ubuntu hardy SPAM issue

If this is a web server, my guess would be that it has been compromised and now tries to send spam to the world.
Check /var/log/mail.log, see who submits the messages.

Tamas

Here is a part of the log: (not sure what this tells me?)

Feb  5 09:39:01 myserver01 postfix/bounce[20672]: 14E5BC1F19: sender non-delivery notification: 673BDC1433
Feb  5 09:39:01 myserver01 postfix/qmgr[5146]: 14E5BC1F19: removed
Feb  5 09:39:01 myserver01 postfix/local[20674]: 673BDC1433: to=<thisisme@myemail.com>, relay=local, delay=0.04, delays=0.02/0.01/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
Feb  5 09:39:01 myserver01 postfix/qmgr[5146]: 673BDC1433: removed
Feb  5 09:39:03 myserver01 postfix/smtp[20599]: connect to o.webmd.com[63.140.35.28]:25: Connection timed out
Feb  5 09:39:03 myserver01 postfix/smtp[20599]: D3C86C2A46: to=<nikkii.haggard@o.webmd.com>, relay=none, delay=335678, delays=335374/154/150/0, dsn=4.4.1, status=deferred (connect to o.webmd.com[63.140.35.28]:25: Connection timed out)
Feb  5 09:39:04 myserver01 postfix/smtp[20543]: D31F7C239D: host mailin-02.mx.aol.com[205.188.59.193] refused to talk to me: 554- (RTR:SC)  http://postmaster.info.aol.com/errors/554rtrsc.html 554  Connecting IP: xxx.xxx.xxx.xxx
Feb  5 09:39:05 myserver01 postfix/smtp[20618]: connect to answers.yahoo.com[216.115.110.119]:25: Connection timed out
Feb  5 09:39:05 myserver01 postfix/smtp[20618]: D0296C2618: to=<meetadmin@answers.yahoo.com>, relay=none, delay=410572, delays=410267/155/150/0, dsn=4.4.1, status=deferred (connect to answers.yahoo.com[216.115.110.119]:25: Connection timed out)
Feb  5 09:39:07 myserver01 postfix/smtp[20543]: D31F7C239D: host mailin-04.mx.aol.com[64.12.90.66] refused to talk to me: 554- (RTR:SC)  http://postmaster.info.aol.com/errors/554rtrsc.html 554  Connecting IP: xxx.xxx.xxx.xxx
Feb  5 09:39:12 myserver01 postfix/smtp[20566]: 069E9C2EB2: to=<ea_3tfaison@apsa.org>, relay=mail.apsa.org[173.13.88.187]:25, delay=324845, delays=324531/0.94/11/301, dsn=4.4.2, status=deferred (conversation with mail.apsa.org[173.13.88.187] timed out while sending RCPT TO)
Feb  5 09:39:17 myserver01 postfix/smtpd[20677]: warning: 209.54.32.182: hostname salesfrc.net verification failed: Name or service not known
Feb  5 09:39:17 myserver01 postfix/smtpd[20677]: connect from unknown[209.54.32.182]
Feb  5 09:39:18 myserver01 postfix/smtpd[20677]: NOQUEUE: reject: RCPT from unknown[209.54.32.182]: 554 5.7.1 Service unavailable; Client host [209.54.32.182] blocked using sbl.spamhaus.org; http://www.spamhaus.org/sbl/query/SBLCSS; from=<gfr@wootmerce.com> to=<thisisme@myemail.com> proto=ESMTP helo=<hfe182.wootmerce.com>
Feb  5 09:39:18 myserver01 postfix/smtpd[20677]: disconnect from unknown[209.54.32.182]

Okay, so looks like you are actually running a full fledged mail server on your ubuntu host?
In that case please describe your intended operation, and post a sanitized postfix config.

I would like only authorized users to have the ability to send mail via SMTP.  I want to block anything else.  

Here is the "main.cf" file.  (I think this is what you are looking for)

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mymailserver.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mymailserver.com, localhost
relayhost =
mynetworks = 127.0.0.0/8
#mailbox_command = procmail -a "$EXTENSION"
mailbox_command =
mailbox_size_limit = 0
message_size_limit = 51200000
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
home_mailbox = Maildir/
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
#smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,reject_rbl_client zen.spamhaus.org
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org, permit
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

Okay, so:
- you want users on the internal network to be able to send email out with smtp on this server?
- do you want authenticated users from the outside to be able to send to the world through this server?
- do you want to accept email from the outside for your own domain on this server?
- do you have a fully qualified domain name forward and reverse record for this server?
- do you actually own mymailserver.com?

- you want users on the internal network to be able to send email out with smtp on this server?
YES

- do you want authenticated users from the outside to be able to send to the world through this server?
YES - i.e. when the internal users take their laptops home.

