How to understand this piece of maillog?

Sometimes, early in the morning (around 3am / 4am) my Server (a Linux Centos Server with Apache/Postfix) presents high volume of postfix and amavisd operations (I see this by "top" and "service amavisd status" commands, or looking at maillog file).

I can't believe that these are due to legal email operations from my customers, at this time. Much probably this must be due to someone using my server to relay spam email sending. Although my server does not have open relay, it is possible that some customer or someone with some customer's password, can be doing this.

I am trying to understand maillog data so that,when this happens I could find any useful info about this to help me in blocking these guys. See, for instance, this piece of the maillog file in attach. This is from a normal email sending operation. I send one email from "" to "". Could anyone explain these lines to me (if possible, one-by-one) so that I can understand each of them. E please, what of these lines tell me that this send operation used my Server as the relay (as smtp)?

Thanks a lot.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

multisitesAuthor Commented:
Sorry, I forgot the maillog file. Here is goes.
cjl7freelance for hireCommented:
From where do you allow relaying?

Is your domain blacklisted (as an open relay, or as a spammer)?

If someone is using computers (hacked or not) from where you allow relaying that is "ok", at least as far as postfix goes. That doesn't mean that the emails sent aren't spam or otherwise unwanted.

The error suggest that the mx record isn't corresponding with the domain (I think), but not sure. I'm on the bus so I'll get back to you on that.

multisitesAuthor Commented:
All our customer's domains whose mailboxes are on this server have SPF records adequately configured. This Server has not open relay and it has RDNS (reversal). Ok, it can be listed eventually in one or two blacklists due to mass email from a customer or from someone who has one customer's password. That' why I need to understand these mailllog lines, so that I can, at any moment, "see" what is happening. Thanks.
PS: The piece of maillog I attached is from a good email sending, I myself sent that email to have the related maillog lines and understand it.
Where is bad sending :) example!?!

This what I see: is usual log: when you send:
"Open relay? Nonlocal recips but not originating:"

You are permitted to send from your machine "anything that you want", that's remote server is who must  check whats going to enter and from who! It's strange that message are accepted from him.

If you want to check "Sender address verification for all email" look at:

If you see other like this it's SPAM :), some PC was bugs.

Please send other log that really troubles you.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.