Someone is sending spam from my email server. Does anyone have any suggestions on how to diagnose and fix this issue?

Question

Someone sending spam emails from my email serve and I keep getting email undelivered and bounced back.

My logs for outgoing emails:

Aug 25 13:36:42 mail postfix/smtp[2489070]: 0CE3E1103171: to=<siddhartha_sb@rediffmail.com>, relay=mx.rediffmail.rediff.akadns.net[202.137.234.32]:25, delay=7850, delays=7709/138/1.9/0.68, dsn=2.0.0, status=sent (250 ok 1724593002 qp 26293)
Aug 25 13:36:42 mail postfix/smtp[2489056]: 786901103042: to=<aleksandarlugonja@live.com>, orig_to=<office@tehne-studio.com>, relay=live-com.olc.protection.outlook.com[52.101.73.14]:25, delay=47, delays=0.03/45/0.23/2, dsn=2.6.0, status=sent (250 2.6.0 <20240825133555.786901103042@mail.tehne-studio.com> [InternalId=45397804323911, Hostname=AS4PR08MB8096.eurprd08.prod.outlook.com] 20229 bytes in 0.142, 138.177 KB/sec Queued mail for delivery -> 250 2.1.5)
Aug 25 13:36:43 mail postfix/smtp[2489240]: D84B41103142: to=<beltrame_roberto@hotmail.com>, relay=hotmail-com.olc.protection.outlook.com[52.101.132.29]:25, delay=22727, delays=22586/134/1.5/4.8, dsn=2.6.0, status=sent (250 2.6.0 <20240825131407.D84B41103142@mail.tehne-studio.com> [InternalId=67177583484739, Hostname=MW4PR14MB5303.namprd14.prod.outlook.com] 397937 bytes in 0.843, 460.758 KB/sec Queued mail for delivery)
Aug 25 13:36:43 mail postfix/smtp[2489240]: D84B41103142: to=<durbin8@hotmail.com>, relay=hotmail-com.olc.protection.outlook.com[52.101.132.29]:25, delay=22727, delays=22586/134/1.5/4.8, dsn=2.6.0, status=sent (250 2.6.0 <20240825131407.D84B41103142@mail.tehne-studio.com> [InternalId=67177583484739, Hostname=MW4PR14MB5303.namprd14.prod.outlook.com] 397937 bytes in 0.843, 460.758 KB/sec Queued mail for delivery)
Aug 25 13:36:43 mail postfix/smtp[2489240]: D84B41103142: to=<latero_7@hotmail.com>, relay=hotmail-com.olc.protection.outlook.com[52.101.132.29]:25, delay=22727, delays=22586/134/1.5/4.8, dsn=2.6.0, status=sent (250 2.6.0 <20240825131407.D84B41103142@mail.tehne-studio.com> [InternalId=67177583484739, Hostname=MW4PR14MB5303.namprd14.prod.outlook.com] 397937 bytes in 0.843, 460.758 KB/sec Queued mail for delivery)
Aug 25 13:36:43 mail postfix/smtp[2489239]: 0CE3E1103171: to=<rafaellorenzet@hotmail.com>, relay=hotmail-com.olc.protection.outlook.com[52.101.11.14]:25, delay=7850, delays=7709/137/1/2.8, dsn=2.6.0, status=sent (250 2.6.0 <20240825131416.0CE3E1103171@mail.tehne-studio.com> [InternalId=33225867013575, Hostname=SJ1PR20MB4906.namprd20.prod.outlook.com] 10608 bytes in 0.257, 40.266 KB/sec Queued mail for delivery -> 250 2.1.5)
Aug 25 13:36:43 mail postfix/smtp[2489237]: D50A21103182: to=<exotic@spray.se>, relay=mx2.spray.mail2world.com[204.109.58.90]:25, delay=12796, delays=12655/139/1.3/0.52, dsn=2.0.0, status=sent (250 OK id=1siDQa-000635-7A)
Aug 25 13:36:43 mail postfix/smtp[2489191]: CAE141103220: to=<andre.hesse80@web.de>, relay=mx-ha02.web.de[212.227.17.8]:25, delay=41704, delays=41563/140/0.16/0.17, dsn=2.0.0, status=sent (250 Requested mail action okay, completed: id=1MILTK-1swT1z1WVw-008HMN)
Aug 25 13:36:43 mail postfix/smtp[2489201]: CB21F1102DD4: to=<aleksandarlugonja@live.com>, orig_to=<office@tehne-studio.com>, relay=live-com.olc.protection.outlook.com[52.101.68.37]:25, delay=46, delays=0.01/44/0.22/1.9, dsn=2.6.0, status=sent (250 2.6.0 <20240825133557.CB21F1102DD4@mail.tehne-studio.com> [InternalId=145466247354079, Hostname=PA4PR08MB6318.eurprd08.prod.outlook.com] 23685 bytes in 0.120, 191.470 KB/sec Queued mail for delivery -> 250 2.1.5)
