Reputation: 703
Postfix Dovecot thousands of emails seem to come from local server to local mailbox
I have been using this setup for many years Workaround
I just updated my server to the latest guide (Buster) and it was working good for a month.
I have DMARC setup
v=DMARC1; p=quarantine; sp=none; rua=mailto:[email protected]; ruf=mailto:[email protected]; rf=afrf; pct=100; ri=86400
I have SPF setup. I understand that this is a soft fail.
v=spf1 mx a ip4:XX.XX.XX.XX/27 ~all
And I have DKIM setup as well
v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQE...public key
I have tested these with mxtoolbox.com and they seem to be fine.
My master.cf is
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
And my main.cf is
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.2.0/24
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mail.example.org
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, mail.example.org, mail3.example.org, localhost.example.org, localhost
relayhost =
I have received hundreds of thousands of emails to a specific account from that account like this:
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from mail.example.org
by mail.example.org with LMTP
id wD98AeFp/F8WUgAASGYJ/Q
(envelope-from <[email protected]>)
for <[email protected]>; Mon, 11 Jan 2021 10:08:17 -0500
Received: by mail.example.org (Postfix, from userid 65534)
id 06C412449DA; Mon, 11 Jan 2021 08:11:36 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=example.org;
s=2020122201; t=1610370697; h=from:from:sender:reply-to:subject:subject:date:date:
message-id:message-id:to:to:cc:mime-version:content-type:
content-transfer-encoding:in-reply-to:references;
bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=;
b=kDMb7uDRl/dzTXWGMi75Cx0OgKvqDTgzuMgBD8bsFzDCAYFgd3csm78WFY2XoLjq30BqTD
c3k4lwsvACLKhWK8L3j+l9AsX6lnJBzs7N7OBXWf6VN2U5Wdb3OSLjvyI20DOlwW/6sd94
lRC446wHCsex4iP7XOJXRaJo4+bH7NY=
To: [email protected]
Subject: Support [TICKET 1877258] [TICKET 1877259]
From: Archie Support <[email protected]>
Message-Id: <[email protected]>
Date: Mon, 11 Jan 2021 08:11:36 -0500 (EST)
Can anyone please help and let me know if there is an issue with my config? It seems that now my server is also listed on a couple of blacklists.
Any ideas are appreciated.
Upvotes: 0
Views: 184
Answers (1)
Reputation: 703
Turned out to be a loop. Someone connected and guessed an account that was an alias, that would then reply to the sender and forward the email to some other account.
All-in-all a good excuse to enjoy a 12-pack while reading mail logs...
Upvotes: 1
Related Questions
- Postfix/dovecot email sent but not received
- Setting up postfix and dovecot and having authenticity failed issues
- Postfix - Dovecot | Mail received in the logs but nothing in my mails on the client
- Dovecot does not delete mails
- SMTP Relay Sending a copy of every email and relay
- Mail loops back to myself
- possible attack on postfix server
- How to deliver an email to a large number of local users directly via doveadm
- Postfix/Dovecot - Mail not delivered
- Debian postfix mail server