On 9/6/2013 9:05 AM, Wietse Venema wrote: > Wijatmoko U. Prayitno: >> On Fri, 06 Sep 2013 16:43:27 +0300 >> wiseadmin <wisead...@gmail.com> wrote: >> >>> and the same message from postfix logs: >>> >>> /var/log/mail.log.1:Sep 5 17:10:06 cma postfix/pickup[17510]: A3E8C10BADF: >>> uid=1018 from=<stronges...@google.com> >> The email came from local user uid 1018 (service pickup). > > Good observation. This message did not come via SMTP. You have > a buggy web application.
The default spamassassin spamc/spamd install on many OSes defaults to reinjecting via pickup. I have the same setup. This isn't the problem. The problem is "Nigerian 419" from 41.0.0.0/8. Block this class A net in a CIDR table and this problem is solved, unless you are in Africa and need to accept email from Africa. I've been blocking this /8 basically forever. I also take the extra step of rejecting any connection that has 41/8 in the headers. -- Stan