POSTFIX - SPAM / nie SPAM

Śro, 4 Maj 2011, 10:55:45 CEST

W /var/spool/postfix/active pojawiają się pliki o podobnej treści:

CO          24118            4740              50               0     24118T#1304368774 727828A#create_time=1304368774A#rewrite_context=remoteA#sasl_method=LOGINA#sasl_username=pppS#paypal w service.netA log_client_address=209.40.234.68A#log_client_port=2049A)log_message_origin=unknown[209.40.234.68]A#log_helo_name=UserA#log_protocol_name=ESMTPA#client_name=unknownA6reverse_client_name=209-40-234-68.browndognetworks.comA#client_address=209.40.234.68A#client_port=2049A#helo_name=UserA#client_address_type=2A'dsn_dsn_orig_rcpt=rfc822;nuttyrmike w aol.comO#nuttyrmike w aol.comR#nuttyrmike w aol.comA2dsn_orig_rcpt=rfc822;nuttytart2002 w btopenworld.comO#nuttytart2002 w btopenworld.comD#nuttytart2002 w btopenworld.comA)dsn_orig_rcpt=rfc822;nuttytraceys w aol.comO#nuttytraceys w aol.comR#nuttytraceys w aol.comA+dsn_orig_rcpt=rfc822;nuttz w worldnet.att.comO#nuttz w worldnet.att.comR#nuttz w worldnet.att.comA(dsn_orig_rcpt=rfc822;nuttz9699 w yahoo.comO#nuttz9699 w yahoo.comD#nuttz9699 w yahoo.comA,dsn_orig_rcpt=rfc822;nutuongcuop16 w yahoo.comO#nutuongcuop16 w yahoo.comD#nutuongcuop16 w yahoo.comA"dsn_orig_rcpt=rfc822;nutup w aol.comO
nutup w aol.comR
nutup w aol.comA'dsn_orig_rcpt=rfc822;nuyorekan1 w aol.comO#nuyorekan1 w aol.comR#nuyorekan1 w aol.comA(dsn_dsn_orig_rcpt=rfc822;nuyorican77 w aol.comO#nuyorican77 w aol.comR#nuyorican77 w aol.comA+dsn_orig_rcpt=rfc822;nuyoricanchula w aol.comO#nuyoricanchula w aol.comR#nuyoricanchula w aol.comA+dsn_orig_rcpt=rfc822;nuyoricantaste w aol.comO#nuyoricantaste w aol.comR#nuyoricantaste w aol.comA)dsn_orig_rcpt=rfc822;nuyork w bellsouth.netO#nuyork w bellsouth.netR#nuyork w bellsouth.netA&dsn_orig_rcpt=rfc822;nuyorka22 w aol.comO#nuyorka22 w aol.comR#nuyorka22 w aol.comA/dsn_orig_rcpt=rfc822;nuyoulifestyle w hotmail.comO#nuyoulifestyle w hotmail.comD#nuyoulifestyle w hotmail.comA'dsn_dsn_orig_rcpt=rfc822;nuysya w hotmail.comO#nuysya w hotmail.comD#nuysya w hotmail.comA)dsn_orig_rcpt=rfc822;nuyttena w hotmail.comO#nuyttena w hotmail.comD#nuyttena w hotmail.comA#dsn_orig_rcpt=rfc822;nuywka w aol.comO#nuywka w aol.comR#nuywka w aol.comA%dsn_orig_rcpt=rfc822;nuz107 w webtv.netO#nuz107 w webtv.netD#nuz107 w webtv.netA,dsn_orig_rcpt=rfc822;nuza_nucita w hotmail.c
omO#omO#omO#nuza_nucita w hotmail.comD#nuza_nucita w hotmail.comA)dsn_orig_rcpt=rfc822;nuzakhan w hotmail.comO#nuzakhan w hotmail.comD#nuzakhan w hotmail.comA*dsn_orig_rcpt=rfc822;nuzbear w bellsouth.netO#nuzbear w bellsouth.netR#nuzbear w bellsouth.netA#dsn_orig_rcpt=rfc822;nuzbom w aol.comO#nuzbom w aol.comR#nuzbom w aol.comA.dsn_orig_rcpt=rfc822;nuzhatkamal42 w hotmail.comO#nuzhatkamal42 w hotmail.comD#nuzhatkamal42 w hotmail.comA)dsn_orig_rcpt=rfc822;nuzirat_85 w yahoo.comO#nuzirat_85 w yahoo.comD#nuzirat_85 w yahoo.comA(dsn_orig_rcpt=rfc822;nuzt02a w prodigy.comO#nuzt02a w prodigy.comR#nuzt02a w prodigy.comA*dsn_orig_rcpt=rfc822;nv_displaya w yahoo.comO#nv_displaya w yahoo.comD#nv_displaya w yahoo.comA(dsn_orig_rcpt=rfc822;nv_suresh w yahoo.comO#nv_suresh w yahoo.comD#nv_suresh w yahoo.comA'dsn_orig_rcpt=rfc822;nv0106 w hotmail.comO#nv0106 w hotmail.comD#nv0106 w hotmail.comA!dsn_orig_rcpt=rfc822;nv1 w gate.netO

