email hacking attempt?
Jonesy
SPAM_TRAP_gmane at jonz.net
Mon Mar 1 14:21:53 UTC 2021
On Mon, 1 Mar 2021 07:42:00 -0500 (EST), Robert Heller wrote:
> At Mon, 01 Mar 2021 09:10:13 +0000 dave at thefletchers.net wrote;
>>
>> I keep getting from time to time rejection entries in my postfix logs
>> of the following kind:-
>>
>> Feb 28 13:47:05 ServerIV postfix/smtpd[37050]: NOQUEUE: reject: RCPT
>> from sender48-eu-west-1-p.emailage.com[52.212.158.48]: 550 5.1.1 <
>> 5ea11ebd64854dfbbe03377e at thefletchers.net>: Recipient address rejected:
>> User unknown in local recipient table; from=<smtp at emailage.com> to=<
>> 5ea11ebd64854dfbbe03377e at thefletchers.net> proto=SMTP
>> helo=<emailage.com>
>>
>> This is obviously never going to be a valid email address so I wonder
>> what is going on here? Are these attempting to exploit some known
>> buffer overflow or other flaw in a mail server?
>
> The sender is just "guessing" E-Mail addresses. It is not uncommon to use a
> wildcard address for virtual E-Mail addresses in the /etc/postfix/virtual
> table.
I believe you are curious as to why you see these rejections.
It's because the spammer is forging your email address in the From:
header of the spam. What you see is called "Backscatter".
Jonesy
--
Marvin L Jones | Marvin | W3DHJ.net | linux
38.238N 104.547W | @ jonz.net | Jonesy | FreeBSD
* Killfiling google & XXXXbanter.com: jonz.net/ng.htm
More information about the ubuntu-users
mailing list