With you help, I identified a compromised account and have disabled it via my hMailServer and will address the issue with the user.

I ended up purging all incoming mail and now, ClearOS is delivering mail and has 24gb available now.

I greatly appreciate your assistance.

The grep sasl_username... command returned immediately with no console output.

The mailq ran for about 10 minutes displaying emails, I cancelled the command after that long.

I do have a static a static IP. I receive mail to ClearOS to utilize the antivirus and antispam and relay mail to my hMailServer. hMailServer sends mail relaying back through ClearOS to utilize the spam / antivirus. This is how I configured to clean up inbound and outbound mail. I am open for suggestions. I will request the smtp relay from my ISP.

I can't get into the webcofig anymore due to disk being full. -> "Ooooops: Server is running low on available disk space - preventing further modifications via API until disk space issues are resolved."

No, definitely not normal. Please can you run:

grep sasl_username /var/log/maillog|awk {'print $NF'} |sort |uniq -c |sort -n

Any high figure indicates a password breach and spam attack, but you are only on one blacklist so it probably has not happened.

Can you check you mail queue with the command "mailq". Again it should be empty unless or occasionally have a few mails in it waiting to be sent onwards (either inbound or outbound).

As a secondary question, do you send e-mails out directly to the internet or do you relay via your ISP or an SMTP relay? I think you have a dynamic IP which is why you are on the SORBS blacklist and you don't have a proper MX record. This suggests that you should not send out e-mails directly and should relay them via an SMTP relay. Otherwise a number of recipients will block your mails

I did delete all the logs historic logs with dates so leaving only the current logs. That moved me from 98% usage to 94% usage. So I installed the Disk Usage Report app and I see that the vast majority of space being used is in the ../postfix/incoming directory containing 18gb. Is that normal? What are these files?

You need to sort the space urgently. Linux can give huge problems if you run out of space. For some quick wins, go into /var/log and delete any old logs.
You can see disk usage with "df -h". For detail start at the / folder and do "du -h -d 1". You will see all your top level disk usage. Work your way down the big folders with a "cd folder_name" and repeat..

SMTP is running, I am not using POP/IMAP. I am just using ClearOS for the Antivirus / Antispam / SMTP gateway features in front of an hMailserver. All 3 of these services are currently running.

The log is below and does contain some errors:

