Small amount of spam still routed through server and another problem with spam

[Josh Cason]

I have two problems. I built a new postfix e-mail system that worked  
great for about 1 year. Then I started getting spam that comes into  
our system as one msg and is then routed out to mutiple e-mail  
addresses like aol.com. I have since update my postfix config file to  
block even more spam and in some cases it worked. Example: I limited  
the amount of mutiple e-mail receipents. But nothing have done changed  
this problem. The end results is we have messages blocked up in our  
e-mail queue (from being undelivered) and if there is say 5 incomming  
messages. Then we are probably get blacklisted someplace due to like  
100+ to go out. Now my attempts have showed some results in over all  
spam. The first time it happened I got black listed in 20-30 different  
lists / providers. Now with all the rules. I'm down to maybe one  
blacklist when this happens. Yet the problem still exists (about  
weekly with or without being added to a blacklist). I ran all the open  
relay test
with program that are legal and for eduational purpose only. They all  
come back failed. Unable to send NOT open relay. The next problem is  
I'm getting the to/from same users on our system. I found a page on  
how to deal with this. Real world example. But I'm unable to find the  
page to put the rules back in. I think it went under header checks. If  
you can point in the right direction. That would be great. Enclosed is  
my postfix config file. I xxx the ip numbers out. I use mysql,  
dovecot, postfix (virtual with mutiple domains), postfixadmin,  
pop-before-stmp, and mailscanner (this ofcourse works with clamav and  
spamassasian). I did read about some kind of access list saying  
x...@xxx.xxx is okay for a mysql field. But when I checked my mysql  
table. This is not in the list. So I can't match it to any other  
field. I would assume that mysql under virtual is enough to say hey if  
you don't match x...@xxx.xxx then don't do anything.

Thanks,
Josh

(below is my postfix config file)(kinda messed up abit because of what  
I used to copy it)

alias_maps = hash:/etc/aliases
allow_percent_hack = no
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
delay_warning_time = 4h
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/header_checks
html_directory = /usr/share/doc/postfix-2.4.7-documentation/html
inet_interfaces = localhost, xxx.xx.x.xxx (removed for security)
invalid_hostname_reject_code = 554
local_recipient_maps = $virtual_mailbox_maps
local_transport = virtual
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 8000s
maximal_queue_lifetime = 7d
message_size_limit = 25600000
minimal_backoff_time = 1000s
multi_recipient_bounce_reject_code = 554
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = $config_directory/mynetworks
newaliases_path = /usr/bin/newaliases.postfix
non_fqdn_reject_code = 554
notify_classes = resource,software
proxy_read_maps = $local_recipient_maps                      
$mydestination                     $virtual_alias_maps                  
    $virtual_alias_domains                     $virtual_mailbox_maps   
                   $virtual_mailbox_domains                      
$relay_recipient_maps                     $relay_domains                
      $canonical_maps                     $sender_canonical_maps       
               $recipient_canonical_maps                      
$relocated_maps                     $transport_maps                     
 $mynetworks                     $virtual_mailbox_limit_maps
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.4.7-documentation/readme
recipient_delimiter =
relay_domains = proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf
relay_domains_reject_code = 554
relay_recipient_maps = mysql:/etc/postfix/mysql_relay_recipient_maps.cf
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_helo_timeout = 60s
smtpd_client_restrictions = permit_mynetworks,    check_client_access  
hash:/etc/postfix/access,    check_client_access  
hash:/etc/postfix/pop-before-smtp,    reject_unknown_client,     
reject_rbl_client sbl.spamhaus.org,     reject_rbl_client  
dnsbl.njabl.org,    reject_unauth_destination
smtpd_data_restrictions = reject_unauth_pipelining,     
reject_multi_recipient_bounce,    permit
smtpd_delay_reject = yes
smtpd_error_sleep_time = 20s
smtpd_hard_error_limit = 12
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,         
regexp:/etc/postfix/helo.regexp,        permit
smtpd_junk_command_limit = 2
smtpd_recipient_limit = 30
smtpd_recipient_restrictions = check_client_access  
hash:/etc/postfix/pop-before-smtp,    check_client_access  
hash:/etc/postfix/access,    reject_non_fqdn_recipient,     
reject_unlisted_recipient,    reject_unknown_sender_domain,     
reject_unverified_sender,    reject_multi_recipient_bounce,      
reject_invalid_hostname,        reject_unknown_recipient_domain,        
 reject_unauth_pipelining,        permit_mynetworks,         
permit_sasl_authenticated,        reject_unauth_destination,         
reject_rbl_client multi.uribl.com,        reject_rbl_client  
dsn.rfc-ignorant.org,        reject_rbl_client dul.dnsbl.sorbs.net,     
    reject_rbl_client sbl-xbl.spamhaus.org,        reject_rbl_client  
bl.spamcop.net,        reject_rbl_client dnsbl.sorbs.net,         
reject_rbl_client cbl.abuseat.org,        reject_rbl_client  
ix.dnsbl.manitu.net,        reject_rbl_client combined.rbl.msrbl.net,   
      reject_rbl_client rabl.nuclearelephant.com
smtpd_sender_restrictions = permit_mynetworks,    check_sender_access  
hash:/etc/postfix/sender_access,    reject_non_fqdn_sender,      
reject_unknown_sender_domain,    reject_unauth_pipelining,    permit
smtpd_soft_error_limit = 3
strict_rfc821_envelopes = yes
swap_bangpath = no
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 450
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_create_maildirsize = yes
virtual_gid_maps = static:12
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains =  
proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 25600000
virtual_mailbox_limit_maps =  
proxy:mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_maildir_limit_message = Sorry, the user's maildir has  
overdrawn his diskspace quota,
virtual_minimum_uid = 150
virtual_uid_maps = static:150




--
This message has been scanned for viruses and
dangerous content by Mychoice, and is
believed to be clean.