Hi guys, first post here, so sorry if this is in the wrong place.
I have multiple clients with their own domains, and a sendmail server that is only used to forward email addresses, for example, in my virtusertable,
bob@bobsdomain.com bobsemailaddress@gmail.com
The MX records point to this server, and the server should only be performing these forwards, however, I appear to be a spambot (emails are going out that do not appear to originate from my domains).
I have used multiple tools online to verify that I am not an open relay, only ports 22 and 25 are open on my firewall, and I have ensured that none of the users have a shell on the system.
I've been verifying some of my outgoing spam by watching /var/spool/mqueue fill up and checking some of the messages.
The only way I've found to prevent this spam from going out has been to remove /etc/mail/local-host-names (which I've verified only has domains that belong to my users in it). I've attempted to remove domains from this file one at a time to see if I can spot one that is causing issues, but the problem seems to appear sporadically with that.
Sorry for the long post, but I want to be sure I've posted all the things I've tried. Thanks!