I am seeing entries in my maillog similar to this:

May 27 21:44:35 vps postfix/smtpd[32760]: AFFD65A086A4: client=unknown[190.160.30.82]
May 27 21:44:36 vps postfix/cleanup[17610]: AFFD65A086A4: message-id=<1211950387.7771@lxe.com>
May 27 21:44:36 vps postfix/qmgr[7538]: AFFD65A086A4: from=<alindsy_cd@lxe.com>, size=1624, nrcpt=3 (queue active)
May 27 21:44:36 vps postfix/smtpd[32760]: disconnect from unknown[190.160.30.82]

That's not my IP or any IP for anybody authorized to send mail using the server.

Any help would greatly be appreciated!

Looks like your postfix could be a open-relay. Check your settings.

Also a whois look up for that IP gives.....

inetnum: 190.160/15
status: allocated
owner: VTR BANDA ANCHA S.A.
ownerid: CL-VPNS-LACNIC
responsible: Italo Sambuceti
address: Reyes Lavalle, 3340, 4th floor
address: 6760335 - Santiago -
country: CL
phone: +56 02 3101502 []
owner-c: ISO
tech-c: ISO
created: 20070322
changed: 20070322

nic-hdl: ISO
person: Italo Sambuceti Oyarz�n
e-mail: isambuce@VTR.CL
address: Reyes Lavalle, 3340, 4 th floor
address: 676-0335 - Santiago -
country: CL
phone: +56 02 3101609 []
created: 20020906
changed: 20021122

Thanks for the help!

I am pretty sure I turned off open relaying and when I checked at http://mxtoolbox.com/diagnostic.aspx it says it is not an open relay.

postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, vps.MyHostingDomain.net
newaliases_path = /usr/bin/newaliases.postfix
qmgr_message_active_limit = 4000
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sender_bcc_maps = hash:/etc/postfix/bcc
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_sasl_auth_enable = yes
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual

What is mynetworks set to?

postconf mynetworks

I doubt that's the problem, but I don't see it, so though it worth checking.

It doesn't look like you have an open relay there...and I'm not sure the logs you're seeing indicate relaying (there should be more after those messages, I think).

mynetworks = 127.0.0.0/8 127.0.0.1/32 74.63.2.190/32 74.63.2.191/32

These are the IPs for my server so they are good :)
74.63.2.190
74.63.2.191

There are not more associated with that connection as far as I can tell.
How would I do a grep in the maillog for AFFD65A086A4?

OK I figured out how to grep and yes there were more instances of that ID and it looks like it was just spam being send from a single outside source TO to of my mail accounts at the same time so all is ok :)

The other lines were about 200 lines down in the log because some clown was doing a dictionary attack and I had gazillion Aborted lines in the file.

This brings up another issue.

What's the best way to prevent a dictionary style attack like that?

pull the plug

in other words you can't prevent the attack afaik
you can secure the system better by creating non-dictionary passwords with min. length of 15 characters like hnJyg$42#eds@kjJ

many users use passwords like: "thisismypasswordandnoonewilleverguess" and that's what dic-attacks are looking for.

Minimum length of 8 characters is fine, as long as the password is strong--numbers, upper/lower letters, and/or symbols. No dictionary words. A strong 8 character password could take years for a brute force attack to find...the attacker will move on to greener pastures after a couple of days.

There have also been discussions here in the forums about other techniques. Lief brought up some nice iptables rules for tackling the problem a couple of years back, and lots of people have had good success using them for all sorts of services (the discussion was about ssh, but they can be applied to almost any service because iptables is awesome like that).

Here's that thread, with much good discussion:

http://www.virtualmin.com/forums/help-home-for-newbies/ssh-login-attempts-maybee-this-is-%22fix%22- for-the-firewall.html