Spam from my server???

[JuanCar]

I've received a report from aol about a spam from my server, and by the same time my Ip appears in CBL.

In the header of the message I read

Return-Path: <[email protected]>
Received: from mydomain.com (mydomain.com [xxx.xxx.xxx.xxx])
by mtain-dd01.r1000.mx.aol.com (Internet Inbound) with SMTP id D0490380000AE
for <[email protected]>; Fri, 1 Nov 2013 11:06:31 -0400 (EDT)
Received: from verlenea by gateoo.mydomain.com with local (Exim 4.51)
id V1ZE1S-Li6MSS-YH
for [email protected]; Fri, 01 Nov 2013 16:21:07 +0100

And, well, my server uses qmail not exim (plesk uses qmail by default)

I checked my mail server looking for relay but it's closed.
I've a wrapper in sendmail so all message pass trough my own email
Of course in my log doen't appear this email address, which is not an user of my server

Any explication?

How set a rule in IPtables to increase the security of SMTP? I saw in CBL:

iptables -A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 25 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mail -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mailman -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner root -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable


But which are gid-owners in Plesk: mail and mailman too?

Is it compatible with horde?


Thanks

 

[JuanCar]

I need help, please. I hove no idea how is hapening this spam from my IP.
There is no data in mail log, MailerDaemon dosenot return email bounced

I see now in SNDS of Hotmail more tan 5000 mails from my IP.

This is the header of one email (I've got it in SNDS) (xx.xx.xx.xx is my IP)

X-HmXmrOriginalRecipient: [email protected]
X-Reporter-IP: 187.114.66.163
x-store-info:4r51+eLowCe79NzwdU2kR3P+ctWZsO+J
Authentication-Results: hotmail.com; spf=none (sender IP is xx.xx.xx.xx) [email protected]; dkim=none header.d=unewsonline.com; x-hmca=none [email protected]
X-SID-PRA: [email protected]
X-AUTH-Result: NONE
X-SID-Result: NONE
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Message-Info: 3c21WZ1hAltI9DuizMAEE95U0qFS0yhWsfaOUs3RwK6jTNh2oEbqSysRa63Ltd+sTNbu6RKaSQnOcjbBX6sjUAuzYWYWDWmTBvDoYj749ncGugLhVqBrcUwBxXFKlukST2GBBk5G7c8S/1b1VnB2DGL1w26aEq3LyKBqL4VdUFP204kUxso3AqJcm5gQifhknQO7Homxwr5o9B124zNGfGrymYZrLRXx
Received: from mydomain.com ([xx.xx.xx.xx]) by BAY0-MC3-F52.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
Fri, 1 Nov 2013 12:27:26 -0700
Return-path: <[email protected]>
Received: (qmail 44925 invoked by uid 29227); 02 Nov 2013 04:38:35 -0000
Date: 02 Nov 2013 04:38:35 -0000
Message-ID: <[email protected]>
From: "Northrop" <[email protected]>
To: "pit-bulljuly" <[email protected]>
Subject: Someone vicious out there is open to a date with you right now! See my dirty pictures
Mime-Version: 1.0
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
X-OriginalArrivalTime: 01 Nov 2013 19:27:26.0345 (UTC) FILETIME=[65A00790:01CED738]


I can not understand what is happening!!! I need help!!!

I know this mail is not from sendmail (I have a wrapper to catch mails via sendmail). My logs have no mails to Hotmail!!!
I have SPF and DKIM, but I see

Authentication-Results: hotmail.com; spf=none (sender IP is xx.xx.xx.xx) [email protected]; dkim=none header.d=unewsonline.com; x-hmca=none [email protected]

Please any help about this terrible situation!!!

Thanks