Other replies have identified what's probably happening: redirection to a
specific mail relay or honeypot.
I have a couple of suggestions, which you should consider carefully (for
legality and possible retaliation) before trying. I'd consider them ok
where I am, but YMMV.
Also, consider any email you send compromised from now on. Even if you
prevail on them to stop redirecting they've demonstrated the will as well
as capacity to observe, modify and potentially forge traffic. (SSL won't
help you unless you're using certs to authenticate the MTA at the other
end.) Or, maybe they're simply compromised. :-/
On Sun, 10 Sep 2023, postfix--- via Postfix-users wrote:
Try a telnet connection to those host (gmail/mail-tester) on 25 and see who
actually answers.
1) Send SYNs with varying TTLs to determine the number of hops to alleged
recipient MTAs based on the minimum value which elicits a SYN/ACK. Are
they all the same? Is it a low number?
2) Set up something which accepts TCP connections on port 25 which is not
on your network. Are you able to connect to it? If you are, how many
hops is it compared to some other port? (Subtract the TTL on arrival
from the TTL as sent.)
--
Fred Morris
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
