Forged Mail

Discussion in 'Technical' started by P4rD0nM3, Oct 8, 2011.

  1. P4rD0nM3

    P4rD0nM3 New Member

    Can you guys take a look at this Postfix log?

    Code:
    Oct  8 08:28:33 core postfix/smtpd[9137]: 9CB614AB54B: client=static-200-105-156-170.acelerate.net[200.105.156.170]
    Oct  8 08:28:34 core postfix/cleanup[9143]: 9CB614AB54B: message-id=<4648447511.Y68AOV1W945363@ccoyjnn.cuqrdlzmr.info>
    Oct  8 08:28:35 core postfix/qmgr[2352]: 9CB614AB54B: from=<0-0-jcbernard@ferro.fr>, size=1644, nrcpt=1 (queue active)
    Oct  8 08:28:35 core postfix/local[9145]: 9CB614AB54B: to=<advertising-livewhenready.com@core.200-paul-sf-ca.livewhenready.com>, orig_to=<advertising@livewhenready.com>, relay=local, delay=2.1, delays=1.4/0.01/0/0.67, dsn=2.0.0, status=sent (forwarded as 102394AB551)
    Oct  8 08:28:35 core postfix/qmgr[2352]: 9CB614AB54B: removed
    My mail server's not an open relay.

    Can this be classifed as backscatter? I've never seen this one before.
     
  2. falko

    falko Super Moderator

    Is one of those email addresses located on your system?
     
  3. P4rD0nM3

    P4rD0nM3 New Member

  4. falko

    falko Super Moderator

    I don't see that address in the log, only advertising-livewhenready.com@core.200-paul-sf-ca.livewhenready.com
     
  5. P4rD0nM3

    P4rD0nM3 New Member

    orig_to=<advertising@livewhenready.com>

    And relay=local baffles me.
     
  6. pititis

    pititis Member

    Basic question, is your mail server checking spf?

    Cheers
     
  7. till

    till Super Moderator

    As far as I read the log, a email for the local (virtual) address
    Code:
    advertising@livewhenready.com
    has been received and then delivered to the local system user advertising-livewhenready.com. The recipient
    Code:
    advertising-livewhenready.com@core.200-paul-sf-ca.livewhenready.com
    means not a real email address in the case that core.200-paul-sf-ca.livewhenready.com is the hostname of the local server and advertising-livewhenready.com is the name of a user in /etc/passwd
     

Share This Page