Hi,
Thanks everyone for the replies. Sorry I can only answer this way now.
This is postconf -n: https://pastebin.com/SmZG9SxG
This is master.cf: https://pastebin.com/S6h83rxi
1)
Bastian Blank:
I started to check the steps on
http://www.postfix.org/DEBUG_README.html but it will take some time.
2)
Fred Morris:
Is the address in the Received: header your address or the spammer's
or someone else's?
This is an actual "Received" header of such a spam mail:
Received: from SOME.EXTERNAL.DOMAIN (SOME.EXTERNAL.DOMAIN [A.B.C.D])
by MY.MAIL.SERVER (Postfix) with ESMTP id 4AC1F8DF7D
for <myadr...@mydomain.com>; Mon, 14 Sep 2020 16:16:01 +0200 (CEST)
* Someone sends mail (using smtp auth) which is from their local
account and delivered locally?
I have sent a mail from my local account to myself with thunderbird:
https://pastebin.com/ZCfX5GXg
Also these are the headers of a "good" incoming mail (with lots of
headers added by rspamd): https://pastebin.com/qQvmKp1K
* Someone relays mail (using smtp auth) which is delivered locally?
I don't get this, sorry.
3)
Viktor Dukhovni:
But it was not at the top of the message headers! Unless the message
headers got reordered along the way, this header was NOT prepended by
Postfix.
Hmm... I'm sure I didn't reorder the headers.
Are you saying that someone has caught the content of this extra
header in an outbound mail and put it back when they send emails to me
mimicking that it was sent from my server? BTW I don't use the content
of this header anymore, it's just kind of a legacy stuff so it will be
removed.
Thanks again,
Zsombor
