Meno wrote:
Hi all,
Does somebody know what may cause a confusion like this?
In maillog you can see, that the sender is \"from=\" (see below)
r...@smtp3 # cat /var/log/mail-smtp3-090115.log | grep 55BB716282
Jan 15 04:43:25 smtp3 postfix/smtpd[17488]: [ID 197553 mail.info] 55BB716282:
client=localhost[127.0.0.1]
Jan 15 04:43:25 smtp3 postfix/cleanup[15371]: [ID 197553 mail.info] 55BB716282:
messageid
Jan 15 04:43:25 smtp3 postfix/qmgr[1372]: [ID 197553 mail.info]
55BB716282:from=, size=2407, nrcpt=1 (queue active)
Jan 15 04:43:25 smtp3 postfix/smtp[16197]: [ID 197553 mail.info]
55BB716282:to=, orig_to,relay=notes.example.com[10.10.10.174]:25,delay=0.21,
delays=0.19/0/0.01/0.01, dsn=2.0.0, status=sent (250 Message accepted for
delivery)
Jan 15 04:43:25 smtp3 postfix/qmgr[1372]: [ID 197553 mail.info] 55BB716282: removed
But when I get this mail to my inbox, the souce of this mail looks like this:
The sender is \"from=\" which is my email address.
Based on these source code, the email client assumes thet it was sent by me,
which is not true. It was received from \"unknown [211.203.243.81]\"
Received: from smtp3.example.com ([211.51.20.89])
by smtp1.example.com (Lotus Domino Release 7.0.3FP1)
with ESMTP id 2009011504432553-28468 ;
Thu, 15 Jan 2009 04:43:25 +0100
Received: from smtp2.example.com (localhost [127.0.0.1])
by smtp3.example.com (Postfix) with ESMTP id 55BB716282
for ; Thu, 15 Jan 2009 04:43:25 +0100 (MET)
X-Received-SPF: no SPF record found
Received: from 3com.com (unknown [211.203.243.81])by smtp2.example.com
(Postfix) with SMTP id 536831631for ; Thu, 15 Jan
2009 04:43:22 +0100 (CET)
To:
Subject: RE: message 62625
From:
MIME-Version: 1.0
Importance: High
Message-Id:
Date: Thu, 15 Jan 2009 04:43:22 +0100 (CET)
Does somebody know how to stop getting such mail?
Either SPF cannot help me!
Thankx,
Chris
The From: and To: in your logs and headers apparently got
eaten somewhere, so I can't see what you're referring to.
If you are getting mail claiming to be from your own domain,
this has been discussed on the list several times recently.
Check the archives.
This particular client is listed in multiple RBLs, you could
reject it and lots of other spam with "reject_rbl_client
zen.spamhaus.org". Check the www.spamhaus.org web site for
usage restrictions.
The client also has no rDNS hostname, you could reject such
clients with "reject_unknown_reverse_client_hostname". This
restriction might reject legit mail, so watch your logs.
The client used the HELO hostname "3com.com", which is bogus.
You could reject this HELO hostname with a check_helo_access
map, but this would be less generally useful than the above
two checks. See the archive for examples.
Your system should already reject unknown recipients for your
own domain. You can reject mail using nonexistent local
sender addresses by setting in main.cf:
smtpd_reject_unlisted_sender = yes
--
Noel Jones
