Hi, My server recently been temporarily shut down by my ISP because it seem it is sending a lot of spam and I can't find the source. The mail.log shows nothing wrong. I have created a script to log the phpmail and there's also nothing wrong. I always keep an ssh "tail -f /var/www/mail.log" open to see the activity and it all looks normal. The server was built based on "The Perfect Server - Ubuntu 12.04 LTS (nginx, BIND, Dovecot, ISPConfig 3)" and some customizations for varnish, memcached, spdy and pagespeed. Not an open relay. Mailqueue (postqueue -p) is empty all the time. I'm using SSL and DKIM for clients that have email accounts, don't know if it can help. I searched the web a lot and this forum too, but still can't find what is causing this. There was A LOT of this in my mail.warn and I blocked this IP yesterday so I'm waiting the current day log on senderbase.org Code: Jul 8 18:37:47 orion postfix/smtpd: warning: unknown[126.96.36.199]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 8 18:38:28 orion postfix/smtpd: warning: hostname hosted-by.hostgrad.ru does not resolve to address 188.8.131.52: Name or service not known PLEASE! I would really appreciate your help on this. Tell me if you need anything else. In advance: Thank you for your help and time! I'm putting the main.cf , master.cf and postconf -d|grep mynetworks in a follow up because of the 10000 caracters limit.