On Sat, Oct 22, 2016 at 04:15:41PM +0200, Paul van der Vlis wrote: > Op 22-10-16 om 13:41 schreef Wietse Venema: > > Bill Cole: > >>> Received: from [127.0.0.1] (87-92-55-206.bb.dnainternet.fi > >>> [87.92.55.206]) > >>> (Authenticated sender: p...@puk.nl) > >>> by mail.vandervlis.nl (Postfix) with ESMTPSA id 774B23E0285; > >>> Fri, 21 Oct 2016 18:57:14 +0200 (CEST) > >>> ---- > >>> As would my server sent it to my server... > >> > >> Not exactly. That Received header indicates that the machine > >> T 87.92.55.206 which is actually named > >> 87-92-55-206.bb.dnainternet.fi introduced itself with "EHLO > >> [127.0.0.1]" on an encrypted session and proceeded to > >> authenticate as the user whose name you've replaced with > >> p...@puk.nl. > > > > Thanks, I missed that. > > Is the conclusion now, that Postfix is relaying here?
The only actual conclusion is that you have failed to put forth the necessary information, as Bill [I think] pointed you to the http://www.postfix.org/DEBUG_README.html#mail link. What appears to be most likely, if we were given adequate information, is that an account has been compromised, and a botnet uses those credentials to relay spam through you. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
