Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Date: Tue Sep 15 2009 - 10:31:53 CDT
> wiskbroomhotmail.com wrote:
>> I am seeing a few spams coming through with a from address (seen on my
>> postfix logs) that does not match the "From" address shown on my users
>> Outlook. In fact my users are seeing a "From" address as their own,
>> something that my postfix server currently does not allow using
>> mynetworks and permitting this using smtpd_recipient_restrictions.
> Does it possibly have a From line that looks like this:
> From: "real.addressyourcompany.tld"
I am not seeing a rcpt to that shows a different from address on my postfix logs.
> Postfix will (correctly) consider the address in angle brackets as the
> actual address, but Outlook (and many other mail clients) will hide that
> and display the part in quotes, as it will interpret that as the
> sender's name.
One item possibly worthy of noting is that I did see this entry in my postfix logs on a connection to the same site that sent the forged email:
enabling PIX workarounds: disable_esmtp delay_dotcrlf for remote-mta.example.com
My main.cf does not have any such entries defined, but postconf | grep -i pix does give this:
lmtp_pix_workaround_delay_time = 10s
lmtp_pix_workaround_threshold_time = 500s
lmtp_pix_workarounds = disable_esmtp,delay_dotcrlf
smtp_pix_workaround_delay_time = 10s
smtp_pix_workaround_threshold_time = 500s
smtp_pix_workarounds = disable_esmtp,delay_dotcrlf