not an open relay, but something happened

Tue, 15 Dec 2020 03:17:54 -0800 

I received an obvious fishing mail today from [email protected] (my own
domain).  I appear not to be running an open relay (say the sorts of
websites that offer to check these things), and yet this happened:

    Dec 15 11:58:03 nantes-1 postfix/smtpd[31118]: warning: hostname
    hosted-by.rootlayer.net does not resolve to address 185.222.57.81
    Dec 15 11:58:03 nantes-1 postfix/smtpd[31118]: connect from
    unknown[185.222.57.81]
    Dec 15 11:58:03 nantes-1 postfix/smtpd[31118]: 8AFC8FF74D:
    client=unknown[185.222.57.81]
    Dec 15 11:58:03 nantes-1 postfix/cleanup[31161]: 8AFC8FF74D:
    message-id=<[email protected]>
    Dec 15 11:58:03 nantes-1 opendkim[1637]: 8AFC8FF74D: [185.222.57.81]
    [185.222.57.81] not internal
    Dec 15 11:58:03 nantes-1 opendkim[1637]: 8AFC8FF74D: not authenticated
    Dec 15 11:58:03 nantes-1 opendkim[1637]: 8AFC8FF74D: no signature data
    Dec 15 11:58:03 nantes-1 postfix/qmgr[17671]: 8AFC8FF74D:
    from=<[email protected]>, size=2422, nrcpt=1 (queue active)
    Dec 15 11:58:03 nantes-1 postfix/smtpd[31118]: disconnect from
    unknown[185.222.57.81] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
    Dec 15 11:58:03 nantes-1 dovecot: lda(jeff):
    msgid=<[email protected]>: saved mail to INBOX
    Dec 15 11:58:03 nantes-1 postfix/local[31162]: 8AFC8FF74D:
    to=<[email protected]>, relay=local, delay=0.12, delays=0.08/0.01/0/0.03,
    dsn=2.0.0, status=sent (delivered to command:
    /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -m "${EXTENSION}")
    Dec 15 11:58:03 nantes-1 postfix/qmgr[17671]: 8AFC8FF74D: removed

The received mail had headers that looked like this:

    Return-Path: <[email protected]>
    X-Original-To: [email protected]
    Delivered-To: [email protected]
    Received: from p27.eu (unknown [185.222.57.81])
        by nantes-1.p27.eu (Postfix) with ESMTP id 8AFC8FF74D
        for <[email protected]>; Tue, 15 Dec 2020 11:58:03 +0100 (CET)
    From: p27.eu <[email protected]>
    To: [email protected]
    Subject: =?UTF-8?B?TGEgc2Vzc2lvbiBhIGV4cGlyw6kg?=p27.eu
    Date: 15 Dec 2020 02:58:03 -0800
    Message-ID: <[email protected]>
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
        boundary="----=_NextPart_000_0012_893BC42D.902C898B"

Am I reading this wrong?  Why was that able to happen?  I would have
expected a reject because something that is not my domain claimed to be
sending mail from my domain without authentication.

-- 
Jeff Abrahamson
+33 6 24 40 01 57
+44 7920 594 255

http://p27.eu/jeff/
http://transport-nantes.com/

Reply via email to