> [email protected] wrote: >> >> >> I am seeing a few spams coming through with a from address (seen on my >> postfix logs) that does not match the "From" address shown on my users >> Outlook. In fact my users are seeing a "From" address as their own, >> something that my postfix server currently does not allow using >> mynetworks and permitting this using smtpd_recipient_restrictions. > > Does it possibly have a From line that looks like this: > > From: "[email protected]"
I am not seeing a rcpt to that shows a different from address on my postfix logs. > Postfix will (correctly) consider the address in angle brackets as the > actual address, but Outlook (and many other mail clients) will hide that > and display the part in quotes, as it will interpret that as the > sender's name. > > Mark One item possibly worthy of noting is that I did see this entry in my postfix logs on a connection to the same site that sent the forged email: enabling PIX workarounds: disable_esmtp delay_dotcrlf for remote-mta.example.com My main.cf does not have any such entries defined, but postconf | grep -i pix does give this: lmtp_pix_workaround_delay_time = 10s lmtp_pix_workaround_maps = lmtp_pix_workaround_threshold_time = 500s lmtp_pix_workarounds = disable_esmtp,delay_dotcrlf smtp_pix_workaround_delay_time = 10s smtp_pix_workaround_maps = smtp_pix_workaround_threshold_time = 500s smtp_pix_workarounds = disable_esmtp,delay_dotcrlf .vp
