Hi to all,
today something weird happened. My server received a message to a non existing
mailbox and subdomain. Here are the loglines (i removed the domain names to the
original recipient):
---SNIP---
Feb 5 05:18:13 webbox444 postfix/smtpd[12146]: D9568540386:
client=ppp-61-90-87-109.revip.asianet.co.th[61.90.87.109]
Feb 5 05:18:15 webbox444 postfix/cleanup[7937]: D9568540386:
message-id=<000901caa61a$38dfc4f0$00426...@sdggtssthg>
Feb 5 05:18:15 webbox444 postfix/qmgr[15032]: D9568540386:
from=<gqpnhkmvbnk...@stainedglass.co.uk>, size=807, nrcpt=2 (queue active)
Feb 5 05:18:15 webbox444 postfix/smtp[10656]: D9568540386:
to=<zirkel.in...@removed>, relay=none, delay=2.2, delays=2.2/0/0/0, dsn=5.4.6,
status=bounced (mail for REMOVED loops back to myself)
Feb 5 05:18:20 webbox444 postfix/smtp[10650]: D9568540386:
to=<kanister.sogenann...@stoxx.orkanspaltung.de>,
relay=mx.selfip.biz[217.11.54.110]:25, delay=6.7, delays=2.2/0/3.4/1,
dsn=5.7.1, status=bounced (host mx.selfip.biz[217.11.54.110] said: 554 5.7.1
The recipient definitively does not want your mail. It will not be delivered
but analyzed again. We may feed it to a spam blacklist. (in reply to end of
DATA command))
Feb 5 05:18:20 webbox444 postfix/bounce[11373]: D9568540386: sender
non-delivery notification: 224A054038F
Feb 5 05:18:20 webbox444 postfix/qmgr[15032]: D9568540386: removed
---SNAP---
The sending host 61-90-87-109.revip.asianet.co.th has no authentication on my
box (neither sasl nor pop-before-smtp). Ok, the mail has been bounced to this
non existing sender and all, but postfix has done another action, and that's
the weird part. Another mail has been forwarded
tokanister.sogenann...@stoxx.orkanspaltung.de (received by mx.selfip.biz),
which is not on my box, and is a spamtrap, and this caused an instant
blacklisting *sigh*.
Here is the header from the mail received by mx.selfip.biz:
Return-Path: <gqpnhkmvbnk...@stainedglass.co.uk>
X-Original-To: kanister.sogenann...@spamtrap.invalid
Received: from REMOVED(myserver!) (REMOVED) [83.x.x.x])
by mx.selfip.biz (Postfix) with ESMTP
for <kanister.sogenann...@spamtrap.invalid>; Fri, 5 Feb 2010 05:18:11
+0100 (CET)
Received: from ppp-61-90-87-109.revip.asianet.co.th
(ppp-61-90-87-109.revip.asianet.co.th [61.90.87.109])
by REMOVED (Postfix) with ESMTP id D9568540386;
Fri, 5 Feb 2010 05:18:13 +0100 (CET)
Date: Fri, 05 Feb 2010 11:18:08 +0700
Message-ID: <000901caa61a$38dfc4f0$00426...@sdggtssthg>
From: "Jackpot Club" <gqpnhkmvbnk...@stainedglass.co.uk>
To: <zirkel.in...@removed>
CC: kanister.sogenann...@spamtrap.invalid
Subject: Erhalten Sie einen Bonus bei Euro Jackpot!
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
As you can see the spamtrap is in CC. Why did postfix forward the mail without
any authentication to a foreign host? I don't get it.
Thanks.
Andreas