Jun 25 10:19:59 clearos firewall: Starting firewall...
Jun 25 10:19:59 clearos firewall: Loading environment
Jun 25 10:20:00 clearos firewall: Detected WAN role for interface: ens160
Jun 25 10:20:00 clearos firewall: Setting kernel parameters
Jun 25 10:20:00 clearos firewall: Detected WAN info - ens160 192.168.1.17 on network 192.168.1.0/24
Jun 25 10:20:00 clearos firewall: Using trusted standalone mode (no firewall)
Jun 25 10:20:00 clearos firewall: Loading kernel modules
Jun 25 10:20:01 clearos firewall: Loading kernel modules for NAT
Jun 25 10:20:01 clearos firewall: Starting firewall...
Jun 25 10:20:01 clearos firewall: Loading environment
Jun 25 10:20:01 clearos firewall: Detected WAN role for interface: ens160
Jun 25 10:20:01 clearos firewall: Setting kernel parameters
Jun 25 10:20:01 clearos servicewatch: sanity checking webconfig
Jun 25 10:20:01 clearos firewall: Detected WAN info - ens160 192.168.1.17 on network 192.168.1.0/24
Jun 25 10:20:01 clearos firewall: Using trusted standalone mode (no firewall)
Jun 25 10:20:01 clearos firewall: Loading kernel modules
Jun 25 10:20:01 clearos firewall: Loading kernel modules for NAT
Jun 25 10:20:02 clearos firewall: Setting default policy to ACCEPT
Jun 25 10:20:02 clearos firewall: Defining custom chains
Jun 25 10:20:02 clearos firewall: Running custom rules
Jun 25 10:20:02 clearos firewall: Running user-defined proxy rules
Jun 25 10:20:02 clearos firewall: Content filter is offline
Jun 25 10:20:02 clearos firewall: Web proxy is offline
Jun 25 10:20:02 clearos firewall: Running Masquerading
Jun 25 10:20:02 clearos firewall: Enabling NAT on WAN interface ens160
Jun 25 10:20:02 clearos firewall: Running default forwarding rules
Jun 25 10:20:02 clearos firewall: Execution time: 0.892s
Jun 25 10:20:02 clearos firewall: Running post-firewall: 20770
Jun 25 10:20:02 clearos firewall: Running /etc/clearos/firewall.d/local
Jun 25 10:20:03 clearos firewall6: Starting firewall...
Jun 25 10:20:03 clearos firewall6: Loading environment
Jun 25 10:20:03 clearos firewall6: Detected WAN role for interface: ens160
Jun 25 10:20:03 clearos firewall6: Setting kernel parameters
Jun 25 10:20:03 clearos firewall6: Detected WAN info - ens160 192.168.1.17 on network 192.168.1.0/24
Jun 25 10:20:03 clearos firewall6: Using trusted standalone mode (no firewall)
Jun 25 10:20:03 clearos firewall6: Loading kernel modules
Jun 25 10:20:04 clearos firewall6: Loading kernel modules for NAT
Jun 25 10:20:04 clearos firewall6: Setting default policy to ACCEPT
Jun 25 10:20:04 clearos firewall6: Defining custom chains
Jun 25 10:20:04 clearos firewall6: Running custom rules
Jun 25 10:20:04 clearos firewall6: Running Masquerading
Jun 25 10:20:04 clearos firewall6: Enabling NAT on WAN interface ens160
Jun 25 10:20:04 clearos firewall6: Running default forwarding rules
Jun 25 10:20:04 clearos firewall6: Execution time: 0.522s
Jun 25 10:20:04 clearos firewall6: Running post-firewall: 20770
Jun 25 10:20:04 clearos firewall6: Running /etc/clearos/firewall.d/local
Jun 25 10:20:07 clearos events: onboot - event occurred
Jun 25 10:20:07 clearos events: onboot - triggered hook: language
Jun 25 10:20:07 clearos events: onboot - triggered hook: suva
Jun 25 10:21:29 clearos engine: exception: error: /usr/clearos/apps/base/libraries/Shell.php (227): Command execution failed.
Jun 25 10:21:29 clearos engine: exception: debug backtrace: /usr/clearos/apps/base/libraries/Daemon.php (613): execute
Jun 25 10:21:29 clearos engine: exception: debug backtrace: /usr/clearos/apps/base/controllers/daemon.php (130): set_running_state
Jun 25 10:21:29 clearos engine: exception: debug backtrace: GUI (0): start
Jun 25 10:21:29 clearos engine: exception: debug backtrace: /usr/clearos/framework/system/core/CodeIgniter.php (535): call_user_func_array
Jun 25 10:21:29 clearos engine: exception: debug backtrace: /usr/clearos/framework/htdocs/app/index.php (224): require_once

Also, I see there are several events of concern:

System load warning 2021-06-25 10:35:11
Volume full: / (98.15%) 2021-06-25 10:31:45
Volume approaching capacity: / (96.99%) 2021-06-25 10:20:11

Can I free up space?

When I click on the Dashboard I am also getting "Ooooops: Server is running low on available disk space - preventing further modifications via API until disk space issues are resolved."

Is it running. Check from the webconfig for the SMTP server and IMAP/POP server. If one or the other is not running, check your logs.

Nick Howitt wrote:

Can you connect by SSH - PuTTy and WinSCP? And are you remembering the webconfig is https and not http?

Ha, okay, stupid me. That was the problem logging in.

For the other part of my problem, mail not being forwarded from ClearOS to my mailserver. How can I troubleshoot this?

Can you connect by SSH - PuTTy and WinSCP? And are you remembering the webconfig is https and not http?