Co to może być ?
Szczególnie zastanawia mnie
"ewrite_context=remoteA#sasl_method=LOGINA#sasl_username=pppS#paypal w service.net"
Sprawdzałem i serwer nie jest open-relay
Czy jakiś spammer wykorzystuje jakieś konto do rozsyłania spamu ?
Jeśli tak, jak sprawdzić które ?
W /var/log/mailog sa wpisy :

May  4 10:44:22 nms postfix/smtp[1940]: D6B9BF301: to=<nuttz w worldnet.att.com>, relay=cluster7.us.messagelabs.com[216.82.241.195]:25, delay=129887, delays=136025/36/0/399, dsn=5.0.0, status=bounced (host cluster7.us.messagelabs.com[216.82.241.195] said: 553-Message filtered. Please see the FAQs section on spam 553-at http://www.messagelabs.com/support/ for more 553 information. (#5.7.1) (in reply to end of DATA command))
May  4 10:44:22 nms postfix/cleanup[3869]: 9114EF746: message-id=<20110504084422.9114EF746 w nms.infolan.net.pl>
May  4 10:44:22 nms postfix/bounce[3863]: D6B9BF301: sender non-delivery notification: 9114EF746
May  4 10:44:22 nms postfix/qmgr[9112]: 9114EF746: from=<>, size=26292, nrcpt=1 (queue active)
May  4 10:44:23 nms postfix/smtp[1957]: 9114EF746: host smtp.secureserver.net[216.69.186.201] refused to talk to me: 554-m1pismtp01-020.prod.mesa1.secureserver.net 554 Your access to this mail system has been rejected due to spam or virus content. If you believe that this failure is in error, please submit an unblock request at  http://unblock.secureserver.net
May  4 10:44:24 nms postfix/smtp[1957]: 9114EF746: to=<paypal w service.net>, relay=mailstore1.secureserver.net[216.69.186.201]:25, delay=2.3, delays=0.27/0.03/2/0, dsn=4.0.0, status=deferred (host mailstore1.secureserver.net[216.69.186.201] refused to talk to me: 554-m1pismtp01-015.prod.mesa1.secureserver.net 554 Your access to this mail system has been rejected due to spam or virus content. If you believe that this failure is in error, please submit an unblock request at  http://unblock.secureserver.net)
[...]
envirocost.com[216.8.179.27]:25: Connection timed out)
May  4 12:29:17 nms postfix/smtp[1944]: connect to yahoo.cm[68.180.206.184]:25: Connection timed out
May  4 12:29:17 nms postfix/smtp[1944]: E5B3824E: to=<hotkay64 w yahoo.cm>, relay=none, delay=132487, delays=132336/91/60/0, dsn=4.4.1, status=deferred (connect to yahoo.cm[68.180.206.184]:25: Connection timed out)
May  4 12:29:18 nms postfix/smtp[1950]: connect to addre.com[82.98.86.164]:25: Connection timed out
May  4 12:29:18 nms postfix/smtp[1950]: 3D78BE553: to=<agoldwaer_2000 w addre.com>, relay=none, delay=332566, delays=332421/115/30/0, dsn=4.4.1, status=deferred (connect to addre.com[82.98.86.164]:25: Connection timed out)
May  4 12:29:18 nms postfix/smtp[1991]: connect to mail-atl01.intellisync.com[64.74.112.136]:25: Connection timed out
May  4 12:29:18 nms postfix/smtp[1991]: E014245F: to=<ryu w pumatech.com>, relay=none, delay=60513, delays=60361/91/60/0, dsn=4.4.1, status=deferred (connect to mail-atl01.intellisync.com[64.74.112.136]:25: Connection timed out)
May  4 12:29:20 nms postfix/smtp[1978]: connect to sbcglobal.com[144.160.134.61]:25: Connection timed out
May  4 12:29:21 nms postfix/smtp[1958]: 31026E8C7: to=<onien w plantnet.com>, relay=none, delay=330333, delays=330185/118/30/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=plantnet.com type=MX: Host not found, try again)

Z góry dziękuję za pomoc
Krzysztof