Hello everyone,

I'm trying to track down how emails are being sent from my server when the following is setup

(Version = Release 7.1.4_GA_2555.RHEL5_64_20120105094627 RHEL5_64 FOSS edition)

For Global Settings->MTA I have:
  • (Authentication) Enable Authentication: TRUE
  • (Protocol Checks) Sender Address must be fully qualified: TRUE
  • (DNS Checks) Client's IP Address (reject_invalid_hostname): TRUE
  • (DNS Checks) Hostname in greeting (reject_unknown_hostname): TRUE
  • (DNS Checks) Sender's Domain (reject_unknown_sender_domain): TRUE


I am seeing the following in my daily reports:
Code:
Host/Domain Summary: Messages Received (top 50) msg cnt   bytes   host/domain
 -------- -------  -----------
   4536      902m  mydomain.org
   1352    29082k  localhost.localdomain
    396    27273k  gmail.com
    166     3560k  bounce.mkt1808.com
    160      888k  discoveralltech.info
    143     5057k  in.constantcontact.com
    136    66435k  whalebacksystems.net
    116      670k  skyisthelimitnow.com
     98     2834k  bounce.linkedin.com
     96      534k  deathmon-days.biz
     94      519k  marchmon-days.biz
     93   520101   ordermon-days.biz
     92   515172   electmon-days.biz
     91   507529   oasismon-days.biz
     88   501119   rumormon-days.biz
     88   500550   painsmon-days.biz
     88   500008   shapemon-days.biz
     87   492443   scopemon-days.biz
     86     2263k  yahoo.com
     84   486637   mommymon-days.biz
     80   450814   lobbymon-days.biz
     80   276130   newandgentlyloved.com
     77   433870   geniemon-days.biz
     74   423276   aislemon-days.biz
     69   384931   linenmon-days.biz
     68   397523   milanmon-days.biz
     67      604k  barbayer.com
     66   376441   checkmon-days.biz
     64   370025   rivalmon-days.biz
     63      892k  hotmail.com
     60   343059   widthmon-days.biz
     57   339448   tokenmon-days.biz
     56   351030   larchmon-days.biz
     55   318755   spainmon-days.biz
     55   308054   swissmon-days.biz
     54      525k  alerts.bounces.google.com
     51   199152   ragdebreem.com
     46      872k  aol.com
     44   287495   grindmon-days.biz
     44   255922   hatchmon-days.biz
     44   254535   bravamon-days.biz
     44   250260   juicemon-days.biz
     44   249802   dandymon-days.biz
     44   249429   faithmon-days.biz
     44   249307   benchmon-days.biz
     44   249254   spermmon-days.biz
     44   249096   deucemon-days.biz
     44   248869   capermon-days.biz
     44   248610   flamemon-days.biz
     43   250699   shademon-days.biz
Now, some of these senders are legit.. but all those mon-days.biz ones are not. I'm trying to figure out HOW they are sending their emails through my server. I've gone through the following logs:
mailbox.log (GREP'ing on LmtpServer-15915)
Code:
2013-07-15 06:42:05,912 INFO  [LmtpServer-15915] [ip=192.168.1.54;] lmtp - Delivering message: size=6100 bytes, nrcpts=1, sender=Info@deathmon-days.biz, msgid=<4264608701283242647144240385@cbd7f.deathmon-days.biz>
2013-07-15 06:42:05,913 INFO  [LmtpServer-15915] [name=ramdasslibrary@mydomain.com;mid=400;ip=192.168.1.54;] mailop - Adding Message: id=38122, Message-ID=<4264608701283242647144240385@cbd7f.deathmon-days.biz>, parentId=-1, folderId=4, folderName=Junk.
2013-07-15 06:42:05,936 INFO  [LmtpServer-15915] [] ProtocolHandler - Handler exiting normally
2013-07-15 06:42:09,730 INFO  [LmtpServer-15915] [ip=192.168.1.54;] lmtp - Delivering message: size=6018 bytes, nrcpts=1, sender=Info@deathmon-days.biz, msgid=<4264608451029642647144240385@cbd7f.deathmon-days.biz>
2013-07-15 06:42:09,732 INFO  [LmtpServer-15915] [name=jeanl@mydomain.com;mid=404;ip=192.168.1.54;] mailop - Adding Message: id=195326, Message-ID=<4264608451029642647144240385@cbd7f.deathmon-days.biz>, parentId=-1, folderId=4, folderName=Junk.
2013-07-15 06:42:09,773 INFO  [LmtpServer-15915] [name=jeanl@mydomain.com;mid=404;ip=192.168.1.54;] mailbox - outofoffice not sent (in spam) mid=195326 rcpt='jeanl@mydomain.com'
2013-07-15 06:42:09,774 INFO  [LmtpServer-15915] [] ProtocolHandler - Handler exiting normally
2013-07-15 06:42:09,820 INFO  [LmtpServer-15915] [ip=192.168.1.54;] lmtp - Delivering message: size=6069 bytes, nrcpts=1, sender=Info@hatchmon-days.biz, msgid=<4265608741342442657144240385@r4ys8pe.hatchmon-days.biz>
2013-07-15 06:42:09,821 INFO  [LmtpServer-15915] [name=roseh@mydomain.com;mid=417;ip=192.168.1.54;] mailop - Adding Message: id=120948, Message-ID=<4265608741342442657144240385@r4ys8pe.hatchmon-days.biz>, parentId=-1, folderId=4, folderName=Junk.
