On Wed, Jul 29, 2009 at 3:15 PM, Terry Carmen<te...@cnysupport.com> wrote: > You're still missing the log entries where you accepted the message.
I think this is it: Jul 26 10:22:31 mail postfix/smtpd[14344]: AA83077925B: client=localhost.localdomain[127.0.0.1] Jul 26 10:22:31 mail postfix/cleanup[14864]: AA83077925B: message-id=<20090726142225.4a01e779...@mail.iamghost.com> Jul 26 10:22:31 mail amavis[22548]: (22548-04-3) Passed CLEAN, MYNETS LOCAL [192.168.1.92] [192.168.1.92] <rheinl...@simulationinformation.com> -> <ja...@us.army.mil>, Message-ID: <20090726142225.4a01e779...@mail.iamghost.com>, mail_id: u4lCSmAqg2xD, Hits: -4.399, size: 1047, queued_as: AA83077925B, 276 ms Jul 26 10:22:31 mail postfix/qmgr[4088]: AA83077925B: from=<rheinl...@simulationinformation.com>, size=1508, nrcpt=1 (queue active) Jul 26 10:22:31 mail postfix/lmtp[14870]: 4A01E779261: to=<ja...@us.army.mil>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=3, delay=6.5, delays=0.08/6.2/0.01/0.29, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=22548-04-3, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AA83077925B) Jul 26 10:22:33 mail postfix/smtp[14941]: AA83077925B: host mx.us.army.mil[143.69.251.34] said: 451 #4.1.8 Domain of sender address <rheinl...@simulationinformation.com> does not resolve (in reply to MAIL FROM command) After reviewing the logs above as Aaron and all indicated, it does make sense. I have a server <192.168.1.92> which is visible in the 3rd entry that relays mail for us.army.mil. That explains it. I don't think these are malicious entries and I don't know why the Army's mail server can't resolve that but I really don't care at this point. On Wed, Jul 29, 2009 at 2:59 PM, Aaron Wolfe<aawo...@gmail.com> wrote: > Your configuration allows 'mynetworks' and sasl authenticated senders > to send mail from/to anywhere. > These are the likely sources of the messages in question. Your > postfix logs will show you exactly where the message came from. > > -Aaron Yes. 192.168.0.0/16 is my mail server as well as the machine 192.168.1.92 which appears to be doing the relaying of mail for this incident. I think I have this correct unless anyone sees something I don't...
