phoenix wrote:Do you actually know where the spam is originating? Could you possibly have an infected/compromised machine on you network?
Hi and tnx for your support
This is mail.log when spamming
Sep 20 14:47:59 mail postfix/qmgr[13032]: A01BA602AC: removed
Sep 20 14:47:59 mail postfix/amavisd/smtpd[14620]: connect from localhost[127.0.0.1]
Sep 20 14:47:59 mail postfix/amavisd/smtpd[14620]: 51EF1602AC: client=localhost[127.0.0.1]
Sep 20 14:47:59 mail postfix/cleanup[16462]: 51EF1602AC: message-id=<
E838F036-36FB-D531-7081-8868A2A8D666@446.it>
Sep 20 14:47:59 mail postfix/qmgr[13032]: 51EF1602AC: from=<
francesco@446.it>, size=2333, nrcpt=1 (queue active)
Sep 20 14:47:59 mail postfix/smtp[16463]: 0E5FD603AF: to=<
lerica123gh@yahoo.com>, relay=127.0.0.1[127.0.0.1]:10032, delay=0.29, delays=0.1/0/0/0.19, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 51EF1602AC)
Sep 20 14:47:59 mail postfix/qmgr[13032]: 0E5FD603AF: removed
Sep 20 14:47:59 mail postfix/smtp[16466]: 51EF1602AC: to=<
lerica123gh@yahoo.com>, relay=gateway.veloce.ovh[192.168.5.4]:26, delay=0.04, delays=0.01/0/0.02/0.01, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 5907C80778)
Sep 20 14:47:59 mail postfix/qmgr[13032]: 51EF1602AC: removed
Sep 20 14:48:00 mail postfix/smtps/smtpd[16097]: NOQUEUE: filter: RCPT from unknown[177.66.225.182]: <
francesco@446.it>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<
francesco@446.it> to=<
toddyjim@gmail.com> proto=ESMTP helo=<192.168.0.07>
Sep 20 14:48:00 mail postfix/smtps/smtpd[16097]: 04B08602AC: client=unknown[177.66.225.182], sasl_method=LOGIN, sasl_username=francesco
Sep 20 14:48:01 mail postfix/cleanup[16462]: 04B08602AC: message-id=<
1B337FE1-3D3B-AA31-2518-F043AD533D60@446.it>
Sep 20 14:48:01 mail postfix/qmgr[13032]: 04B08602AC: from=<
francesco@446.it>, size=880, nrcpt=1 (queue active)
Sep 20 14:48:01 mail postfix/dkimmilter/smtpd[14676]: connect from localhost[127.0.0.1]
Sep 20 14:48:01 mail postfix/dkimmilter/smtpd[14676]: 72DC6603AF: client=localhost[127.0.0.1]
Sep 20 14:48:01 mail postfix/cleanup[16462]: 72DC6603AF: message-id=<
1B337FE1-3D3B-AA31-2518-F043AD533D60@446.it>
Sep 20 14:48:01 mail postfix/qmgr[13032]: 72DC6603AF: from=<
francesco@446.it>, size=1344, nrcpt=1 (queue active)
Sep 20 14:48:01 mail postfix/smtp[16465]: 04B08602AC: to=<
toddyjim@gmail.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=2.1, delays=1.9/0/0/0.18, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 72DC6603AF)
Sep 20 14:48:01 mail postfix/qmgr[13032]: 04B08602AC: removed
Sep 20 14:48:01 mail postfix/amavisd/smtpd[14600]: connect from localhost[127.0.0.1]
Sep 20 14:48:01 mail postfix/amavisd/smtpd[14600]: B19CE602AC: client=localhost[127.0.0.1]
Sep 20 14:48:01 mail postfix/cleanup[16462]: B19CE602AC: message-id=<
1B337FE1-3D3B-AA31-2518-F043AD533D60@446.it>
Sep 20 14:48:01 mail postfix/qmgr[13032]: B19CE602AC: from=<
francesco@446.it>, size=2344, nrcpt=1 (queue active)
Sep 20 14:48:01 mail postfix/smtp[16463]: 72DC6603AF: to=<
