This started yesterday morning, but I didn't notice it until last night. Digging through the logs shows the following:


Jul 24 06:15:43 dmrmail02 postfix/smtpd[29410]: initializing the server-side TLS engine
Jul 24 06:15:44 dmrmail02 postfix/smtpd[29410]: connect from mail.spgglobal.net[206.108.180.69]
Jul 24 06:15:44 dmrmail02 saslauthd[17074]: zmauth: authenticating against elected url 'https://dmrmail02.poboxdmr.com:7071/service/admin/soap/' ...
Jul 24 06:15:44 dmrmail02 saslauthd[17074]: zmpost: url='https://dmrmail02.poboxdmr.com:7071/service/admin/soap/' returned buffer->data='<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Header><context xmlns="urn:zimbra"><change token="12435"/></context></soap:Header><soap:Body><AuthResponse xmlns="urn:zimbraAccount"><authToken>0_c14775f6c9e 1292b7aa22d3462f1ec864a62837f_69643d33363a31343939 373931312d666537312d346237312d626538642d6232386166 663963353766623b6578703d31333a31323137303738313434 3736353b747970653d363a7a696d6272613b6d61696c686f73 743d31353a36392e32382e3130382e32393a38303b</authToken><lifetime>172799999</lifetime><skin>sand</skin></AuthResponse></soap:Body></soap:Envelope>', hti->error=''
Jul 24 06:15:44 dmrmail02 saslauthd[17074]: auth_zimbra: contact auth OK
Jul 24 06:15:45 dmrmail02 postfix/smtpd[29410]: 4325D98A40FF: client=mail.spgglobal.net[206.108.180.69], sasl_method=LOGIN, sasl_username=xxxxxx
Jul 24 06:15:48 dmrmail02 postfix/cleanup[29413]: 4325D98A40FF: message-id=<20080724131545.4325D98A40FF@dmrmail02.poboxdmr .com>
Jul 24 06:15:48 dmrmail02 postfix/qmgr[17045]: 4325D98A40FF: from=<refunds@irs.gov>, size=3131, nrcpt=30 (queue active)
Jul 24 06:15:48 dmrmail02 amavis[15020]: (15020-13) ESMTP::10024 /opt/zimbra/data/amavisd/tmp/amavis-20080723T162658-15020: <refunds@irs.gov> -> <abamedia@abamedia.com>,<abana@abana.org>,<aballag @airweb2.org>,<abaret1@aisd.net>,<abandler@aol.com >,<abarber51@aol.com>,<abarberino@aol.com>,<abarbu to@bu.edu>,<abaldwin@centralcarolinasoil.com>,<aba rgerhuff@dallergreenberg.com>,<abarbour@du.edu>,<a ballard@gassville.com>,<aballagh@georgiasouthern.e du>,<aballroy@hotmail.com>,<abander@hotmail.com>,< abarger1@hotmail.com>,<aba-ptl@mail.abanet.org>,<abarber@massasoit.org>,<abar ak@mscc.huji.uc.ils>,<abarcenasjr@msn.com>,<abarbe tt@neo.rr.com>,<abarchetto@njm.com>,<aban.ltd@pars online.net>,<abanister@quantumhydraulic.com>,<aban calari@restaurantassociates.com>,<aball@statesman. com>,<abarbee@txculturaltrust.org>,<aballen1@veriz on.net>,<abana@yahoo.com>,<abaquel@yahoo.com> SIZE=3131 Received: from dmrmail02.poboxdmr.com ([127.0.0.1]) by localhost (dmrmail02.poboxdmr.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP; ...
Jul 24 06:15:48 dmrmail02 amavis[15020]: (15020-13) ...Thu, 24 Jul 2008 06:15:48 -0700 (PDT)
Jul 24 06:15:48 dmrmail02 amavis[15020]: (15020-13) Checking: O2Nls-TF+QjH [206.108.180.69] <refunds@irs.gov> -> <abamedia@abamedia.com>,<abana@abana.org>,<aballag @airweb2.org>,<abaret1@aisd.net>,<abandler@aol.com >,<abarber51@aol.com>,<abarberino@aol.com>,<abarbu to@bu.edu>,<abaldwin@centralcarolinasoil.com>,<aba rgerhuff@dallergreenberg.com>,<abarbour@du.edu>,<a ballard@gassville.com>,<aballagh@georgiasouthern.e du>,<aballroy@hotmail.com>,<abander@hotmail.com>,< abarger1@hotmail.com>,<aba-ptl@mail.abanet.org>,<abarber@massasoit.org>,<abar ak@mscc.huji.uc.ils>,<abarcenasjr@msn.com>,<abarbe tt@neo.rr.com>,<abarchetto@njm.com>,<aban.ltd@pars online.net>,<abanister@quantumhydraulic.com>,<aban calari@restaurantassociates.com>,<aball@statesman. com>,<abarbee@txculturaltrust.org>,<aballen1@veriz on.net>,<abana@yahoo.com>,<abaquel@yahoo.com>
Jul 24 06:15:48 dmrmail02 postfix/smtpd[29410]: disconnect from mail.spgglobal.net[206.108.180.69]
Jul 24 06:15:50 dmrmail02 postfix/smtpd[29410]: connect from mail.spgglobal.net[206.108.180.69]
Jul 24 06:15:50 dmrmail02 saslauthd[17075]: zmauth: authenticating against elected url 'https://dmrmail02.poboxdmr.com:7071/service/admin/soap/' ...
