I've just received a 'open enclosed ZIP' email, looking at the header, it was sent from non-resolving host, which I thought my Postfix should refuse
have I got something missing in my config, or am I misinterpreting logs again ? -------------- smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_recipient_access hash:/etc/postfix/recipient_no_checks, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_invalid_hostname, reject_non_fqdn_hostname, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname, reject_unlisted_recipient, check_sender_access hash:/etc/postfix/freemail_access, check_recipient_access pcre:/etc/postfix/recipient_checks.pcre, check_helo_access hash:/etc/postfix/helo_checks, check_sender_access hash:/etc/postfix/sender_checks, check_client_access hash:/etc/postfix/client_checks, check_client_access pcre:/etc/postfix/client_checks.pcre, reject_rbl_client zen.spamhaus.org, reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, reject_rbl_client psbl.surriel.com, reject_rbl_client bl.spamcop.net, reject_rhsbl_sender dsn.rfc-ignorant.org, check_policy_service inet:127.0.0.1:10031, permit -------------- header is; ------------ Return-Path: <[email protected]> Delivered-To: <[email protected]> Received: from mailhost.sbt.net.au by mailhost.sbt.net.au (Dovecot) with LMTP id 6N2sMSGOPlD3RwAAyLbbsQ for <[email protected]>; Thu, 30 Aug 2012 07:48:56 +1000 Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.sbt.net.au (Postfix) with ESMTP id 33A1A380E84 for <[email protected]>; Thu, 30 Aug 2012 07:48:56 +1000 (EST) X-Virus-Scanned: amavisd-new at sbt.net.au X-Spam-Flag: NO X-Spam-Score: 2.616 X-Spam-Level: ** X-Spam-Status: No, score=2.616 required=5.8 tests=[BAYES_20=-0.001, RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_XBL=0.375, RDNS_NONE=0.793] autolearn=no Received: from mailhost.sbt.net.au ([127.0.0.1]) by localhost (mailhost.sbt.net.au [127.0.0.1]) (amavisd-new port 10024) with LMTP id ZEo5s1z0_GI2 for <[email protected]>; Thu, 30 Aug 2012 07:48:22 +1000 (EST) Received: from [201.218.211.131] (unknown [201.218.211.131]) by mailhost.sbt.net.au (Postfix) with ESMTP id 7F62338029F for <[email protected]>; Thu, 30 Aug 2012 07:48:21 +1000 (EST) Received: from unknown (HELO vmms.mmsc.telstra.com) ([10.156.74.4]) by hmkt8-sms-irp05.msg.in.telstra.com.au with ESMTP; Wed, 29 Aug 2012 15:48:20 -0600 From: Telstra Online <[email protected]> To: Date: Wed, 29 Aug 2012 15:48:20 -0600 Subject: Telstra Online - Your Account Balance Message-ID: <[email protected]> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------ijbtdaw" ------------- host 201.218.211.131 Host 131.211.218.201.in-addr.arpa. not found: 3(NXDOMAIN) ----------------------- grep KJQELG3GPVSMKV /var/log/maillog Aug 30 07:48:22 postfix/cleanup[18366]: 7F62338029F: message-id=<[email protected]> Aug 30 07:48:56 postfix/cleanup[18428]: 33A1A380E84: message-id=<[email protected]> Aug 30 07:48:56 amavis[8662]: (08662-11) Passed CLEAN {RelayedInbound}, [201.218.211.131]:51624 [201.218.211.131] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: ZEo5s1z0_GI2, Hits: 2.616, size: 26447, queued_as: 33A1A380E84, 33395 ms Aug 30 07:48:56 dovecot: lmtp(18423, [email protected]): 6N2sMSGOPlD3RwAAyLbbsQ: msgid=<[email protected]>: saved mail to INBOX # grep 7F62338029F /var/log/maillog Aug 30 07:48:21 postfix/smtpd[18426]: 7F62338029F: client=unknown[201.218.211.131] Aug 30 07:48:22 postfix/cleanup[18366]: 7F62338029F: message-id=<[email protected]> Aug 30 07:48:22 postfix/qmgr[4326]: 7F62338029F: from=<[email protected]>, size=26447, nrcpt=1 (queue active) Aug 30 07:48:56 postfix/lmtp[18367]: 7F62338029F: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=35, delays=1.3/0/0/33, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 33A1A380E84) Aug 30 07:48:56 postfix/qmgr[4326]: 7F62338029F: removed # grep 33A1A380E84 /var/log/maillog Aug 30 07:48:56 postfix/smtpd[18400]: 33A1A380E84: client=localhost.localdomain[127.0.0.1] Aug 30 07:48:56 postfix/cleanup[18428]: 33A1A380E84: message-id=<[email protected]> Aug 30 07:48:56 postfix/qmgr[4326]: 33A1A380E84: from=<[email protected]>, size=27101, nrcpt=1 (queue active) Aug 30 07:48:56 amavis[8662]: (08662-11) Passed CLEAN {RelayedInbound}, [201.218.211.131]:51624 [201.218.211.131] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: ZEo5s1z0_GI2, Hits: 2.616, size: 26447, queued_as: 33A1A380E84, 33395 ms Aug 30 07:48:56 postfix/lmtp[18367]: 7F62338029F: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=35, delays=1.3/0/0/33, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 33A1A380E84) Aug 30 07:48:56 postfix/lmtp[18422]: 33A1A380E84: to=<[email protected]>, relay=mailhost.sbt.net.au[private/dovecot-lmtp], delay=0.09, delays=0.02/0.01/0/0.06, dsn=2.0.0, status=sent (250 2.0.0 <[email protected]> 6N2sMSGOPlD3RwAAyLbbsQ Saved) Aug 30 07:48:56 postfix/qmgr[4326]: 33A1A380E84: removed
