Forged Mail

Discussion in 'Technical' started by P4rD0nM3, Oct 8, 2011.

  1. P4rD0nM3

    P4rD0nM3 New Member

    Can you guys take a look at this Postfix log?

    Code:
    Oct  8 08:28:33 core postfix/smtpd[9137]: 9CB614AB54B: client=static-200-105-156-170.acelerate.net[200.105.156.170]
    Oct  8 08:28:34 core postfix/cleanup[9143]: 9CB614AB54B: message-id=<[email protected]>
    Oct  8 08:28:35 core postfix/qmgr[2352]: 9CB614AB54B: from=<[email protected]>, size=1644, nrcpt=1 (queue active)
    Oct  8 08:28:35 core postfix/local[9145]: 9CB614AB54B: to=<[email protected]om>, orig_to=<[email protected]>, relay=local, delay=2.1, delays=1.4/0.01/0/0.67, dsn=2.0.0, status=sent (forwarded as 102394AB551)
    Oct  8 08:28:35 core postfix/qmgr[2352]: 9CB614AB54B: removed
    My mail server's not an open relay.

    Can this be classifed as backscatter? I've never seen this one before.
     
  2. falko

    falko Super Moderator ISPConfig Developer

    Is one of those email addresses located on your system?
     
  3. P4rD0nM3

    P4rD0nM3 New Member

  4. falko

    falko Super Moderator ISPConfig Developer

    I don't see that address in the log, only [email protected]om
     
  5. P4rD0nM3

    P4rD0nM3 New Member

    orig_to=<[email protected]>

    And relay=local baffles me.
     
  6. pititis

    pititis Member

    Basic question, is your mail server checking spf?

    Cheers
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    As far as I read the log, a email for the local (virtual) address
    Code:
    [email protected]
    has been received and then delivered to the local system user advertising-livewhenready.com. The recipient
    Code:
    [email protected]om
    means not a real email address in the case that core.200-paul-sf-ca.livewhenready.com is the hostname of the local server and advertising-livewhenready.com is the name of a user in /etc/passwd
     

Share This Page