No open relay, but is sending spam?

[TJOsinga]

Hello all,

I have used serveral tools to check wether my mailserver is an open relay, which isn't. The webbased tests (abuse-mail.net, etc) are anonymous, so I also tested if I can send a message using MAIL FROM: as an existing user on my server and RCPT TO: another mail adress of mine. In that case I also get an Relay error. Therefor I asume my server isn't an open relay server.

Nevertheless, I noticed my mail.log contains serveral "connect to"'s. A snippet (grepped only the "connect to"'s):

Aug  8 06:26:12 dedi49 postfix/smtp[18165]: connect to tvb.com[202.126.48.42]: Connection timed out (port 25)
Aug  8 06:26:23 dedi49 postfix/smtp[18220]: connect to aimail4.emirates.net.ae [195.229.241.57]: read timeout (port 25)
Aug  8 06:26:42 dedi49 postfix/smtp[18165]: connect to tvb.com[202.126.48.43]: Connection timed out (port 25)
Aug  8 06:26:53 dedi49 postfix/smtp[18220]: connect to dimail2.emirates.net.ae[213.42.1.73]: Connection timed out (port 25)
Aug  8 06:27:12 dedi49 postfix/smtp[18165]: connect to tvb.com[202.126.48.48]: Connection timed out (port 25)
Aug  8 06:27:23 dedi49 postfix/smtp[18220]: connect to dimail1.emirates.net.ae[213.42.1.72]: Connection timed out (port 25)
Aug  8 06:27:42 dedi49 postfix/smtp[18165]: connect to tvb.com[202.126.48.4]: Connection timed out (port 25)
Aug  8 06:28:12 dedi49 postfix/smtp[18165]: connect to tvb.com[202.126.48.5]: Connection timed out (port 25)

This looks like spam is sent from my server, isn't it? Or is this just normal?

I checked for hacker-scripts using pstree, etc, reading auth.log apache logs, but I can't see traces of hacker-activity.

Could it be that squirrelmail/apache/php contains a bug which makes sending mail possible?

 

[TJOsinga]

In addition to my first post, all spam mails sent from my server are all sent by the system user

http://www-data.

Is it possible to reject all mail coming from

http://www-data

(or any other system user)?