On 02/10/14 16:49, Viktor Dukhovni wrote: > On Thu, Oct 02, 2014 at 04:10:04PM +0200, Daniele Nicolodi wrote: > >>> Oct 2 13:50:59 zed postfix/smtpd[1063]: NOQUEUE: reject: RCPT from >>> bay004-omc1s27.hotmail.com[65.54.190.38]: 450 4.1.8 >>> <account-security-nore...@account.microsoft.com>: Sender address rejected: >>> Domain not found; from=<account-security-nore...@account.microsoft.com> >>> to=<r...@grinta.net> proto=ESMTP helo=<BAY004-OMC1S27.hotmail.com> >>> Oct 2 13:50:59 zed postfix/smtpd[1063]: disconnect from >>> bay004-omc1s27.hotmail.com[65.54.190.38] >> >> with minimum editing to prevent disclosing email addresses and clients, >> and where the last email rcpt attemt is repeated a few times. >> >> So, it seems that hotmail is trying to send something to the forwarded >> address, but in a weird way, which seems to be correctly rejected by my >> Postfix server. > > I bet the user's account has an auto-responder configured. The > auto-responder sends mail from the bogus domain in question. > Sometimes such accounts are compromised and the auto-responder is > configured by a scammer.
Sending a message directly to the user account does not result in a delivery attempt from account.microsoft.com, therefore I believe there is not an auto-responder in action on the user account. However, I fail to see how the auto-responder would send mail from a scammer controlled domain. If it is an auto-responder configured on the hotmail service, the automatic response should originate from hotmail. I'm I missing something? > If Microsoft really sends notices from a non-existent domain, shame > on them. That's the only conclusion I can draw from the observations. Thank you. Cheers, Daniele
