Proxy:
> Hello,
>
> I'm seeing lot of emails coming from local IP address trying to send
> message to non existing accounts. Sending accounts are valid and even
> authenticated. They all try to send messages to domain matching the
> sending one. For example:
>
> supp...@example.org -> u...@example.org
> supp...@example.net -> u...@example.net
>
> and so on. support@* is valid, user@* is not. In logs they are coming
> from inet_interfaces address set in main.cf. This is the handshake part:
>
> Out: 220 mail.example.com ESMTP Postfix
> In: EHLO localhost.localdomain
> Out: 250-mail.example.com
> Out: 250-PIPELINING
> Out: 250-SIZE 24800000
To find out which processes have a connection to or from port 25,
# lsof -Pi | grep :25 (must run as root to see all processes)
On Linux,
# netstat -np | grep :25 (must run as root to see all processes)
is an alternative if your system does not have lsof.
Wietse