- do you want to accept email from the outside for your own domain on this server?
YES

- do you have a fully qualified domain name forward and reverse record for this server?
NOT SURE, how do I verify this?

- do you actually own mymailserver.com?
YES

DNS forward and reverse:
You could run an nslookup on your mail server name, like

nslookup mail.mymailserver.com

Select all Open in new window

and another nslookup on the IP you got back from the previous query, like

nslookup 1.2.3.4

Select all Open in new window

which should give you back mail.mymailserver.com.

Can you post a few examples of those non deliverable mail reports?

You have
>>>smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
However you also have
smtpd_tls_auth_only = no
Why is that?

Further have you checked if you system is acting as open relay? Check your server IP from the following links:
http://mxtoolbox.com/diagnostic.aspx
http://www.mailradar.com/openrelay/
http://www.checkor.com/

Sudeep

using easydns.com
The MX record is pointing to mymailserver.com

C:\Users\Me>nslookup xxx.xxx.xxx.xxx
Server:  dsldns-in.embarqhsd.net
Address:  67.235.xxx.xxx

Name:    30.207.xxx.xxx.DED-DSL.fuse.net
Address:  xxx.xxx.xxx.xxx

C:\Users\Me>nslookup mymailserver.com
Server:  dsldns-in.embarqhsd.net
Address:  67.235.xxx.xxx

Non-authoritative answer:
Name:    mymailserver.com
Address:  xxx.xxx.xxx.xxx

I will get you the non deliverable reports.
Everything has worked fine for years, the problem just started last 3 weeks.

sudeep - I don't know.  I am a newbie at this.

Mailradar gives me:
Port 25 is Closed at xxx.xxx.xxx.xxx
Test aborted.

MXToolbox gives me all checks, except for:
SMTP Reverse DNS Mismatch       Warning - Reverse DNS does not match SMTP Banner

I created a block rule for Port 25 in my Cisco Router.  This is what is being blocked.
The MAC address is that of the router and the server.

If he shut down port 25, it won't be detected as an open relay at the moment, but it can't stay like this for long if he wants to use it.

