From address spoofing my domain

@lbutlr kremels at
Sat Mar 19 23:01:34 CET 2016

On Mar 19, 2016, at 3:47 PM, @lbutlr <kremels at> wrote:
> A user has been getting a lot of spam with headers that look something like this:
> From: Bosley at, Hair at, Restoration at

One other detail, these are emails that SHOULD be getting quarantined. Here is one to that same user from a couple of days ago:

Mar 17 08:24:16 mail amavis[32815]: (32815-11) Passed SPAM {RelayedOpenRelay,Quarantined}, [] [] <contact at> -> <backup at>,<user1 at sqldomain.tld>, quarantine: spam-lNjPXhL4sHt2.gz, Message-ID: <4045e937a81af6f206d718e539ed1606 at>, mail_id: lNjPXhL4sHt2, Hits: 7.534, size: 2178, queued_as: 3qQrFr5PjgzpKv0, 1081 ms

Could it be the always_bcc setting in postfix that is causing Amavisd to error out? If so, how do I keep both the backup bcc and amavisd happy?

The Germans wore gray, you wore blue.

More information about the amavis-users mailing list