A Postfix open relay?? Who, me?

By John Bowen, 8 August, 2008

Earlier this week, I started receiving emails (apparently) from the folks at junkemailfilter.com. Actually, the messages are from unmonitored accounts on their mail servers, but let's not split hairs. The point is, jef is passing rejected email messages 'back' to me...apparently they're seeing (and stopping) spam messages that originated on my own mail server.

It looks like the header entry that's earning me the warning is this one, and others like it:

Received:
from mail.MyReplacedDomain.com ([xxx.xxx.xxx.xxx]) by pascal.junkemailfilter.com with esmtp (Exim 4.68) id 1KRTLJ-000764-Kw on interface=65.49.42.60 for events1@lapartydesigns.com; Fri, 08 Aug 2008 07:53:27 -0700

I've x'd out my IP (though it's not that big of a secret, I guess). I've been through my mail logs, and there is no record of these messages being passed through my Postfix installation. I've also run open relay tests against my installation from njabl.org and abuse.net. It all looks good...

Can parts of the 'Received' header be forged by a spammer? I'd have to think that if there is no evidence of these messages passing through the mail logs in my server, they never actually went through it. If that's the case, then the headers are faked...?

Filtered HTML

  • Web page addresses and email addresses turn into links automatically.
  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.