Today as i opened my mail i was flooded with Undelivered Mail Returned to Sender emails about 3000 of them. I read a post here from someone back a few years ago about an exploit that sounds like what i am getting now.
http://forum.spamcop.net/forums/index.php?showtopic=10734 Now i ran a open relay check on my server and it passed clean. here is a returned email from a random server _____________________________________________________________________________ Return-Path: <wulfman[at]wulfman.com> Received: from localhost (wulfman [127.0.0.1]) by wulfman.com (Postfix) with ESMTP id C6A991FA41 for <25-131-807-2043[at]phone.com>; Wed, 25 Dec 2013 10:13:33 -0800 (PST) X-Virus-Scanned: by amavisd-new-2.5.4 (20080312) (Debian) at wulfman.com Received: from wulfman.com ([127.0.0.1]) by localhost (wulfman.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TIvQt3AJHznZ for <25-131-807-2043[at]phone.com>; Wed, 25 Dec 2013 10:13:32 -0800 (PST) Received: from wulfman.com (NS29.NAXZA.com [61.19.251.188]) by wulfman.com (Postfix) with ESMTPA id D18F11FA3F for <25-131-807-2043[at]phone.com>; Wed, 25 Dec 2013 10:13:31 -0800 (PST) Date: Thu, 26 Dec 2013 1:13:29 +0700 From: "=?utf-8?Q?Dina_Knisely?=" <wulfman[at]wulfman.com> Organization: gcxn X-Priority: 3 (Normal) Message-ID: <1370481270.20131226011329[at]wulfman.com> To: 25-131-807-2043[at]phone.com Subject: =?utf-8?Q?=D1=B5=C3=AE=E1=BA=A1=E1=B8=A0=C5=97=E1=BA=A1?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit http://palmedic.org/engineercharitypetersc....php?uid5520731 <http://palmedic.org/engineercharitypeterscott/musicnews/zcount.php?uid5520731> ________________________________________________________________________________ as you can see NS29.NAXZA.com [61.19.251.188] is not my ip address I added the fix that was in the older post but i do not think it has taken care of the problem I can not find this problem anywhere. After looking in the mail logs my server is being hit hard with these bounce attempts with the forged headers I am using the latest version of postfix from debian which is not the latest from postfix postfix mail_version = 2.9.6 i just upgraded 3 days ago via an apt-get update and upgrade maybe somebody can help me out on this one or has just started seeing this behavior on their server today