Jul 24 06:15:50 dmrmail02 saslauthd[17075]: zmpost: url='https://dmrmail02.poboxdmr.com:7071/service/admin/soap/' returned buffer->data='<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Header><context xmlns="urn:zimbra"><change token="12435"/></context></soap:Header><soap:Body><AuthResponse xmlns="urn:zimbraAccount"><authToken>0_e74a69b8532 66abe565059ef249ee4db27685445_69643d33363a31343939 373931312d666537312d346237312d626538642d6232386166 663963353766623b6578703d31333a31323137303738313530 3933373b747970653d363a7a696d6272613b6d61696c686f73 743d31353a36392e32382e3130382e32393a38303b</authToken><lifetime>172800000</lifetime><skin>sand</skin></AuthResponse></soap:Body></soap:Envelope>', hti->error=''
Jul 24 06:15:50 dmrmail02 saslauthd[17075]: auth_zimbra: contact auth OK
Jul 24 06:15:51 dmrmail02 postfix/smtpd[29410]: A1CD998A41AC: client=mail.spgglobal.net[206.108.180.69], sasl_method=LOGIN, sasl_username=xxxxxx
Jul 24 06:15:53 dmrmail02 postfix/smtpd[29417]: initializing the server-side TLS engine
Jul 24 06:15:53 dmrmail02 postfix/smtpd[29417]: connect from localhost[127.0.0.1]
Jul 24 06:15:53 dmrmail02 postfix/smtpd[29417]: 3065A98A41B5: client=localhost[127.0.0.1]
Jul 24 06:15:53 dmrmail02 postfix/cleanup[29418]: 3065A98A41B5: message-id=<20080724131545.4325D98A40FF@dmrmail02.poboxdmr .com>
Jul 24 06:15:53 dmrmail02 postfix/smtpd[29417]: disconnect from localhost[127.0.0.1]
Jul 24 06:15:53 dmrmail02 postfix/qmgr[17045]: 3065A98A41B5: from=<refunds@irs.gov>, size=3851, nrcpt=30 (queue active)
Jul 24 06:15:53 dmrmail02 amavis[15020]: (15020-13) FWD via SMTP: <refunds@irs.gov> -> <abamedia@abamedia.com>,<abana@abana.org>,<aballag @airweb2.org>,<abaret1@aisd.net>,<abandler@aol.com >,<abarber51@aol.com>,<abarberino@aol.com>,<abarbu to@bu.edu>,<abaldwin@centralcarolinasoil.com>,<aba rgerhuff@dallergreenberg.com>,<abarbour@du.edu>,<a ballard@gassville.com>,<aballagh@georgiasouthern.e du>,<aballroy@hotmail.com>,<abander@hotmail.com>,< abarger1@hotmail.com>,<aba-ptl@mail.abanet.org>,<abarber@massasoit.org>,<abar ak@mscc.huji.uc.ils>,<abarcenasjr@msn.com>,<abarbe tt@neo.rr.com>,<abarchetto@njm.com>,<aban.ltd@pars online.net>,<abanister@quantumhydraulic.com>,<aban calari@restaurantassociates.com>,<aball@statesman. com>,<abarbee@txculturaltrust.org>,<aballen1@veriz on.net>,<abana@yahoo.com>,<abaquel@yahoo.com>,BODY =7BIT 250 2.6.0 Ok, id=15020-13, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 3065A98A41B5
Jul 24 06:15:53 dmrmail02 amavis[15020]: (15020-13) Passed CLEAN, [206.108.180.69] [206.108.180.69] <refunds@irs.gov> -> <abamedia@abamedia.com>,<abana@abana.org>,<aballag @airweb2.org>,<abaret1@aisd.net>,<abandler@aol.com >,<abarber51@aol.com>,<abarberino@aol.com>,<abarbu to@bu.edu>,<abaldwin@centralcarolinasoil.com>,<aba rgerhuff@dallergreenberg.com>,<abarbour@du.edu>,<a ballard@gassville.com>,<aballagh@georgiasouthern.e du>,<aballroy@hotmail.com>,<abander@hotmail.com>,< abarger1@hotmail.com>,<aba-ptl@mail.abanet.org>,<abarber@massasoit.org>,<abar ak@mscc.huji.uc.ils>,<abarcenasjr@msn.com>,<abarbe tt@neo.rr.com>,<abarchetto@njm.com>,<aban.ltd@pars online.net>,<abanister@quantumhydraulic.com>,<aban calari@restaurantassociates.com>,<aball@statesman. com>,<abarbee@txculturaltrust.org>,<aballen1@veriz on.net>,<abana@yahoo.com>,<abaquel@yahoo.com>, Message-ID: <20080724131545.4325D98A40FF@dmrmail02.poboxdmr.co m>, mail_id: O2Nls-TF+QjH, Hits: 6.431, size: 3131, queued_as: 3065A98A41B5, 4412 ms
Jul 24 06:15:53 dmrmail02 postfix/smtp[29414]: 4325D98A40FF: to=<abamedia@abamedia.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=8.1, delays=3.7/0.01/0/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 3065A98A41B5)
Jul 24 06:15:53 dmrmail02 postfix/smtp[29414]: 4325D98A40FF: to=<abana@abana.org>, relay=127.0.0.1[127.0.0.1]:10024, delay=8.1, delays=3.7/0.01/0/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 3065A98A41B5)
Jul 24 06:15:53 dmrmail02 postfix/smtp[29414]: 4325D98A40FF: to=<aballag@airweb2.org>, relay=127.0.0.1[127.0.0.1]:10024, delay=8.1, delays=3.7/0.01/0/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 3065A98A41B5)
