Why is there Excessive postfix/qmgr (queue active) messages in syslog?

Question

Possible Duplicate:
My server's been hacked EMERGENCY

I'm running a small mail server with postfix and I'm seeing a lot of weird stuff in the syslog. I'm not receiving any emails as of yesterday.

This is what's in syslog:

Dec 13 15:58:58 owsmail postfix/smtp[31694]: 2C8AD43D84C: to=<dlanciotti@comune.ravenna.it>,relay=127.0.0.1[127.0.0.1]:10024, conn_use=7, delay=135295, delays=124387/10904/0/4.5, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=31936-01-7, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 214F43DF3E2)
Dec 13 15:58:58 owsmail postfix/qmgr[17562]: 2C8AD43D84C: removed
Dec 13 15:58:58 owsmail postfix/qmgr[17562]: B85104CD96: from=<www-data@owsmail.optimumrd.com>, size=718, nrcpt=1 (queue active)
Dec 13 15:58:59 owsmail postfix/pickup[31129]: 80F0043D84C: uid=33 from=<addie_hodges@revelacionprofetica.com>
Dec 13 15:58:59 owsmail postfix/cleanup[31691]: 80F0043D84C: message-id=<20111213195859.80F0043D84C@owsmail.optimumwireless.com>
Dec 13 15:59:00 owsmail postfix/smtpd[17594]: 49BC53DF3E3: client=localhost[127.0.0.1]
Dec 13 15:59:00 owsmail postfix/cleanup[31929]: 49BC53DF3E3: message-id=<20111212225716.5F728BC1C0@owsmail.optimumwireless.com>
Dec 13 15:59:00 owsmail amavis[31910]: (31910-01-15) Passed BAD-HEADER, <www-data@owsmail.optimumrd.com> -> <Account@owsmail.optimumrd.com>,<"name:info"@pastacaponi.it>, quarantine: v/badh-vQ+c4YuSXNcy, Message-ID: <20111212225716.5F728BC1C0@owsmail.optimumwireless.com>, mail_id: vQ+c4YuSXNcy, Hits: -1.857, size: 758, queued_as: 49BC53DF3E3, 5277 ms
Dec 13 15:59:00 owsmail postfix/smtp[31958]: 5F728BC1C0: to=<Account@owsmail.optimumrd.com>, orig_to=<Account>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=15, delay=83825, delays=72915/10905/0/5.3, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=31910-01-15, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 49BC53DF3E3)
Dec 13 15:59:00 owsmail postfix/smtp[31958]: 5F728BC1C0: to=<name:info@pastacaponi.it>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=15, delay=83825, delays=72915/10905/0/5.3, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=31910-01-15, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 49BC53DF3E3)
Dec 13 15:59:00 owsmail postfix/qmgr[17562]: 5F728BC1C0: removed
Dec 13 15:59:00 owsmail postfix/qmgr[17562]: 77BC93DE037: from=<www-data@owsmail.optimumrd.com>, size=720, nrcpt=1 (queue active)
Dec 13 15:59:00 owsmail postfix/pickup[31129]: 724E53DF3E6: uid=33 from=<addie_hodges@revelacionprofetica.com>
Dec 13 15:59:00 owsmail postfix/cleanup[31691]: 724E53DF3E6: message-id=<20111213195900.724E53DF3E6@owsmail.optimumwireless.com>
Dec 13 15:59:01 owsmail postfix/pickup[31129]: 32AE83DF3EE: uid=33 from=<addie_hodges@revelacionprofetica.com>
Dec 13 15:59:01 owsmail postfix/cleanup[31929]: 32AE83DF3EE: message-id=<20111213195901.32AE83DF3EE@owsmail.optimumwireless.com>
Dec 13 15:59:01 owsmail postfix/pickup[31990]: EE78F3DF400: uid=33 from=<addie_hodges@revelacionprofetica.com>
Dec 13 15:59:01 owsmail postfix/cleanup[31691]: EE78F3DF400: message-id=<20111213195901.EE78F3DF400@owsmail.optimumwireless.com>
Dec 13 15:59:02 owsmail postfix/smtpd[17653]: 41F7C3DF407: client=localhost[127.0.0.1]
Dec 13 15:59:02 owsmail postfix/cleanup[31929]: 41F7C3DF407: message-id=<20111212095655.63CC73DE0EF@owsmail.optimumwireless.com>
Dec 13 15:59:02 owsmail amavis[31936]: (31936-01-8) Passed BAD-HEADER, <www-data@owsmail.optimumrd.com> -> <ivano@ideainterni.com>, quarantine: 0/badh-0VLOlgtJ2atk, Message-ID: <20111212095655.63CC73DE0EF@owsmail.optimumwireless.com>, mail_id: 0VLOlgtJ2atk, Hits: -1.565, size: 779, queued_as: 41F7C3DF407, 4110 ms
Dec 13 15:59:02 owsmail postfix/smtp[31694]: 63CC73DE0EF: to=<ivano@ideainterni.com>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=8, delay=130985, delays=120072/10908/0/4.1, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=31936-01-8, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 41F7C3DF407)
Dec 13 15:59:02 owsmail postfix/qmgr[17562]: 63CC73DE0EF: removed
Dec 13 15:59:02 owsmail postfix/qmgr[17562]: CADFEFAC22: from=<www-data@owsmail.optimumrd.com>, size=711, nrcpt=1 (queue active)
Dec 13 15:59:02 owsmail postfix/pickup[31990]: B14C43DE0EF: uid=33 from=<addie_hodges@revelacionprofetica.com>
Dec 13 15:59:02 owsmail postfix/cleanup[31691]: B14C43DE0EF: message-id=<20111213195902.B14C43DE0EF@owsmail.optimumwireless.com>
Dec 13 15:59:05 owsmail postfix/smtpd[17594]: 961D83DF40A: client=localhost[127.0.0.1]
Dec 13 15:59:05 owsmail postfix/cleanup[31929]: 961D83DF40A: message-id=<20111212083920.77BD543C89F@owsmail.optimumwireless.com>
Dec 13 15:59:05 owsmail amavis[31910]: (31910-01-16) Passed BAD-HEADER, <www-data@owsmail.optimumrd.com> -> <mirco.tonelli@alice.it>, quarantine: H/badh-HP17kVKEJeWc, Message-ID: <20111212083920.77BD543C89F@owsmail.optimumwireless.com>, mail_id: HP17kVKEJeWc, Hits: -1.681, size: 739, queued_as: 961D83DF40A, 5257 ms
Dec 13 15:59:05 owsmail postfix/smtp[31958]: 77BD543C89F: to=<mirco.tonelli@alice.it>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=16, delay=130906, delays=119990/10911/0/5.3, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=31910-01-16, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 961D83DF40A)
Dec 13 15:59:05 owsmail postfix/qmgr[17562]: 77BD543C89F: removed
Dec 13 15:59:05 owsmail postfix/qmgr[17562]: 7CB3F4DF36: from=<www-data@owsmail.optimumrd.com>, size=624, nrcpt=1 (queue active)

I don't know if someone is trying to hack my server or what. As mentioned, I can't receive or send emails anymore.

Also: I tried running a test in mxtoolbox and now I get this:

smtp:190.80.159.7   

Timeout occurred due to inactivity.

Please guide me to where I can find information and how can I fix this...

Thanks in advanced for your help.

Answer 1

There isn't anybody trying to hack you. They already did and succeeded.

Shutdown the server now. Investigate and carefully follow these advices: How do I deal with a compromised server?