not an open relay, but something happened

Tue, 15 Dec 2020 03:17:54 -0800 

I received an obvious fishing mail today from ad...@p27.eu (my own
domain).  I appear not to be running an open relay (say the sorts of
websites that offer to check these things), and yet this happened:

    Dec 15 11:58:03 nantes-1 postfix/smtpd[31118]: warning: hostname
    hosted-by.rootlayer.net does not resolve to address 185.222.57.81
    Dec 15 11:58:03 nantes-1 postfix/smtpd[31118]: connect from
    unknown[185.222.57.81]
    Dec 15 11:58:03 nantes-1 postfix/smtpd[31118]: 8AFC8FF74D:
    client=unknown[185.222.57.81]
    Dec 15 11:58:03 nantes-1 postfix/cleanup[31161]: 8AFC8FF74D:
    message-id=<20201215025803.2e9d962210e40...@p27.eu>
    Dec 15 11:58:03 nantes-1 opendkim[1637]: 8AFC8FF74D: [185.222.57.81]
    [185.222.57.81] not internal
    Dec 15 11:58:03 nantes-1 opendkim[1637]: 8AFC8FF74D: not authenticated
    Dec 15 11:58:03 nantes-1 opendkim[1637]: 8AFC8FF74D: no signature data
    Dec 15 11:58:03 nantes-1 postfix/qmgr[17671]: 8AFC8FF74D:
    from=<ad...@p27.eu>, size=2422, nrcpt=1 (queue active)
    Dec 15 11:58:03 nantes-1 postfix/smtpd[31118]: disconnect from
    unknown[185.222.57.81] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
    Dec 15 11:58:03 nantes-1 dovecot: lda(jeff):
    msgid=<20201215025803.2e9d962210e40...@p27.eu>: saved mail to INBOX
    Dec 15 11:58:03 nantes-1 postfix/local[31162]: 8AFC8FF74D:
    to=<j...@p27.eu>, relay=local, delay=0.12, delays=0.08/0.01/0/0.03,
    dsn=2.0.0, status=sent (delivered to command:
    /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -m "${EXTENSION}")
    Dec 15 11:58:03 nantes-1 postfix/qmgr[17671]: 8AFC8FF74D: removed

The received mail had headers that looked like this:

    Return-Path: <ad...@p27.eu>
    X-Original-To: j...@p27.eu
    Delivered-To: j...@p27.eu
    Received: from p27.eu (unknown [185.222.57.81])
        by nantes-1.p27.eu (Postfix) with ESMTP id 8AFC8FF74D
        for <j...@p27.eu>; Tue, 15 Dec 2020 11:58:03 +0100 (CET)
    From: p27.eu <ad...@p27.eu>
    To: j...@p27.eu
    Subject: =?UTF-8?B?TGEgc2Vzc2lvbiBhIGV4cGlyw6kg?=p27.eu
    Date: 15 Dec 2020 02:58:03 -0800
    Message-ID: <20201215025803.2e9d962210e40...@p27.eu>
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
        boundary="----=_NextPart_000_0012_893BC42D.902C898B"

Am I reading this wrong?  Why was that able to happen?  I would have
expected a reject because something that is not my domain claimed to be
sending mail from my domain without authentication.

-- 
Jeff Abrahamson
+33 6 24 40 01 57
+44 7920 594 255

http://p27.eu/jeff/
http://transport-nantes.com/

Reply via email to