Aug 25 13:36:43 mail postfix/smtp[2489059]: 7BC9D110323C: to=<greewnie@hotmail.com>, relay=hotmail-com.olc.protection.outlook.com[52.101.10.17]:25, delay=26417, delays=26276/135/2.5/3.5, dsn=2.6.0, status=sent (250 2.6.0 <20240825131419.7BC9D110323C@mail.tehne-studio.com> [InternalId=193110319569729, Hostname=AM0P189MB0626.EURP189.PROD.OUTLOOK.COM] 451099 bytes in 0.418, 1052.650 KB/sec Queued mail for delivery)
Aug 25 13:36:43 mail postfix/smtp[2489059]: 7BC9D110323C: to=<gzdelar@hotmail.com>, relay=hotmail-com.olc.protection.outlook.com[52.101.10.17]:25, delay=26417, delays=26276/135/2.5/3.5, dsn=2.6.0, status=sent (250 2.6.0 <20240825131419.7BC9D110323C@mail.tehne-studio.com> [InternalId=193110319569729, Hostname=AM0P189MB0626.EURP189.PROD.OUTLOOK.COM] 451099 bytes in 0.418, 1052.650 KB/sec Queued mail for delivery)
Aug 25 13:36:43 mail postfix/smtp[2489059]: 7BC9D110323C: to=<jschippernp@hotmail.com>, relay=hotmail-com.olc.protection.outlook.com[52.101.10.17]:25, delay=26417, delays=26276/135/2.5/3.5, dsn=2.6.0, status=sent (250 2.6.0 <20240825131419.7BC9D110323C@mail.tehne-studio.com> [InternalId=193110319569729, Hostname=AM0P189MB0626.EURP189.PROD.OUTLOOK.COM] 451099 bytes in 0.418, 1052.650 KB/sec Queued mail for delivery)
Aug 25 13:36:43 mail postfix/smtp[2489059]: 7BC9D110323C: to=<mdmagos@hotmail.com>, relay=hotmail-com.olc.protection.outlook.com[52.101.10.17]:25, delay=26417, delays=26276/135/2.5/3.5, dsn=2.6.0, status=sent (250 2.6.0 <20240825131419.7BC9D110323C@mail.tehne-studio.com> [InternalId=193110319569729, Hostname=AM0P189MB0626.EURP189.PROD.OUTLOOK.COM] 451099 bytes in 0.418, 1052.650 KB/sec Queued mail for delivery)
Aug 25 13:36:43 mail postfix/smtp[2489059]: 7BC9D110323C: to=<quorndoncare@hotmail.com>, relay=hotmail-com.olc.protection.outlook.com[52.101.10.17]:25, delay=26417, delays=26276/135/2.5/3.5, dsn=2.6.0, status=sent (250 2.6.0 <20240825131419.7BC9D110323C@mail.tehne-studio.com> [InternalId=193110319569729, Hostname=AM0P189MB0626.EURP189.PROD.OUTLOOK.COM] 451099 bytes in 0.418, 1052.650 KB/sec Queued mail for delivery)
Aug 25 13:36:44 mail postfix/smtp[2489185]: D50A21103182: to=<pegan@vantislife.com>, relay=mxa-00034b01.gslb.pphosted.com[67.231.152.105]:25, delay=12797, delays=12655/139/1.5/0.85, dsn=2.0.0, status=sent (250 2.0.0 4179afh3pe-1 Message accepted for delivery)
Aug 25 13:36:44 mail postfix/smtp[2489231]: BDEE411032B5: to=<malcolmboyes@earthlink.net>, relay=mx04.earthlink-vadesecure.net[147.135.98.120]:25, delay=7712, delays=7571/130/9.4/2.7, dsn=2.6.0, status=sent (250 2.6.0 Message accepted with ID 49224111-17eefc32a9979377)
Aug 25 13:36:44 mail postfix/smtp[2489181]: 6BB0F1103615: to=<aleksandarlugonja@live.com>, orig_to=<office@tehne-studio.com>, relay=live-com.olc.protection.outlook.com[52.101.10.13]:25, delay=48, delays=0.02/45/0.77/2.7, dsn=2.6.0, status=sent (250 2.6.0 <20240825133556.6BB0F1103615@mail.tehne-studio.com> [InternalId=31954556686890, Hostname=DU0PR08MB9901.eurprd08.prod.outlook.com] 19401 bytes in 0.227, 83.445 KB/sec Queued mail for delivery -> 250 2.1.5)
Aug 25 13:36:44 mail postfix/smtp[2489226]: D50A21103182: to=<jlambert@webermarine.com>, relay=mxb-0022c701.gslb.pphosted.com[67.231.145.99]:25, delay=12797, delays=12655/139/1.9/0.96, dsn=2.0.0, status=sent (250 2.0.0 417bjwgknj-1 Message accepted for delivery)
Aug 25 13:36:44 mail postfix/smtp[2489169]: 9814C110357C: to=<ubreakifixkennesaw@protonmail.com>, relay=mail.protonmail.ch[176.119.200.128]:25, delay=4555, delays=4413/126/5.4/11, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 4WsFFt2xcHz9vNQF)

