spammer seems to be relaying mails through my server ... i need help

hi
i hope this is the right section to post this topic. its not a problem with postfix.
in short it apears that i now have a spammer finding a way to relay spam through my server.
the first block of the quote below is from mail.log and the second half is a snippet from main.cf

how can i stop this spammer or/and any other spammer that would use this sort of method to send mails.
my details in the signature is correct
so in the meantime i have shutdown postfix as i dont want my server to be branded as a spam sender

thanks in advance

Quote

a SNIP FROM MAIL.LOG

Nov 19 20:03:16 servename postfix/anvil[8442]: statistics: max cache size 1 at Nov 19 19:59:53
Nov 19 20:14:56 servename postfix/smtpd[8495]: connect from mail11.atl161.mcsv.net[198.2.138.11]
Nov 19 20:15:04 servename postfix/policyd-weight[4597]: decided action=PREPEND X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 IPv6_RBL=ERR(0) (only DNSBL check requested); <client=198.2.138.11> <helo=mail11.atl161.mcsv.net> <from=bounce-mc.us4_8572769.848385-email=mydomain.[email protected]> <[email protected]>; delay: 7s
Nov 19 20:15:04 servename postgrey[2720]: action=pass, reason=triplet found, delay=908, client_name=mail11.atl161.mcsv.net, client_address=198.2.138.11, sender=bounce-mc.us4_8572769.848385-emai=mydomain.[email protected], [email protected]
Nov 19 20:15:04 servename postfix/smtpd[8495]: 2B9C0151BF: client=mail11.atl161.mcsv.net[198.2.138.11]
Nov 19 20:15:04 servename postfix/cleanup[8501]: 2B9C0151BF: message-id=<5a3e91b1ae79e319b8f678731a482c4a1cf.20141119185925@mail11.atl161.mcsv.net>
Nov 19 20:15:04 servename postfix/qmgr[3049]: 2B9C0151BF: from=<bounce-mc.us4_8572769.848385-emai=mydomain.[email protected]>, size=21005, nrcpt=2 (queue active)
Nov 19 20:15:04 servename postfix/virtual[8503]: 2B9C0151BF: to=<[email protected]>, relay=virtual, delay=7.7, delays=7.7/0.01/0/0, dsn=2.0.0, status=sent (delivered to maildir)
Nov 19 20:15:04 servename postfix/smtpd[8495]: disconnect from mail11.atl161.mcsv.net[198.2.138.11]
Nov 19 20:15:05 servename postfix/smtp[8502]: 2B9C0151BF: to=<[email protected]>, orig_to=<[email protected]>, relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c05::1a]:25, delay=8.4, delays=7.7/0.01/0.15/0.51, dsn=2.0.0, status=sent (250 2.0.0 OK 1416424505 g4si108916wjw.50 - gsmtp)
Nov 19 20:15:05 servename postfix/qmgr[3049]: 2B9C0151BF: removed
Nov 19 20:18:24 servename postfix/anvil[8496]: statistics: max connection rate 1/60s for (smtp:198.2.138.11) at Nov 19 20:14:56
Nov 19 20:18:24 servename postfix/anvil[8496]: statistics: max connection count 1 for (smtp:198.2.138.11) at Nov 19 20:14:56
Nov 19 20:18:24 servename postfix/anvil[8496]: statistics: max cache size 1 at Nov 19 20:14:56

FROM MAIN.CF ............................

# SASL parameters
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes

smtpd_helo_required = yes

smtpd_helo_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname

smtpd_sender_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit_mynetworks,
check_sender_access hash:/etc/postfix/sender_access,
permit_sasl_authenticated

smtpd_recipient_restrictions = reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unlisted_recipient,
reject_unknown_recipient_domain,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
permit_mynetworks,
check_sender_access hash:/etc/postfix/sender_access,
permit_sasl_authenticated

smtpd_recipient_restrictions = reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unlisted_recipient,
reject_unknown_recipient_domain,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unauth_pipelining,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client b.barracudacentral.org,
reject_rbl_client dnsbl-1.uceprotect.net,
check_policy_service inet:127.0.0.1:12525,
check_policy_service inet:127.0.0.1:10023,
permit

smtpd_data_restrictions = reject_multi_recipient_bounce,
reject_unauth_pipelining

Display More

May the spammer sends mails via php from a clients website (outdated unsecure software)..?

PS: You really should update imscp...

thanks for the answer Ninos.
ill have to update imscp, i know but this version is running so well for just over a year without problems that im actually scared of upgrading should something break. however its inevitable and must be done.
the really strange thing is. the email "email=mydomain.com" address that is being used is actully my email+my domain.com and what is
incredible is, i have no input boxes for web viewsers to use. eg. no fillin forms + no submit buttons on the site. in my contact page my email address is in text format and its not linked whats so ever.

when i see this "<from=bounce-mc.us4_8572769.848385-email=mydomain.[email protected]> <[email protected]>;"
to me it appears that somehow the spammer is using his email bounce-mc.us4_8572769.848385-+ my email address then sending it to my email address. when i login to my mail client there are no spam mails shown yet postfix flags it has sent.... that really buggles my mind

i know people are using spamassign. is it posible to install spamassign witout breaking imscp in this or latest version?
if spam assign does work then could that stop this spammer, is there a way around it or what do other web hosting techies use to sticky tar
spammers like this

thanks in advance

i think i may have resolved my little mystry situation

i found the part of the domain name".mcsv.net" on this site this site
https://www.organicweb.com.au/…ailchimp-sending-domains/
the site also claims that these mail senders are safe which explains why it passed all the postfix checks.
however from the method that they are using to route mail i think ill be blacklisting all their server sending address

thanks for all the help
time to upgrade