On 2/1/2010 1:57 AM, Dimitrios Karapiperis wrote:
> Hi there
> I have a Postfix installation (postfix-2.6.5-1.rhel5) and I relay a
> couple of remote ip addresses
> (static adsl) of remote sites.
> I cannot figure out how a spam originator fired some e-mails through my
> mail server
> using a specific remote IP, which was relayed
> Return-Path: <oqoxlcfs@...>
> Received: from hhyllw (smtp.domain.tld[111.222.333.444])
> by smtp.thessaloniki.gr (Postfix) with ESMTP id 8DB72180C1
> for <jrochez@...>; Mon, 1 Feb 2010 08:49:00 +0200 (EET)
> Received: from beoeb ([xxx.yyy.zzz.ccc])
> by EADYCSRY (8.13.4/8.13.4) with SMTP id u4231584378453i6Ib016100
> for <jrochez@...>; Mon, 01 Feb 2010 08:48:56 +0200 (CDT)
> The 111.222.333.444 is the relayed trusted ip and xxx.yyy.zzz.ccc is the
> malicious one.
> How can I prevent such things?????
> Thanks in advane
It is extremely difficult to spoof the source IP of a full
SMTP transaction, no spammer would ever bother trying. Be
assured that the mail really did come from your trusted IP.
The likely possibilities are:
- Trusted IP is running a mail server and accepted the spam,
which was then forwarded to you. (maybe an infected LAN client?)
- Trusted IP is infected with a virus.
This will need to be fixed on the Trusted IP end.
If you need further help with this, we'll need full details of
both your postfix config and the Trusted IP.
-- Noel Jones