Is my Postfix sending spam?

Question

In my Rsys log I am getting weird email requests that are not initiated by my server:

Nov 17 09:32:18 localhost postfix/qmgr[21748]: 8E52272C09: from=<>, size=33770, nrcpt=1 (queue active)
Nov 17 09:32:18 localhost postfix/qmgr[21748]: 15E6472BE2: from=<>, size=36706, nrcpt=1 (queue active)
Nov 17 09:32:18 localhost postfix/qmgr[21748]: AB7F672BE6: from=<>, size=36159, nrcpt=1 (queue active)
Nov 17 09:32:18 localhost postfix/qmgr[21748]: 723D672C0A: from=<>, size=33263, nrcpt=1 (queue active)
Nov 17 09:32:20 localhost postfix/smtp[27598]: 8E52272C09: to=<yuliy.kirillov@narad.crimea.com>, relay=mail.crimea.com[80.245.112.5]:25, delay=6902, delays=6900/0.02/2.3/0, dsn=4.7.1, status=deferred (host mail.crimea.com[80.245.112.5] refused to talk to me: 554 5.7.1 Service unavailable; Client host blocked using b.barracudacentral.org)
Nov 17 09:32:48 localhost postfix/smtp[27600]: connect to smereka.com.ua[178.248.232.65]:25: Connection timed out
Nov 17 09:32:48 localhost postfix/smtp[27600]: AB7F672BE6: to=<anisim.petuhov@smereka.com.ua>, relay=none, delay=15304, delays=15274/0.02/30/0, dsn=4.4.1, status=deferred (connect to smereka.com.ua[178.248.232.65]:25: Connection timed out)
Nov 17 09:32:48 localhost postfix/smtp[27601]: connect to alex.krc.karelia.ru[82.196.66.2]:25: Connection timed out
Nov 17 09:32:48 localhost postfix/smtp[27601]: 723D672C0A: to=<sevastyan.larionov@alex.krc.karelia.ru>, relay=none, delay=6893, delays=6863/0.03/30/0, dsn=4.4.1, status=deferred (connect to alex.krc.karelia.ru[82.196.66.2]:25: Connection timed out)
Nov 17 09:32:48 localhost postfix/smtp[27599]: connect to scbglobal.net[208.73.211.173]:25: Connection timed out
Nov 17 09:33:18 localhost postfix/smtp[27599]: connect to scbglobal.net[208.73.210.212]:25: Connection timed out
Nov 17 09:33:48 localhost postfix/smtp[27599]: connect to scbglobal.net[208.73.211.171]:25: Connection timed out
Nov 17 09:34:18 localhost postfix/smtp[27599]: connect to scbglobal.net[208.73.210.209]:25: Connection timed out
Nov 17 09:34:18 localhost postfix/smtp[27599]: 15E6472BE2: to=<oleg.rusakov@scbglobal.net>, relay=none, delay=15409, delays=15288/0.02/121/0, dsn=4.4.1, status=deferred (connect to scbglobal.net[208.73.210.209]:25: Connection timed out)
Nov 17 09:37:18 localhost postfix/qmgr[21748]: D125572C2E: from=<>, size=33171, nrcpt=1 (queue active)
Nov 17 09:37:18 localhost postfix/qmgr[21748]: B3CCE72C2D: from=<valeriya.biryukova@dak-cat-stroitelnye-materialy-kirpich-kamen-bloki>, size=31283, nrcpt=1 (queue active)
Nov 17 09:37:29 localhost postfix/smtp[27626]: B3CCE72C2D: host mail.citycon.kiev.ua[77.120.247.43] said: 451 <dak-cat-stroitelnye-materialy-kirpich-kamen-bloki> is invalid or DNS says does not exist (in reply to MAIL FROM command)
Nov 17 09:37:48 localhost postfix/smtp[27625]: connect to konkovotur.ru[109.70.26.37]:25: Connection timed out
Nov 17 09:37:59 localhost postfix/smtp[27626]: connect to mx.lucky.net[193.193.193.137]:25: Connection timed out
Nov 17 09:38:18 localhost postfix/smtp[27625]: connect to konkovotur.ru[194.85.61.76]:25: Connection timed out
Nov 17 09:38:18 localhost postfix/smtp[27625]: D125572C2E: to=<aglaya.abramova@konkovotur.ru>, relay=none, delay=6850, delays=6790/0.01/60/0, dsn=4.4.1, status=deferred (connect to konkovotur.ru[194.85.61.76]:25: Connection timed out)
Nov 17 09:38:29 localhost postfix/smtp[27626]: connect to mx.lucky.net[62.244.55.219]:25: Connection timed out
Nov 17 09:38:29 localhost postfix/smtp[27626]: B3CCE72C2D: to=<citycon@citycon.kiev.ua>, relay=none, delay=6855, delays=6783/0.02/72/0, dsn=4.4.1, status=deferred (connect to mx.lucky.net[62.244.55.219]:25: Connection timed out)
Nov 17 09:42:18 localhost postfix/qmgr[21748]: 779D772BB4: from=<viktor.golubev@consulfrance-stanbul.org>, size=34213, nrcpt=1 (queue active)
Nov 17 09:42:26 localhost postfix/smtp[27683]: 779D772BB4: to=<zlatoglav@tica.co>, relay=none, delay=15297, delays=15289/0.01/8/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=tica.co type=MX: Host not found, try again)
Nov 17 09:47:18 localhost postfix/qmgr[21748]: 138A972BB1: from=<adelaida.egorova@mail.starce.net>, size=34196, nrcpt=1 (queue active)
Nov 17 09:47:18 localhost postfix/qmgr[21748]: 2A97872BF7: from=<akim.makarov@quake.com.ua>, size=34185, nrcpt=1 (queue active)
Nov 17 09:47:18 localhost postfix/qmgr[21748]: C16D772BB5: from=<ilarion.korolev@judwin.demon.co.uk>, size=34250, nrcpt=1 (queue active)
Nov 17 09:47:18 localhost postfix/qmgr[21748]: E6BC972C23: from=<>, size=33139, nrcpt=1 (queue active)
Nov 17 09:47:19 localhost postfix/smtp[27704]: C16D772BB5: host imx1.rambler.ru[81.19.66.235] said: 450 4.1.8 <ilarion.korolev@judwin.demon.co.uk>: Sender address rejected: Domain not found (in reply to RCPT TO command)
Nov 17 09:47:20 localhost postfix/smtp[27704]: C16D772BB5: to=<88nika108@rambler.ru>, relay=imx1.rambler.ru[81.19.66.234]:25, delay=17125, delays=17123/0.02/1.3/0.2, dsn=4.1.8, status=deferred (host imx1.rambler.ru[81.19.66.234] said: 450 4.1.8 <ilarion.korolev@judwin.demon.co.uk>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Nov 17 09:47:46 localhost postfix/smtp[27702]: 138A972BB1: host mxs.mail.ru[217.69.139.150] said: 421 DNS problem (mail.starce.net). Try again later (in reply to MAIL FROM command)
Nov 17 09:47:50 localhost postfix/smtp[27705]: connect to mail.zoomlynx.com[206.251.24.106]:25: Connection timed out
Nov 17 09:47:50 localhost postfix/smtp[27705]: E6BC972C23: lost connection with mail.zoomlynx.com[206.251.24.108] while receiving the initial server greeting
Nov 17 09:47:51 localhost postfix/smtp[27705]: E6BC972C23: to=<miroslava.tarasova@zoomlynx.com>, relay=smtp.zoomlynx.com[206.251.24.108]:25, delay=6951, delays=6919/0.03/32/0, dsn=4.4.2, status=deferred (lost connection with smtp.zoomlynx.com[206.251.24.108] while receiving the initial server greeting)