Here it is:
mylogin@myserver01:~$ sudo tail -f /var/log/mail.log | grep to=


Feb  6 13:35:08 myserver01 postfix/smtp[13212]: 9E29C4D575: to=<cigars@ersecorvo.com>, relay=none, delay=168650, delays=168580/9.8/60/0, dsn=4.4.1, status=deferred (connect to ersecorvo.com[66.152.109.70]:25: Connection timed out)
Feb  6 13:35:09 myserver01 postfix/smtp[13171]: 3B878C2B44: to=<jfultz@data.cmcore.com>, relay=none, delay=436154, delays=436084/40/30/0, dsn=4.4.1, status=deferred (connect to data.cmcore.com[199.255.33.45]:25: Connection timed out)
Feb  6 13:35:09 myserver01 postfix/local[13229]: 3786A4D426: to=<MYEMAIL@MYDOMAIN.com>, relay=local, delay=0.03, delays=0.02/0/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
Feb  6 13:35:13 myserver01 postfix/smtp[13128]: D4A5FC1879: to=<jaybusbygryt@gutel.com>, relay=none, delay=162455, delays=162380/43/31/0, dsn=4.4.1, status=deferred (connect to gutel.com[211.106.65.112]:25: Connection timed out)
Feb  6 13:35:15 myserver01 postfix/smtp[13222]: 943DBC2E16: to=<wood-biz@suichi.info>, relay=none, delay=426021, delays=425945/16/60/0, dsn=4.4.1, status=deferred (connect to suichi.info[69.16.143.70]:25: Connection timed out)
Feb  6 13:35:25 myserver01 postfix/smtp[13224]: DA48AC169C: to=<s28d642ohpc63@corp.supernews.com>, relay=none, delay=165106, delays=165020/56/30/0, dsn=4.4.1, status=deferred (connect to corp.supernews.com[216.168.3.44]:25: Connection timed out)
Feb  6 13:35:29 myserver01 postfix/smtp[13130]: D9A13C15FC: to=<mbogart@a1.interclick.com>, relay=none, delay=165286, delays=165196/60/30/0, dsn=4.4.1, status=deferred (connect to a1.interclick.com[74.122.143.72]:25: Connection timed out)
Feb  6 13:35:29 myserver01 postfix/smtp[13132]: D66074D7E5: to=<glazetd@eudict.com>, relay=none, delay=165328, delays=165237/60/30/0, dsn=4.4.1, status=deferred (connect to eudict.com[216.70.108.87]:25: Connection timed out)
Feb  6 13:35:29 myserver01 postfix/smtp[13139]: DA212C2B8D: to=<kelsy@msnbc.msn.com>, relay=none, delay=434768, delays=434677/60/30/0, dsn=4.4.1, status=deferred (connect to msnbc.msn.com[65.55.53.235]:25: Connection timed out)
Feb  6 13:35:29 myserver01 postfix/local[13229]: 625CD4D42B: to=<MYEMAIL@MYDOMAIN.com>, relay=local, delay=0.03, delays=0.03/0/0/0, dsn=2.0.0, status=sent (delivered to maildir)
Feb  6 13:35:29 myserver01 postfix/smtp[13143]: DE7D64D69C: to=<pyrexgo79@proracingsimtv.com>, relay=none, delay=178660, delays=178569/60/30/0, dsn=4.4.1, status=deferred (connect to mail.proracingsimtv.com[216.37.76.2]:25: Connection timed out)
Feb  6 13:35:29 myserver01 postfix/smtp[13151]: 0767AC1415: to=<jparker@mail.aol.com>, relay=none, delay=182434, delays=182343/0.85/90/0, dsn=4.4.1, status=deferred (connect to mail.aol.com[205.188.16.149]:25: Connection timed out)
Feb  6 13:35:29 myserver01 postfix/smtp[13131]: D0AA7C14CB: to=<states@secure.ian.com>, relay=none, delay=171991, delays=171901/60/30/0, dsn=4.4.1, status=deferred (connect to secure.ian.com[216.251.126.131]:25: Connection timed out)
Feb  6 13:35:29 myserver01 postfix/smtp[13149]: DEE2AC2B4E: to=<homes@valeries.com>, relay=none, delay=436182, delays=436091/60/30/0, dsn=4.4.1, status=deferred (connect to valeries.com[82.98.86.167]:25: Connection timed out)
Feb  6 13:35:29 myserver01 postfix/smtp[13138]: DF180C2D8D: to=<ekinder@uid.shoplocal.com>, relay=none, delay=427266, delays=427175/60/30/0, dsn=4.4.1, status=deferred (connect to uid.shoplocal.com[167.8.225.33]:25: Connection timed out)
Feb  6 13:35:29 myserver01 postfix/smtp[13152]: DB428C2BB9: to=<hjones@rslusa.com>, relay=none, delay=435104, delays=435013/61/30/0, dsn=4.4.1, status=deferred (connect to rslusa.com[208.91.196.50]:25: Connection timed out)
Feb  6 13:35:29 myserver01 postfix/local[13229]: CA1554D42F: to=<MYEMAIL@MYDOMAIN.com>, relay=local, delay=0.03, delays=0.03/0/0/0, dsn=2.0.0, status=sent (delivered to maildir)
Feb  6 13:35:29 myserver01 postfix/local[13229]: D1A614D42D: to=<MYEMAIL@MYDOMAIN.com>, relay=local, delay=0.03, delays=0.02/0/0/0, dsn=2.0.0, status=sent (delivered to maildir)
Feb  6 13:35:29 myserver01 postfix/smtp[13136]: DE305C2C79: to=<faustinonelson_zx@pnte.cfnavarra.es>, relay=none, delay=434576, delays=434485/60/31/0, dsn=4.4.1, status=deferred (connect to aralar.pnte.cfnavarra.es[195.76.216.3]:25: Connection timed out)
Feb  6 13:35:29 myserver01 postfix/local[13229]: EC2764D42F: to=<MYEMAIL@MYDOMAIN.com>, relay=local, delay=0.02, delays=0.02/0/0/0, dsn=2.0.0, status=sent (delivered to maildir)