toddyjim@gmail.com>, relay=127.0.0.1[127.0.0.1]:10032, delay=0.29, delays=0.1/0/0/0.19, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B19CE602AC)
Sep 20 14:48:01 mail postfix/qmgr[13032]: 72DC6603AF: removed
Sep 20 14:48:01 mail postfix/smtp[16466]: B19CE602AC: to=<
toddyjim@gmail.com>, relay=gateway.veloce.ovh[192.168.5.4]:26, delay=0.04, delays=0.01/0/0.02/0.01, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as BA13580778)
Sep 20 14:48:01 mail postfix/qmgr[13032]: B19CE602AC: removed
Sep 20 14:48:02 mail postfix/smtps/smtpd[16097]: NOQUEUE: filter: RCPT from unknown[177.66.225.182]: <
francesco@446.it>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<
francesco@446.it> to=<
wildoneusa@aol.com> proto=ESMTP helo=<192.168.0.07>
Sep 20 14:48:02 mail postfix/smtps/smtpd[16097]: 6010D603CD: client=unknown[177.66.225.182], sasl_method=LOGIN, sasl_username=francesco
Sep 20 14:48:03 mail postfix/cleanup[16462]: 6010D603CD: message-id=<
9CE89034-C470-9717-B5FA-89AA21A6BE57@446.it>
Sep 20 14:48:03 mail postfix/qmgr[13032]: 6010D603CD: from=<
francesco@446.it>, size=789, nrcpt=1 (queue active)
Sep 20 14:48:03 mail postfix/dkimmilter/smtpd[14655]: connect from localhost[127.0.0.1]
Sep 20 14:48:03 mail postfix/dkimmilter/smtpd[14655]: C13DA603DB: client=localhost[127.0.0.1]
Sep 20 14:48:03 mail postfix/cleanup[16462]: C13DA603DB: message-id=<
9CE89034-C470-9717-B5FA-89AA21A6BE57@446.it>
Sep 20 14:48:03 mail postfix/qmgr[13032]: C13DA603DB: from=<
francesco@446.it>, size=1253, nrcpt=1 (queue active)
Sep 20 14:48:03 mail postfix/smtp[16465]: 6010D603CD: to=<
wildoneusa@aol.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=2, delays=1.8/0/0/0.2, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as C13DA603DB)
Sep 20 14:48:03 mail postfix/qmgr[13032]: 6010D603CD: removed
Sep 20 14:48:04 mail postfix/amavisd/smtpd[14659]: connect from localhost[127.0.0.1]
Sep 20 14:48:04 mail postfix/amavisd/smtpd[14659]: 0D6F0603CD: client=localhost[127.0.0.1]
Sep 20 14:48:04 mail postfix/cleanup[16462]: 0D6F0603CD: message-id=<
9CE89034-C470-9717-B5FA-89AA21A6BE57@446.it>
Sep 20 14:48:04 mail postfix/qmgr[13032]: 0D6F0603CD: from=<
francesco@446.it>, size=2253, nrcpt=1 (queue active)
Sep 20 14:48:04 mail postfix/amavisd/smtpd[14659]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Sep 20 14:48:04 mail postfix/smtp[16463]: C13DA603DB: to=<
wildoneusa@aol.com>, relay=127.0.0.1[127.0.0.1]:10032, delay=0.28, delays=0.1/0.01/0/0.17, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 0D6F0603CD)
Sep 20 14:48:04 mail postfix/qmgr[13032]: C13DA603DB: removed
Sep 20 14:48:04 mail postfix/smtp[16466]: 0D6F0603CD: to=<
wildoneusa@aol.com>, relay=gateway.veloce.ovh[192.168.5.4]:26, delay=0.03, delays=0.01/0/0.02/0, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 13AE280778)
Sep 20 14:48:04 mail postfix/qmgr[13032]: 0D6F0603CD: removed
Sep 20 14:48:04 mail postfix/smtps/smtpd[16097]: disconnect from unknown[177.66.225.182] ehlo=1 auth=1 mail=10 rcpt=10 data=10 commands=32
And attached my gateway filter
Tnx for support. Rly.