When you operate an SMTP server (server for outbound mail), there are two basic ways for someone to send spam through your server which may need to be addressed
An open SMTP relay. If this happens, it’s horrendous. If this happens you can be put on global (world wide) block lists and then be unable to send mail to a large number of others world wide. There are various free testing services which you can use. Try to find one that is reliable without using one run by one of the major block lists (else that would speed up putting you on their list). I see in the log snippet you posted you’ve already come to the attention of, and are being probed by one of these block lists (Spamhaus) but I don’t think your server is responding inappropriately, in other words I <think> your server isn’t an open relay. But you have to check.
A compromised account. The first thing you need to configure is consider and configure appropriately is whether your SMTP server should be facing towards the Internet or only serving the machine itself or the LAN behind it. If you face the Internet, it enables you to send email from anywhere without having to use someone else’ SMTP server, but it exposes you to risk. In other words, if you don’t need to use your Server from remote locations, then disable inbound Internet access. Your logfile doesn’t clearly show a compromised account but your log is only a snippet.
A possible third possibility but much less likely if you maintain a supported version of openSUSE is that the machine itself could be compromised. Make sure you’re running a supported version of openSUSE (today, that’s 13.1 and later) and are patching and/or updating constantly.
A fourth possibility is that someone is only accusing you of not taking steps to prevent spamming according to their own opinion without your actually spamming. There are many things various people want without universal acceptance like Yahoo’s SenderID.
There are two suspicious things happening in your logs, but your logs don’t explicitly indicate you’re compromised… but you need to follow up…
- Spamhaus is probing you. Usually that doesn’t happen unless you’re reported. You need to do an open SMTP relay check and possibly check any of many block lists to see if you’re on them.
- You’re getting attempts to email from someone claiming an address “firstname.lastname@example.org” Anyone who uses a “z” to replace an “s” in their name is a common practice claiming themselves to be warez supporters (promotes illegal activity). It’s not clear you’re doing anything more than denying him, but again you need to follow up.
If necessary, ask whoever notified you (your ISP?) if they have details about the supposed spamming.
As I noted above, the quick and simple approach is to simply disable inbound SMTP connections to your SMTP server (you should only have inbound SMTP to your POP/IMAP/whatever mail server). If your SMTP server and mail server are on the same machine, then it gets a bit more complicated separating how each is configured and may require the expertise of someone who supports mail servers regularly.
The alternative to fixing your SMTP mail server is to sign up for an SMTP relay and filtering service, typical cost is about $10/mo/email account. You would then configure your inbound SMTP connections to be only from your subscribed service and let them address proper Internet connection configuring. Services are usually pretty helpful setting up your machine to point securely only to their service. Then, typically you can view/manage/modify settings on their machine through a web dashboard, but they would still protect you from hackers and probing.