My main.cf:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version
Debian specific:  Specifying a file name will cause the first
line of that file to be used as the name.  The Debian default
is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
appending .domain is the MUA's job.
append_dot_mydomain = no
Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
fresh installs.
compatibility_level = 2
INTERNET HOST AND DOMAIN NAMES

The myhostname parameter specifies the internet hostname of this
mail system. The default is to use the fully-qualified domain name
from gethostname(). $myhostname is used as a default value for many
other configuration parameters.

Froxlor Note: $myhostname can and should be the same as $mydomain as long as
you don't intend to send mail to it (it will be considered local, not virtual)
for the case of a subdomain, $mydomain must be equal to $myhostname,
otherwise you cannot use the main domain for virtual transport.
also check the note about $mydomain below.
#myhostname = mail.$mydomain
myhostname = $mydomain
#myhostname = virtual.domain.tld
The mydomain parameter specifies the local internet domain name.
The default is to use $myhostname minus the first component.
$mydomain is used as a default value for many other configuration
parameters.

Froxlor Note: We are using a default here but that may or may not make sense,
depending on your dns configuration, please check yourself.
FQDN from Froxlor
mydomain = mail.tehne-studio.com
#mydestination = $myhostname, localhost.$mydomain, localhost
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
mail.$mydomain, www.$mydomain, ftp.$mydomain
The default setting is 550 (reject mail) but it is safer to start
with 450 (try again later) until you are certain that your
local_recipient_maps settings are OK.

unknown_local_recipient_reject_code = 550
The mailbox_command parameter specifies the optional external
command to use instead of mailbox delivery. The command is run as
the recipient with proper HOME, SHELL and LOGNAME environment settings.
Exception:  delivery for root is done as $default_user.

Other environment variables of interest: USER (recipient username),
EXTENSION (address extension), DOMAIN (domain part of address),
and LOCAL (the address localpart).

Unlike other Postfix configuration parameters, the mailbox_command
parameter is not subjected to $parameter substitutions. This is to
make it easier to specify shell syntax (see example below).

Avoid shell meta characters because they will force Postfix to run
an expensive shell process. Procmail alone is expensive enough.

IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.

mailbox_command = /usr/lib/dovecot/deliver
#mailbox_command = /usr/bin/procmail -a "$EXTENSION"
The debugger_command specifies the external command that is executed
when a Postfix daemon program is run with the -D option.

Use "command .. & sleep 5" so that the debugger can attach before
the process marches on. If you use an X-based debugger, be sure to
set up your XAUTHORITY environment variable before starting Postfix.

debugger_command =
     PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
     ddd $daemon_directory/$process_name $process_id & sleep 5
inet_protocols = ipv4
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    reject_unauth_pipelining,
    reject_non_fqdn_recipient
smtpd_sender_restrictions = permit_mynetworks,
    reject_sender_login_mismatch,
    permit_sasl_authenticated,
    reject_unknown_helo_hostname,
    reject_unknown_recipient_domain,
    reject_unknown_sender_domain
smtpd_client_restrictions = permit_mynetworks,
    permit_sasl_authenticated,
    reject_unknown_client_hostname
Postfix 2.10 requires this option. Postfix < 2.10 ignores this.
The option is intentionally left empty.
smtpd_relay_restrictions =
Maximum size of Message in bytes (50MB)
message_size_limit = 52428800
SASL Auth Settings
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
Dovecot Settings for deliver, SASL Auth and virtual transport
smtpd_sasl_type = dovecot
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
smtpd_sasl_path = private/auth
Virtual delivery settings
virtual_mailbox_base = /
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf
smtpd_sender_login_maps = mysql:/etc/postfix/mysql-virtual_sender_permissions.cf
virtual_uid_maps = static:2000
virtual_gid_maps = static:2000
Local delivery settings
local_transport = local
alias_maps = $alias_database
Default Mailbox size, is set to 0 which means unlimited!
mailbox_size_limit = 0
virtual_mailbox_limit = 0
TLS settings

