I received an obvious fishing mail today from ad...@p27.eu (my own domain). I appear not to be running an open relay (say the sorts of websites that offer to check these things), and yet this happened:
Dec 15 11:58:03 nantes-1 postfix/smtpd[31118]: warning: hostname hosted-by.rootlayer.net does not resolve to address 185.222.57.81 Dec 15 11:58:03 nantes-1 postfix/smtpd[31118]: connect from unknown[185.222.57.81] Dec 15 11:58:03 nantes-1 postfix/smtpd[31118]: 8AFC8FF74D: client=unknown[185.222.57.81] Dec 15 11:58:03 nantes-1 postfix/cleanup[31161]: 8AFC8FF74D: message-id=<20201215025803.2e9d962210e40...@p27.eu> Dec 15 11:58:03 nantes-1 opendkim[1637]: 8AFC8FF74D: [185.222.57.81] [185.222.57.81] not internal Dec 15 11:58:03 nantes-1 opendkim[1637]: 8AFC8FF74D: not authenticated Dec 15 11:58:03 nantes-1 opendkim[1637]: 8AFC8FF74D: no signature data Dec 15 11:58:03 nantes-1 postfix/qmgr[17671]: 8AFC8FF74D: from=<ad...@p27.eu>, size=2422, nrcpt=1 (queue active) Dec 15 11:58:03 nantes-1 postfix/smtpd[31118]: disconnect from unknown[185.222.57.81] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 Dec 15 11:58:03 nantes-1 dovecot: lda(jeff): msgid=<20201215025803.2e9d962210e40...@p27.eu>: saved mail to INBOX Dec 15 11:58:03 nantes-1 postfix/local[31162]: 8AFC8FF74D: to=<j...@p27.eu>, relay=local, delay=0.12, delays=0.08/0.01/0/0.03, dsn=2.0.0, status=sent (delivered to command: /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -m "${EXTENSION}") Dec 15 11:58:03 nantes-1 postfix/qmgr[17671]: 8AFC8FF74D: removed The received mail had headers that looked like this: Return-Path: <ad...@p27.eu> X-Original-To: j...@p27.eu Delivered-To: j...@p27.eu Received: from p27.eu (unknown [185.222.57.81]) by nantes-1.p27.eu (Postfix) with ESMTP id 8AFC8FF74D for <j...@p27.eu>; Tue, 15 Dec 2020 11:58:03 +0100 (CET) From: p27.eu <ad...@p27.eu> To: j...@p27.eu Subject: =?UTF-8?B?TGEgc2Vzc2lvbiBhIGV4cGlyw6kg?=p27.eu Date: 15 Dec 2020 02:58:03 -0800 Message-ID: <20201215025803.2e9d962210e40...@p27.eu> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0012_893BC42D.902C898B" Am I reading this wrong? Why was that able to happen? I would have expected a reject because something that is not my domain claimed to be sending mail from my domain without authentication. -- Jeff Abrahamson +33 6 24 40 01 57 +44 7920 594 255 http://p27.eu/jeff/ http://transport-nantes.com/