Mass spam

My server is being used as spam for emails, I am getting hundreds of return emails a day that look like the following.

( is my domain)

Does anyone know how to stop this and what is causing it?

Hi. This is the qmail-send program at
I’m afraid I wasn’t able to deliver your message to the following addresses.
This is a permanent error; I’ve given up. Sorry it didn’t work out.
The mailbox on the server is now 100% full. So that you can not continue
to receive mail.
/Mailboksen paa serveren er 100% brugt, og kan derfor ikke modtage din mail.

— Below this line is a copy of the message.

Received: (qmail 22590 invoked by uid 89); 20 Oct 2014 16:56:06 -0000
Received: from unknown (HELO (
by with SMTP; 20 Oct 2014 16:56:06 -0000
X-Greylist: delayed 00:12:01 by SQLgrey-1.7.6
Received: from (unknown [])
by (Postfix) with ESMTP id 2F9E11D82A2
for; Mon, 20 Oct 2014 18:56:01 +0200 (CEST)
Received: from bubo-399d34f802 ([])
by (IceWarp x64) with ESMTP id 201410201844001931
for; Mon, 20 Oct 2014 18:44:00 +0200
Date: Mon, 20 Oct 2014 18:43:59 +0200
From: YahooFinance Canada
Message-ID: 000003d6fa6b0317-6700df67-5782-dcfe-d2a1-eef2d7757c6f-000000@localhost
Subject: New report this evening!
MIME-Version: 1.0
Content-Type: multipart/mixed;
X-SES-Outgoing: 2014.10.20-
X-Skyline-MailScanner-Information: Please contact the ISP for more information
X-Skyline-MailScanner-ID: 2F9E11D82A2.AE348
X-Skyline-MailScanner: Found to be clean
X-Spam-Status: No

Content-Type: multipart/related;

Content-Type: text/plain;charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Check this out
It is traded on the CanadianExchange but that’s ok because it’s about to go=
hit 15 cents before the end of the week. That’s up from a current 6 cents.




Do you see any messages in your outgoing email queue on your server? You can view them by going into Webmin -> Services -> Postfix -> Mail Queue.

If so, seeing the email headers of an email trying to go out would help in identifying it’s source.

In most cases though, either an email account on your server had it’s password guessed, or a website has vulnerable software running that spammers are taking advantage of.