On 2013/02/26 4:59 PM, Deeztek.com Support wrote:
in your /etc/hosts file if you were to change it to the actual
servername.domain.tld of your server, then the log should report the
actual server name vs. localhost.localdomain. I would unblock the IP
address and see if the same thing happens and this time look for
suspicious processes in your box.
I unblocked the IP and the problem came back.
Is you outbound traffic on your firewall filtered or is everything
allowed outbound?
Everything is allowed outbound.
Also maybe look at the type of traffic going back and forth with that
suspicious IP to hopefully determine what's going on (snort?). This
doesn't seem like a postfix issue any longer.
Thanks for your help. I will look at it further, but I am pretty certain
that our machine isn't compromised.