2013-07-15 06:42:09,844 INFO  [LmtpServer-15915] [name=roseh@mydomain.com;mid=417;ip=192.168.1.54;] mailbox - outofoffice not sent (in spam) mid=120948 rcpt='roseh@mydomain.com'
2013-07-15 06:42:11,900 INFO  [LmtpServer-15915] [name=roseh@mydomain.com;mid=417;ip=192.168.1.54;] lmtp - disconnected without quit
2013-07-15 06:42:11,900 INFO  [LmtpServer-15915] [] ProtocolHandler - Handler exiting normally
2013-07-15 06:42:13,696 INFO  [LmtpServer-15915] [ip=192.168.1.54;] lmtp - Delivering message: size=6043 bytes, nrcpts=1, sender=Info@hatchmon-days.biz, msgid=<42656010600424042657144240385@r4ys8pe.hatchmon-days.biz>
2013-07-15 06:42:13,698 INFO  [LmtpServer-15915] [name=adams@mydomain.com;mid=408;ip=192.168.1.54;] mailop - Adding Message: id=246345, Message-ID=<42656010600424042657144240385@r4ys8pe.hatchmon-days.biz>, parentId=-1, folderId=4, folderName=Junk.
2013-07-15 06:42:13,706 INFO  [LmtpServer-15915] [] ProtocolHandler - Handler exiting normally
2013-07-15 06:42:13,750 INFO  [LmtpServer-15915] [ip=192.168.1.54;] lmtp - Delivering message: size=9396 bytes, nrcpts=1, sender=Info@hatchmon-days.biz, msgid=<4265608569622342657144240385@r4ys8pe.hatchmon-days.biz>
2013-07-15 06:42:13,752 INFO  [LmtpServer-15915] [name=brettb@mydomain.com;mid=419;ip=192.168.1.54;] mailop - Adding Message: id=152187, Message-ID=<4265608569622342657144240385@r4ys8pe.hatchmon-days.biz>, parentId=-1, folderId=4, folderName=Junk.
2013-07-15 06:42:13,757 INFO  [LmtpServer-15915] [name=brettb@mydomain.com;mid=419;ip=192.168.1.54;] mailbox - outofoffice not sent (in spam) mid=152187 rcpt='brettb@mydomain.com'
2013-07-15 06:42:15,791 INFO  [LmtpServer-15915] [name=brettb@mydomain.com;mid=419;ip=192.168.1.54;] lmtp - disconnected without quit
2013-07-15 06:42:15,791 INFO  [LmtpServer-15915] [] ProtocolHandler - Handler exiting normally
2013-07-15 06:42:26,202 INFO  [LmtpServer-15915] [ip=192.168.1.54;] lmtp - Delivering message: size=6018 bytes, nrcpts=1, sender=bounce-40795-16093795799-michaelc=mydomain.com@fambas.com, msgid=<20130715104222.2356922A0002@zimbra.mydomain.com>
2013-07-15 06:42:26,204 INFO  [LmtpServer-15915] [name=michaelc@mydomain.com;mid=364;ip=192.168.1.54;] mailop - Adding Message: id=927129, Message-ID=<20130715104222.2356922A0002@zimbra.mydomain.com>, parentId=-1, folderId=2, folderName=Inbox.
2013-07-15 06:42:26,218 INFO  [LmtpServer-15915] [name=michaelc@mydomain.com;mid=364;ip=192.168.1.54;] mailbox - outofoffice not sent (until date reached) mid=927129 rcpt='michaelc@mydomain.com'
2013-07-15 06:42:26,218 INFO  [LmtpServer-15915] [] ProtocolHandler - Handler exiting normally
2013-07-15 06:42:28,808 INFO  [LmtpServer-15915] [ip=192.168.1.54;] lmtp - Delivering message: size=6133 bytes, nrcpts=1, sender=Info@hatchmon-days.biz, msgid=<4265608457992242657144240385@r4ys8pe.hatchmon-days.biz>
2013-07-15 06:42:28,809 INFO  [LmtpServer-15915] [name=rcbackus@mydomain.com;mid=361;ip=192.168.1.54;] mailop - Adding Message: id=635124, Message-ID=<4265608457992242657144240385@r4ys8pe.hatchmon-days.biz>, parentId=-1, folderId=4, folderName=Junk.
