Jeroen Geilman put forth on 9/14/2010 5:56 PM: > On 09/14/2010 04:42 PM, Christian Rößner wrote: >> Sep 11 10:34:36 mx0 postfix/lmtp[29594]: 40FC3520A6: >> to=<ad4f0.5040...@roessner-net.com>, relay=127.0.0.1[127.0.0.1]:24, >> delay=0.39, delays=0.19/0.06/0.01/0.13, dsn=5.1.1, status=bounced >> (host 127.0.0.1[127.0.0.1] > > Who is that ?
ad4f0.5040...@roessner-net.com is a message-ID, not an email address. >> said: 550 5.1.1<ad4f0.5040...@roessner-net.com> User doesn't exist: >> ad4f0.5040...@roessner-net.com (in reply to RCPT TO command)) > > It isn't postfix - postfix is SENDING the message there. Spammers scrape the web for email addresses, and end up grabbing message-IDs as well when they scour public mailing list archive posts. They don't ignore headers, so they end up scraping message-IDs as well as real email addresses. Then they send spam to that message-ID thinking it's an email address. The RHS is correct, so your Postfix server initially accepts it. You're apparently relaying to a content filter before doing recipient address verification. If you performed address verification first, the connection would be rejected with "User unknown in local recipient table" or similar, depending on your Postfix configuration (local, virtual, relay, etc). -- Stan
