We are using Suse 9.0 Professional. I am getting email that is claiming
to be from my domain and the Posfix logs confirm it is from an outside
IP. After searching the logs, I figured out where the connection
initiated, and then the regular smtp traffic proceeded with the spoofed
email address (user@mydomain.com) to my real users email address
realusers@mydomain.com). The unique identifiers helped me correspond
the traffic. There were two other email sessions that based on their
unique identifier did not have the full smtp process. For example, this
is all that is entered in the logs for the unique process. I usually
see a connect and disconnect process before and after this and the
random character user does not exisit! BTW, this is a mail gateway for
Exchange.
Any ideas??
Jul 20 11:54:59 gateway postfix/smtp[10247]: 649E6AD30:
to=