Jul 24 06:15:53 dmrmail02 postfix/smtp[29414]: 4325D98A40FF: to=<abaret1@aisd.net>, relay=127.0.0.1[127.0.0.1]:10024, delay=8.1, delays=3.7/0.01/0/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 3065A98A41B5)
Jul 24 06:15:53 dmrmail02 postfix/smtp[29414]: 4325D98A40FF: to=<abandler@aol.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=8.1, delays=3.7/0.01/0/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 3065A98A41B5)
Jul 24 06:15:53 dmrmail02 postfix/smtp[29414]: 4325D98A40FF: to=<abarber51@aol.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=8.1, delays=3.7/0.01/0/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 3065A98A41B5)
Jul 24 06:15:53 dmrmail02 postfix/smtp[29414]: 4325D98A40FF: to=<abarberino@aol.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=8.1, delays=3.7/0.01/0/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 3065A98A41B5)
Jul 24 06:15:53 dmrmail02 postfix/smtp[29414]: 4325D98A40FF: to=<abarbuto@bu.edu>, relay=127.0.0.1[127.0.0.1]:10024, delay=8.1, delays=3.7/0.01/0/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 3065A98A41B5)
Jul 24 06:15:53 dmrmail02 postfix/smtp[29414]: 4325D98A40FF: to=<abaldwin@centralcarolinasoil.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=8.1, delays=3.7/0.01/0/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 3065A98A41B5)
Jul 24 06:15:53 dmrmail02 postfix/smtp[29414]: 4325D98A40FF: to=<abargerhuff@dallergreenberg.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=8.1, delays=3.7/0.01/0/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 3065A98A41B5)
Jul 24 06:15:53 dmrmail02 postfix/smtp[29414]: 4325D98A40FF: to=<abarbour@du.edu>, relay=127.0.0.1[127.0.0.1]:10024, delay=8.1, delays=3.7/0.01/0/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 3065A98A41B5)
Jul 24 06:15:53 dmrmail02 postfix/smtp[29414]: 4325D98A40FF: to=<aballard@gassville.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=8.1, delays=3.7/0.01/0/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 3065A98A41B5)
Jul 24 06:15:53 dmrmail02 postfix/smtp[29414]: 4325D98A40FF: to=<aballagh@georgiasouthern.edu>, relay=127.0.0.1[127.0.0.1]:10024, delay=8.1, delays=3.7/0.01/0/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 3065A98A41B5)
Jul 24 06:15:53 dmrmail02 postfix/smtp[29414]: 4325D98A40FF: to=<aballroy@hotmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=8.1, delays=3.7/0.01/0/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 3065A98A41B5)
Jul 24 06:15:53 dmrmail02 postfix/smtp[29414]: 4325D98A40FF: to=<abander@hotmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=8.1, delays=3.7/0.01/0/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 3065A98A41B5)
Jul 24 06:15:53 dmrmail02 postfix/smtp[29414]: 4325D98A40FF: to=<abarger1@hotmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=8.1, delays=3.7/0.01/0/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 3065A98A41B5)
Jul 24 06:15:53 dmrmail02 postfix/smtp[29414]: 4325D98A40FF: to=<aba-ptl@mail.abanet.org>, relay=127.0.0.1[127.0.0.1]:10024, delay=8.1, delays=3.7/0.01/0/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 3065A98A41B5)
Jul 24 06:15:53 dmrmail02 postfix/smtp[29414]: 4325D98A40FF: to=<abarber@massasoit.org>, relay=127.0.0.1[127.0.0.1]:10024, delay=8.1, delays=3.7/0.01/0/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 3065A98A41B5)

It goes on and on and on. Thousands of messages. I've cleared my queue of the 1000's of messages at this point and am running normal as of now. I've received messages from Verizon, AOL, and others informing me that I've been blacklisted. Crap. Doing damage control now. Can anyone help me figure out how this happened, and how to prevent it in the future.

In the logs posted above, I did change the login=xxxxxx from the login name that was in the logs. Other than that, this is what the logs show. Is this simply a case of a compromised password? Thank you for any help you can provide.