From address spoofing my domain
@lbutlr
kremels at kreme.com
Sat Mar 19 23:01:34 CET 2016
On Mar 19, 2016, at 3:47 PM, @lbutlr <kremels at kreme.com> wrote:
> A user has been getting a lot of spam with headers that look something like this:
>
> From: Bosley at covisp.net, Hair at covisp.net, Restoration at covisp.net
One other detail, these are emails that SHOULD be getting quarantined. Here is one to that same user from a couple of days ago:
Mar 17 08:24:16 mail amavis[32815]: (32815-11) Passed SPAM {RelayedOpenRelay,Quarantined}, [127.0.0.1] [92.63.96.246] <contact at aspmx3.incrustment.com> -> <backup at southgaylord.com>,<user1 at sqldomain.tld>, quarantine: spam-lNjPXhL4sHt2.gz, Message-ID: <4045e937a81af6f206d718e539ed1606 at gmx.com>, mail_id: lNjPXhL4sHt2, Hits: 7.534, size: 2178, queued_as: 3qQrFr5PjgzpKv0, 1081 ms
Could it be the always_bcc setting in postfix that is causing Amavisd to error out? If so, how do I keep both the backup bcc and amavisd happy?
--
The Germans wore gray, you wore blue.
More information about the amavis-users
mailing list