can anyone help here?

Answer 1

Mails are coming from the following mail addresses.

biryukova@dak-cat-stroitelnye-materialy-kirpich-kamen-bloki

viktor.golubev@consulfrance-stanbul.org

adelaida.egorova@mail.starce.net

akim.makarov@quake.com.ua

ilarion.korolev@judwin.demon.co.uk

& Mails are being delivered to the following addresses

yuliy.kirillov@narad.crimea.com

anisim.petuhov@smereka.com.ua

sevastyan.larionov@alex.krc.karelia.ru

oleg.rusakov@scbglobal.net

aglaya.abramova@konkovotur.ru

miroslava.tarasova@zoomlynx.com

Added to that there is this error message

ilarion.korolev@judwin.demon.co.uk: Sender address rejected: Domain not found (in reply to RCPT TO command))

& then you have a number of empty from (sender) addresses

from=<>

Which probably means the sender address is fake. But postfix is letting the mails through anyway, I think it is save to say that you have a problem.

Answer 2

Empty from(sender) address usually means that your server is sending MAILER-DAEMON messages such as: "Undelivered Mail Returned to Sender" sometimes it may be backscatter.

Nov 17 09:47:18 localhost postfix/qmgr[21748]: C16D772BB5: from=<ilarion.korolev@judwin.demon.co.uk>, size=34250, nrcpt=1 (queue active)
Nov 17 09:47:19 localhost postfix/smtp[27704]: C16D772BB5: host imx1.rambler.ru[81.19.66.235] said: 450 4.1.8 <ilarion.korolev@judwin.demon.co.uk>: Sender address rejected: Domain not found (in reply to RCPT TO command)
Nov 17 09:47:20 localhost postfix/smtp[27704]: C16D772BB5: to=<88nika108@rambler.ru>, relay=imx1.rambler.ru[81.19.66.234]:25, delay=17125, delays=17123/0.02/1.3/0.2, dsn=4.1.8, status=deferred (host imx1.rambler.ru[81.19.66.234] said: 450 4.1.8 <ilarion.korolev@judwin.demon.co.uk>: Sender address rejected: Domain not found (in reply to RCPT TO command))

If your domain address is judwin.demon.co.uk then it doesn't have correct DNS entery. Otherwise it seems that your server is an open mail relay or at least it doesn't verify sender addresses for outgoing mails.