RELAY Alert, spammer bombing our server every 5 minutes, please help

[ivillages]

Hi All,

I have a Cpanel/WHM server running CSF & LFD and we are getting pounded with spam coming in to our hosted email accounts, about every 5 mintues, 24/7. These are coming from outside of our server TO email addresses on our server.

I set the RT_RELAY_LIMIT to 2 messages and Permanent Block but the senders keep changing the source relay IP, below is a sample.

I can't figure out how to stop these relays, does anyone have a suggestion for this?

Thanks


Time: Thu Sep 24 15:13:51 2015 -0700
Type: RELAY, Remote IP - 209.126.123.164 (US/United States/static-ip-209-126-123-164.inaddr.ip-pool.com)
Count: 3 emails relayed
Blocked: Permanent Block

Sample of the first 10 emails:

2015-09-24 15:13:45 1ZfElt-0000GW-ID <= walgreensspecials@prevortexlane.net H=static-ip-209-126-123-164.inaddr.ip-pool.com (prevortexlane.net) [209.126.123.164]:34386 P=esmtp S=4089 id=gaf32321323fdso118223981afsdseassdfs-4437e9a1169d044b959671738ecc8e92492.1514945.-11822398@prevortexlane.net T="RE: Your $500 gift-card expires in 10 days #FD11822398" for chris@bainbridgegardens.com

[ivillages]

These are still coming in, every 3 minutes or so, any suggestions?

Time: Mon Sep 28 06:31:12 2015 -0700
Type: RELAY, Remote IP - 162.244.135.35 (US/United States/162-244-135-35.alnitech.com)
Count: 3 emails relayed
Blocked: Permanent Block

Sample of the first 10 emails:

2015-09-28 06:30:36 1ZgYVk-0001NM-Hn <= RyderMoran-alex=charlesandersonco.com@rdc.o5j6w.com H=(rdc.o5j6w.com) [162.244.135.35]:55256 P=esmtp S=48946 id=UZCYMY8.84036@rdc.o5j6w.com T="Lots os openings and training options" for alex@charlesandersonco.com

[konkerz]

Change password mail box: alex@charlesandersonco.com
Check equipment to keep this box set