On Sat, Oct 17, 2020 at 08:41:25PM -0700, Rich Wales wrote:
> Received: from memoryalpha.richw.org ([127.0.0.1])
> by localhost (memoryalpha.richw.org [127.0.0.1]) (amavisd-new, port
> 10024)
> with ESMTP id D0t9j6VORyNH for <andrea_ma...@yahoo.ca>;
> Thu, 15 Oct 2020 14:48:06 -0700 (PDT)
> Received: from [154.91.34.144] (localhost [127.0.0.1])
> by memoryalpha.richw.org (Postfix) with ESMTP id 4CC2vp5WmFz87Jy
> for <andrea_ma...@yahoo.ca>; Thu, 15 Oct 2020 14:48:06 -0700 (PDT)
> From: ScotiaInfoAlerts Communications
> <communications.reference.437...@novascotia.com>
> Message-Id: <4cc2vp5wmfz8...@memoryalpha.richw.org>
>
> Note that the chronologically last "Received:" line says the message was
> received from 154.91.34.144 -- an IP address with no hostname, in a
> range assigned (according to WHOIS) to Hong Kong.
No, it says no such thing. It says the EHLO name was [154.91.34.144],
the client IP was however 127.0.0.1. It seems you have some sort of
proxy or NAT in place that masks the real external IP address, making
all connections appear to originate from 127.0.0.1. That would sure
explain your spam innundation problem.
> I'm not sure what the parenthesized reference to "(localhost
> [127.0.0.1])" in this "Received:" line means. Does this mean that the
> client host falsely identified itself with "HELO localhost"?
No, the other way around.
> Oct 15 14:48:06 memoryalpha postfix/postscreen[18030]: CONNECT from
> [127.0.0.1]:52138 to [127.0.0.1]:25
Same NAT or proxy issue.
--
Viktor.
