Re: non-existent users submitting email qmgr as localhost

On 12/18/2015 12:18 PM, Ben Greenfield wrote: > >> On Dec 18, 2015, at 12:35 PM, Noel Jones wrote: >> - consider using >> http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch >> to reject messages where the MAIL FROM address doesn't match the >> SASL username. This won't prevent t

Re: non-existent users submitting email qmgr as localhost

> On Dec 18, 2015, at 12:35 PM, Noel Jones wrote: > > On 12/17/2015 4:16 PM, Ben Greenfield wrote: >> I reset rgarrity’s password and things have been quiet. >> >> In my effort to understand what was happening let me describe what I think >> happened. >> >> Someone got ahold of rgarrity’s pa

Re: non-existent users submitting email qmgr as localhost

On 12/17/2015 4:16 PM, Ben Greenfield wrote: > I reset rgarrity’s password and things have been quiet. > > In my effort to understand what was happening let me describe what I think > happened. > > Someone got ahold of rgarrity’s password. Yes. (or rgarrity went rogue) > With that password t

Re: non-existent users submitting email qmgr as localhost

I reset rgarrity’s password and things have been quiet. In my effort to understand what was happening let me describe what I think happened. Someone got ahold of rgarrity’s password. With that password they were able to craft emails with forged headers that appeared to spawn new messages to di

Re: non-existent users submitting email qmgr as localhost

On 12/17/2015 4:03 PM, Ben Greenfield wrote: > Thank your for the tips. > > I just found this which looked wrong to me. > > I got this 433039B83D9A message id from the bad message sent by > bjbear...@cogs.com . Then I traced it > back and see the message id come from an

Re: non-existent users submitting email qmgr as localhost

>] För Ben Greenfield > Skickat: den 17 december 2015 22:02 > Till: postfix-users@postfix.org <mailto:postfix-users@postfix.org> > Ämne: non-existent users submitting email qmgr as localhost > > Hey All, > > I’m truly lost on this. > > I suddenly I’m receiving

SV: non-existent users submitting email qmgr as localhost

list on the server? Check that the mailing list software isn’t compromised. Från: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] För Ben Greenfield Skickat: den 17 december 2015 22:02 Till: postfix-users@postfix.org Ämne: non-existent users submitting email qmgr as

non-existent users submitting email qmgr as localhost

Hey All, I’m truly lost on this. I suddenly I’m receiving email at my qmgr delivered by localhost 127.0.0.1. The email all end in cogs.com but none of them addresses are ours. Search the message ID of the spoofed email and the first appearance in the log is always qmgr and the mail was receive