#1  
Old 8th October 2011, 18:00
P4rD0nM3 P4rD0nM3 is offline
Junior Member
 
Join Date: May 2009
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default Forged Mail

Can you guys take a look at this Postfix log?

Code:
Oct  8 08:28:33 core postfix/smtpd[9137]: 9CB614AB54B: client=static-200-105-156-170.acelerate.net[200.105.156.170]
Oct  8 08:28:34 core postfix/cleanup[9143]: 9CB614AB54B: message-id=<4648447511.Y68AOV1W945363@ccoyjnn.cuqrdlzmr.info>
Oct  8 08:28:35 core postfix/qmgr[2352]: 9CB614AB54B: from=<0-0-jcbernard@ferro.fr>, size=1644, nrcpt=1 (queue active)
Oct  8 08:28:35 core postfix/local[9145]: 9CB614AB54B: to=<advertising-livewhenready.com@core.200-paul-sf-ca.livewhenready.com>, orig_to=<advertising@livewhenready.com>, relay=local, delay=2.1, delays=1.4/0.01/0/0.67, dsn=2.0.0, status=sent (forwarded as 102394AB551)
Oct  8 08:28:35 core postfix/qmgr[2352]: 9CB614AB54B: removed
My mail server's not an open relay.

Can this be classifed as backscatter? I've never seen this one before.
Reply With Quote
Sponsored Links
  #2  
Old 9th October 2011, 13:21
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Is one of those email addresses located on your system?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 9th October 2011, 18:00
P4rD0nM3 P4rD0nM3 is offline
Junior Member
 
Join Date: May 2009
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Yes. Advertising@livewhenready.com is legit.
Reply With Quote
  #4  
Old 10th October 2011, 10:51
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

I don't see that address in the log, only advertising-livewhenready.com@core.200-paul-sf-ca.livewhenready.com
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 10th October 2011, 13:07
P4rD0nM3 P4rD0nM3 is offline
Junior Member
 
Join Date: May 2009
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

orig_to=<advertising@livewhenready.com>

And relay=local baffles me.
Reply With Quote
  #6  
Old 11th October 2011, 18:29
pititis pititis is offline
Senior Member
 
Join Date: Dec 2010
Location: München
Posts: 364
Thanks: 39
Thanked 89 Times in 68 Posts
Default

Basic question, is your mail server checking spf?

Cheers
Reply With Quote
  #7  
Old 11th October 2011, 18:48
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,743
Thanks: 840
Thanked 5,597 Times in 4,408 Posts
 
Default

As far as I read the log, a email for the local (virtual) address
Code:
advertising@livewhenready.com
has been received and then delivered to the local system user advertising-livewhenready.com. The recipient
Code:
advertising-livewhenready.com@core.200-paul-sf-ca.livewhenready.com
means not a real email address in the case that core.200-paul-sf-ca.livewhenready.com is the hostname of the local server and advertising-livewhenready.com is the name of a user in /etc/passwd
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting Email Working ISPConfig3 Squirrelmail and Courier etc Ian Wilson Installation/Configuration 17 19th June 2013 23:58
postfix problem jagsler Server Operation 41 7th July 2011 15:19
Problem with dcc-client installation (Postfix) swap-as Installation/Configuration 9 18th September 2008 21:47
Mail System Error - Returned Mail tristanlee85 General 16 16th March 2008 10:40
Can not recieve mail with de virtual mail adress Mounir Installation/Configuration 9 25th July 2006 00:16


All times are GMT +2. The time now is 10:40.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.