On 18/10/2020 06:32, Viktor Dukhovni wrote: > On Sat, Oct 17, 2020 at 09:14:50PM -0700, Rich Wales wrote: > >> Thanks. I was actually thinking something of the sort myself -- my >> server is indeed behind a separate firewall appliance. >> >> However, other e-mail (such as your recent reply to my inquiry) is NOT >> exhibiting this same NAT/proxy addressing problem. The relevant >> "Received:" line in my copy of your reply says the following (with line >> wrapping to make it legible in an ASCII environment): > Well, that shows that a proxy is the more likely scenario, some process > listening on a non-loopback IP that passes SMTP connections through to > 127.0.0.1, or a NAT rule in your iptables... > >> I'll continue searching for any possible security hole on my firewall >> appliance, though. > The firewall appliance (if a separate device) cannot make connections > appear to originate from 127.0.0.1, only something running on your > machine itself can do that. So not much point looking there. > One thing I would suggest looking at is if there is a web server running on the same host it may be allowing email to be injected into postfix via smtp on the loopback interface using some scripting language like php or others.
John
