I have a Plesk 9.5 mail server (cm.snowbarre.co.za) on Ubuntu 8.04 LTS which forwards all SMTP traffic to an anti-spam server cacti.snowbarre.co.za. Many times I see the headers on the anti-spam server to contain from addresses not hosted on the mail server and I have checked and confirmed that my server is not an open relay server. How can a spammer be using my server to relay spam traffic? How can I stop this?

Open relay test:

paddington@paddington-MS-7387:~$ telnet cm 25

Trying 196.201.x.x...

Connected to cm.

Escape character is '^]'.

220 cm.snowbarre.co.za ESMTP Postfix (Ubuntu)

mail from:[email protected]

250 2.1.0 Ok

rcpt:[email protected]

221 2.7.0 Error: I can break rules, too. Goodbye.

Connection closed by foreign host.

paddington@paddington-MS-7387:~$ 

A typical headers is:

*Received    from cm.snowbarre.co.za (cm.snowbarre.co.za[196.201.x.x])  by cacti.snowbarre.co.za (Postfix) with ESMTPS id 00B601881AD;  Mon, 27 Aug 2012 14:03:29 +0200 (SAST)

Received     from cm.snowbarre.co.za (localhost [127.0.0.1])    by cm.snowbarre.co.za (Postfix) with ESMTP id 81627367E007; Mon, 27 Aug 2012 14:02:50 +0200 (SAST)

Received     from User (ml82.128.x.x.multilinksg.com [82.128.x.x])  by cm.snowbarre.co.za (Postfix) with ESMTP; Mon, 27 Aug 2012 14:02:49 +0200 (SAST)

Reply-To     <[email protected]>

From     "Ms Nkeuri Aguiyi"<[email protected]>

Subject Your Unpaid Fund.

Date    Mon, 27 Aug 2012 05:03:22 -0700

MIME-Version    1.0
Content-Type    text/html;  charset="Windows-1251"
Content-Transfer-Encoding   7bit
X-Priority  3
X-MSMail-Priority   Normal
X-Mailer    Microsoft Outlook Express 6.00.2600.0000

X-MimeOLE   Produced By Microsoft MimeOLE V6.00.2600.0000

X-Antivirus avast! (VPS 120821-0, 08/21/2012), Outbound message

X-Antivirus-Status  Clean

Message-Id  <[email protected]>

To  undisclosed-recipients:;*