> No, it says no such thing. It says the EHLO name was [154.91.34.144],
> the client IP was however 127.0.0.1. It seems you have some sort of
> proxy or NAT in place that masks the real external IP address, making
> all connections appear to originate from 127.0.0.1. That would sure
> explain your spam innundation problem.
Thanks. I was actually thinking something of the sort myself -- my
server is indeed behind a separate firewall appliance.
However, other e-mail (such as your recent reply to my inquiry) is NOT
exhibiting this same NAT/proxy addressing problem. The relevant
"Received:" line in my copy of your reply says the following (with line
wrapping to make it legible in an ASCII environment):
Received: from english-breakfast.cloud9.net
(english-breakfast.cloud9.net [168.100.1.7])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by memoryalpha.richw.org (Postfix)
with ESMTPS id 4CDQt72CNxz7t88
for <[email protected]>; Sat, 17 Oct 2020 20:51:27 -0700 (PDT)
Your e-mail (along with lots and lots of valid e-mail) appears to be
entering my server via exactly the same NAT/proxy path as the spam did.
I'll continue searching for any possible security hole on my firewall
appliance, though.
Rich Wales
[email protected]
