Jeroen Geilman put forth on 9/14/2010 5:56 PM: > On 09/14/2010 04:42 PM, Christian Rößner wrote: >> Sep 11 10:34:36 mx0 postfix/lmtp[29594]: 40FC3520A6: >> to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:24, >> delay=0.39, delays=0.19/0.06/0.01/0.13, dsn=5.1.1, status=bounced >> (host 127.0.0.1[127.0.0.1] > > Who is that ?
[email protected] is a message-ID, not an email address. >> said: 550 5.1.1<[email protected]> User doesn't exist: >> [email protected] (in reply to RCPT TO command)) > > It isn't postfix - postfix is SENDING the message there. Spammers scrape the web for email addresses, and end up grabbing message-IDs as well when they scour public mailing list archive posts. They don't ignore headers, so they end up scraping message-IDs as well as real email addresses. Then they send spam to that message-ID thinking it's an email address. The RHS is correct, so your Postfix server initially accepts it. You're apparently relaying to a content filter before doing recipient address verification. If you performed address verification first, the connection would be rejected with "User unknown in local recipient table" or similar, depending on your Postfix configuration (local, virtual, relay, etc). -- Stan
