vmX207fxMRD53yXCsEdulnEIA1af.bHN_fWp2R_ tQ_5VnaDSXZv1mCvr1ctsfKaP._9hTnsSqrM4SMQ6b_tNq7QQHsysg1qM14mLsADfJLF2DZmVIYIPDpo hK15cCGe_JhidaJ1Vxt5O07TuhoshHRCrQ3eaa0gkp6dnbqceRgKRWuaLKDL7L6ovGban7n4UzFvdWWp x4TDgNxgLv3ehjmTj0.Hnh1lHKWL6cG6iJ0E1xjY_jfBAX3d2cwKpgTDV_AI8T25LElgA_upWicMBpj_ OjZ9sk9asfCbAOTXnQ--
  It's likely the hacker sent spam to your Yahoo-account email addresses, without accessing your Mac Address Book. (Most of the time it's hard to tell, because you probably have many of the same addresses in both lists.)
  Next, change your password on EVERY account.
  Make certain that every site you visit as a registered user has a unique account name and password.
  Yeah, that can be a lot to manage.
  Let your Mac 'Keychain' help manage all that information by remembering which user ID and which secure password goes where. There are password manager programs for sale such as 1Password. I don't currently use it, so I can't recommend it.
  In my experience, there is ongoing and widespread 'hacking' at Yahoo, Hotmail, and other popular free email accounts. Why? Because most free email accounts permit unlimited unsuccessful login attempts and never 'lock' accounts for suspicious activity the way banks and brokerage firms do.
  So far, the hackers are primarily using the accounts send out 'spam' to your trusted email list.
  Hacking most often occurs when someone discovers or guesses the password to the email account, and it's about 99% certain that it had nothing to do with your MacBook, or any malware or virus on your physical computer. No, it doesn't hurt to run a virus and/or malware scan, but it is 99% unlikely you'll find anything harmful to OS X. You may discover a few of your incoming email attachments DO contain Windows viruses and malware!
  Virtually everyone I correspond with via a free Yahoo account has been 'hacked' in the last six months. Three Yahoo friends sent me the same 'no subject' email with a surreptitious link to a FoxNews video about weight-loss in the same day!
  When thousands or millions of passwords and/or account names are revealed and posted online (as documented here:http://www.latimes.com/business/technology/la-fi-tn-eharmony-hacked-linkedin-201 20606,0,4578300.story ) enterprising hackers worldwide will begin systematically testing them everywhere.
  If your email address is widely-used and widely-published and your password is not very secure, every account you have is eventually vulnerable.
  DO USE a combination of upper and lower-case letters mixed with numbers and permitted punctuation that does not contain common sequences, names, or dictionary words.
  If you don't want to buy software, use the first letters and numbers of phrases that are easy for you to remember, but meaningful only to you. The longer the phrase, the better:
  MyLimeGreen72DodgeDartHadA340Six-PackEngineAndATorque-FliteTranny!
  MLG72DDha340S-PEaaT-FT!
  Of course I don't actually use that, but yeah, there are still a few of those cars around: http://www.youtube.com/watch?v=kUk0jdmAKzM