TLS for outgoing mails from the server to another server
smtp_tls_security_level = may
smtp_tls_note_starttls_offer = yes
TLS for incoming connections (clients or other mail servers)
smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.tehne-studio.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.tehne-studio.com/privkey.pem
#smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_CAfile = /etc/letsencrypt/live/mail.tehne-studio.com/chain.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
#debug_peer_list = 188.2.11.206

master.cf

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================
#smtp      inet  n       -       n       -       -       smtpd
#smtp      inet  n       -       n       -       1       postscreen
#smtpd     pass  -       -       n       -       -       smtpd
#dnsblog   unix  -       -       n       -       0       dnsblog
#tlsproxy  unix  -       -       n       -       0       tlsproxy
#submission inet n       -       n       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_tls_auth_only=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#  -o smtpd_sasl_type=dovecot
smtps     inet  n       -       n       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       n       -       -       qmqpd
pickup    unix  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
        -o syslog_name=postfix/$service_name
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
postlog   unix-dgram n  -       n       -       1       postlogd
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop  unix  -       n       n       -       -       pipe
#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp      unix  -       n       n       -       -       pipe
#  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail    unix  -       n       n       -       -       pipe
#  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp     unix  -       n       n       -       -       pipe
#  flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix -       n       n       -       2       pipe
#  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
#  ${nexthop} ${user} ${extension}
#
#mailman   unix  -       n       n       -       -       pipe
#  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
#  ${nexthop} ${user}
#
# Dovecot LDA
dovecot   unix  -   n   n   -   -   pipe
    flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}

I am Software Engineer, not professional Server Admin, have experience managing web servers, but for email servers I don't know as much.

Does anyone have any suggestions how to diagnose and fix the problem?

EDIT:

Logs as requested: https://gist.github.com/zivlakmilos/608a57b9e4e95a58f042cc47fb223e3b

Answer 1

Pick one of the queue IDs, say CAE141103220, and grep the entire postfix log (not just postfix/smtp) for that ID. (Maybe even a grep -C 3 for surrounding lines.) This will give you the relevant smtpd "client=" line if the message was accepted by your server via SMTP, or the 'pickup' "uid=" line if it was accepted through the local /usr/sbin/sendmail process.

If the message arrived through SMTP, look at the other lines to see if the client successfully authenticated (and if so, lock the user account), or if the client was allowed by IP address (the permit_mynetworks rule).

On the other hand, if it arrived through local pickup, look up the indicated UID to determine if it's your own account, someone else's, or even something like "www-data" (PHP and such). id <uid> can be used to translate a UID to a username. Then, tools such as forkstat or extrace can be used to determine what is running the 'sendmail' command (and later systemctl status <pid>).

Answer 2

Take as an example the id CAE141103220. In the log snippet that you've posted you can see that something on your system running as UID 10001 is the source:

Aug 25 13:14:11 mail postfix/pickup[2436671]: CAE141103220: uid=10001 from=<office@tehne-studio.com>
Aug 25 13:14:11 mail postfix/cleanup[2437227]: CAE141103220: message-id=<20240825131411.CAE141103220@mail.tehne-studio.com>
Aug 25 13:14:11 mail postfix/qmgr[2436672]: CAE141103220: from=<office@tehne-studio.com>, size=426650, nrcpt=30 (queue active)
Aug 25 13:23:01 mail postfix/qmgr[2459095]: CAE141103220: from=<office@tehne-studio.com>, size=426650, nrcpt=30 (queue active)
Aug 25 13:23:01 mail postfix/error[2459320]: CAE141103220: to=<ztahir1@cox.net>, relay=none, delay=40882, delays=40882/0.02/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host cxr.mx.a.cloudfilter.net[35.162.106.154] refused to talk to me: 421 cxr-ibgw-6005a.stratus.cloudmark.com cmsmtp 46.4.121.53 service temporarily unavailable. Refer to Error Codes section at https://www.cox.com/residential/support/email-error-codes.html for more information. AUP#CXCNCT)
Aug 25 13:25:00 mail postfix/qmgr[2464770]: CAE141103220: from=<office@tehne-studio.com>, size=426650, nrcpt=30 (queue active)

You need to track that down and close the gap. Your domain (and IP address) are already badly impacted - quite possibly permanently.