Forged Mail

Discussion in 'Technical' started by P4rD0nM3, Oct 8, 2011.

  1. P4rD0nM3

    P4rD0nM3 New Member

    Can you guys take a look at this Postfix log?

    Oct  8 08:28:33 core postfix/smtpd[9137]: 9CB614AB54B:[]
    Oct  8 08:28:34 core postfix/cleanup[9143]: 9CB614AB54B: message-id=<[email protected]>
    Oct  8 08:28:35 core postfix/qmgr[2352]: 9CB614AB54B: from=<[email protected]>, size=1644, nrcpt=1 (queue active)
    Oct  8 08:28:35 core postfix/local[9145]: 9CB614AB54B: to=<[email protected]om>, orig_to=<[email protected]>, relay=local, delay=2.1, delays=1.4/0.01/0/0.67, dsn=2.0.0, status=sent (forwarded as 102394AB551)
    Oct  8 08:28:35 core postfix/qmgr[2352]: 9CB614AB54B: removed
    My mail server's not an open relay.

    Can this be classifed as backscatter? I've never seen this one before.
  2. falko

    falko Super Moderator ISPConfig Developer

    Is one of those email addresses located on your system?
  3. P4rD0nM3

    P4rD0nM3 New Member

  4. falko

    falko Super Moderator ISPConfig Developer

    I don't see that address in the log, only [email protected]om
  5. P4rD0nM3

    P4rD0nM3 New Member

    orig_to=<[email protected]>

    And relay=local baffles me.
  6. pititis

    pititis Member

    Basic question, is your mail server checking spf?

  7. till

    till Super Moderator Staff Member ISPConfig Developer

    As far as I read the log, a email for the local (virtual) address
    [email protected]
    has been received and then delivered to the local system user The recipient
    [email protected]om
    means not a real email address in the case that is the hostname of the local server and is the name of a user in /etc/passwd

Share This Page