2013-07-15 06:42:28,825 INFO  [LmtpServer-15915] [] ProtocolHandler - Handler exiting normally
2013-07-15 06:42:59,365 INFO  [LmtpServer-15915] [ip=192.168.1.54;] lmtp - Delivering message: size=7279 bytes, nrcpts=1, sender=vremechkoforfistface@mail.ru, msgid=<480269725.20130715572510@mail.ru>
2013-07-15 06:42:59,388 INFO  [LmtpServer-15915] [name=pac@mydomain.com;mid=365;ip=192.168.1.54;] index - IndexDeferredItems(null, 302281): Deferred count out of sync - found=18 in progress=0 (deferred count=20)
2013-07-15 06:42:59,738 INFO  [LmtpServer-15915] [name=pac@mydomain.com;mid=365;ip=192.168.1.54;] index - Deferred Indexing: submitted 18 items in 372ms (48.39/sec). (0 items failed to index). IndexDeferredCount now at 18 NumNotSubmitted= 0
2013-07-15 06:42:59,742 INFO  [LmtpServer-15915] [name=pac@mydomain.com;mid=365;ip=192.168.1.54;] mailop - Adding Message: id=166581, Message-ID=<480269725.20130715572510@mail.ru>, parentId=-1, folderId=2, folderName=Inbox.
2013-07-15 06:42:59,750 INFO  [LmtpServer-15915] [name=pac@mydomain.com;mid=365;ip=192.168.1.54;] mailbox - outofoffice not sent (until date reached) mid=166581 rcpt='pac@mydomain.com'
2013-07-15 06:42:59,750 INFO  [LmtpServer-15915] [] ProtocolHandler - Handler exiting normally
2013-07-15 06:43:22,130 INFO  [LmtpServer-15915] [ip=192.168.1.54;] lmtp - Delivering message: size=6004 bytes, nrcpts=1, sender=Info@shapemon-days.biz, msgid=<4262608652816242627144240385@6n7mwi.shapemon-days.biz>
2013-07-15 06:43:22,131 INFO  [LmtpServer-15915] [name=georgek@mydomain.com;mid=450;ip=192.168.1.54;] mailop - Adding Message: id=253856, Message-ID=<4262608652816242627144240385@6n7mwi.shapemon-days.biz>, parentId=-1, folderId=4, folderName=Junk.
2013-07-15 06:43:22,155 INFO  [LmtpServer-15915] [name=georgek@mydomain.com;mid=450;ip=192.168.1.54;] mailbox - outofoffice not sent (in spam) mid=253856 rcpt='georgek@mydomain.com'
2013-07-15 06:43:22,156 INFO  [LmtpServer-15915] [] ProtocolHandler - Handler exiting normally
2013-07-15 06:43:26,088 INFO  [LmtpServer-15915] [ip=192.168.1.54;] lmtp - Delivering message: size=6037 bytes, nrcpts=1, sender=Info@shapemon-days.biz, msgid=<4262608469920442627144240385@6n7mwi.shapemon-days.biz>
2013-07-15 06:43:26,088 INFO  [LmtpServer-15915] [name=randim@mydomain.com;mid=462;ip=192.168.1.54;] mailop - Adding Message: id=895525, Message-ID=<4262608469920442627144240385@6n7mwi.shapemon-days.biz>, parentId=-1, folderId=4, folderName=Junk.
2013-07-15 06:43:26,097 INFO  [LmtpServer-15915] [name=randim@mydomain.com;mid=462;ip=192.168.1.54;] mailbox - outofoffice not sent (in spam) mid=895525 rcpt='randim@mydomain.com'
2013-07-15 06:43:26,097 INFO  [LmtpServer-15915] [] ProtocolHandler - Handler exiting normally
2013-07-15 06:43:41,330 INFO  [LmtpServer-15915] [ip=192.168.1.54;] lmtp - Delivering message: size=5957 bytes, nrcpts=1, sender=Info@marchmon-days.biz, msgid=<4261608609712342617144240385@7gdm1qtfz.marchmon-days.biz>
2013-07-15 06:43:41,331 INFO  [LmtpServer-15915] [name=jr@mydomain.com;mid=355;ip=192.168.1.54;] mailop - Adding Message: id=77655, Message-ID=<4261608609712342617144240385@7gdm1qtfz.marchmon-days.biz>, parentId=-1, folderId=4, folderName=Junk.
2013-07-15 06:43:41,341 INFO  [LmtpServer-15915] [] ProtocolHandler - Handler exiting normally
2013-07-15 06:43:45,260 INFO  [LmtpServer-15915] [ip=192.168.1.54;] lmtp - Delivering message: size=6041 bytes, nrcpts=1, sender=Info@marchmon-days.biz, msgid=<4261608451029642617144240385@7gdm1qtfz.marchmon-days.biz>
2013-07-15 06:43:45,261 INFO  [LmtpServer-15915] [name=jeanl@mydomain.com;mid=404;ip=192.168.1.54;] mailop - Adding Message: id=195329, Message-ID=<4261608451029642617144240385@7gdm1qtfz.marchmon-days.biz>, parentId=-1, folderId=4, folderName=Junk.
2013-07-15 06:43:45,285 INFO  [LmtpServer-15915] [name=jeanl@mydomain.com;mid=404;ip=192.168.1.54;] mailbox - outofoffice not sent (in spam) mid=195329 rcpt='jeanl@mydomain.com'
2013-07-15 06:43:45,285 INFO  [LmtpServer-15915] [] ProtocolHandler - Handler exiting normally
(* Continuation in next message due to size limits *)