Feb  6 13:35:30 myserver01 postfix/smtp[13165]: 923A9C1523: to=<searches@villamalgae.com>, relay=none, delay=171968, delays=171877/31/60/0, dsn=4.4.1, status=deferred (connect to villamalgae.com[66.152.109.70]:25: Connection timed out)
Feb  6 13:35:30 myserver01 postfix/smtp[13162]: 95CD4C5666: to=<jpb1143@students.pjc.edu>, relay=none, delay=412817, delays=412725/31/60/0, dsn=4.4.1, status=deferred (connect to students.pjc.edu[66.152.109.70]:25: Connection timed out)
Feb  6 13:35:30 myserver01 postfix/smtp[13179]: 9FCA14D776: to=<john_hanley@bxadycorp.com>, relay=none, delay=170755, delays=170664/31/60/0, dsn=4.4.1, status=deferred (connect to bxadycorp.com[69.16.143.70]:25: Connection timed out)
Feb  6 13:35:30 myserver01 postfix/smtp[13174]: 6F9A7C2BA7: to=<cwanish@media.gsimedia.net>, relay=none, delay=435200, delays=435108/1.3/90/0, dsn=4.4.1, status=deferred (connect to media.gsimedia.net[74.217.59.19]:25: Connection timed out)
Feb  6 13:35:30 myserver01 postfix/local[13229]: 6AC0E4D432: to=<MYEMAIL@MYDOMAIN.com>, relay=local, delay=0.02, delays=0.02/0/0/0, dsn=2.0.0, status=sent (delivered to maildir)
Feb  6 13:35:30 myserver01 postfix/smtp[13158]: 9B46E4DA6F: to=<k_muraj_ia@nedllc.mo>, relay=none, delay=165953, delays=165862/31/60/0, dsn=4.4.1, status=deferred (connect to nedllc.mo[66.152.109.70]:25: Connection timed out)
Feb  6 13:35:30 myserver01 postfix/smtp[13147]: DD5074D9AA: to=<dtdtiy@english.ivsz.hu>, relay=none, delay=178867, delays=178775/60/31/0, dsn=4.4.1, status=deferred (connect to english.ivsz.hu[84.2.39.122]:25: Connection timed out)
Feb  6 13:35:31 myserver01 postfix/smtp[13189]: 9168CC2E30: to=<expert@gladefern.com>, relay=none, delay=425965, delays=425873/32/60/0, dsn=4.4.1, status=deferred (connect to gladefern.com[66.152.109.70]:25: Connection timed out)
Feb  6 13:35:31 myserver01 postfix/smtp[13201]: 9C6F9C2EA3: to=<diafrate@1031helpcenter.com>, relay=none, delay=425467, delays=425375/32/60/0, dsn=4.4.1, status=deferred (connect to 1031helpcenter.com[69.16.143.70]:25: Connection timed out)
Feb  6 13:35:31 myserver01 postfix/smtp[13209]: 9F9E1C2BED: to=<kara@at.atwola.com>, relay=none, delay=434993, delays=434900/32/60/0, dsn=4.4.1, status=deferred (connect to at.atwola.com[64.236.144.246]:25: Connection timed out)
Feb  6 13:35:31 myserver01 postfix/smtp[13211]: 32C81C18D0: to=<matt.eckler@firstunion.com>, relay=none, delay=162453, delays=162361/32/60/0, dsn=4.4.1, status=deferred (connect to firstunion.com[151.151.88.101]:25: Connection timed out)
Feb  6 13:35:31 myserver01 postfix/local[13229]: 3EC334D436: to=<MYEMAIL@MYDOMAIN.com>, relay=local, delay=0.05, delays=0.05/0/0/0, dsn=2.0.0, status=sent (delivered to maildir)
Feb  6 13:35:31 myserver01 postfix/smtp[13192]: 393F4C2EF2: to=<emailreed.kyrk@comcast.netr>, relay=none, delay=425228, delays=425136/32/60/0, dsn=4.4.1, status=deferred (connect to comcast.netr[66.152.109.70]:25: Connection timed out)
Feb  6 13:35:31 myserver01 postfix/smtp[13205]: 3DEFAC1A6E: to=<linda.kohler@cbdfw.comy>, relay=none, delay=162270, delays=162178/32/60/0, dsn=4.4.1, status=deferred (connect to cbdfw.comy[69.16.143.70]:25: Connection timed out)
Feb  6 13:35:31 myserver01 postfix/smtp[13223]: 3AA3BC2C0A: to=<kseno@chkcnt.edu>, relay=none, delay=434928, delays=434836/32/60/0, dsn=4.4.1, status=deferred (connect to chkcnt.edu[69.16.143.70]:25: Connection timed out)
Feb  6 13:35:31 myserver01 postfix/smtp[13193]: 3A37CC1DD4: to=<bonita.a.pollard@onemoremail.net>, relay=none, delay=160585, delays=160492/32/60/0, dsn=4.4.1, status=deferred (connect to onemoremail.net[66.152.109.70]:25: Connection timed out)
Feb  6 13:35:31 myserver01 postfix/local[13229]: 6F7084D43B: to=<MYEMAIL@MYDOMAIN.com>, relay=local, delay=0.04, delays=0.04/0/0/0, dsn=2.0.0, status=sent (delivered to maildir)
Feb  6 13:35:31 myserver01 postfix/smtp[13198]: 3D3964DAED: to=<customerservice@kettehttp.info>, relay=none, delay=162559, delays=162466/33/60/0, dsn=4.4.1, status=deferred (connect to kettehttp.info[66.152.109.70]:25: Connection timed out)
Feb  6 13:35:32 myserver01 postfix/smtp[13125]: 3C211C1760: to=<mita7770@gmail.co>, relay=none, delay=162548, delays=162455/33/60/0, dsn=4.4.1, status=deferred (connect to gmail.co[74.125.228.54]:25: Connection timed out)
Feb  6 13:35:32 myserver01 postfix/smtp[13207]: 35733C2C95: to=<lynnettecristy@gartmore.com>, relay=none, delay=429944, delays=429851/33/60/0, dsn=4.4.1, status=deferred (connect to decommissioned.blackh0le.com[66.152.109.70]:25: Connection timed out)

p.s.
none of the above emails where actual sent by a user.