(05-08-2016, 08:19 PM)Ron-e Wrote: Sorry my knollage about this ends here, but it looks like it's coming from your server if you ask me..
(05-08-2016, 07:56 PM)americanninja Wrote: I am the only person that uses this server and it just has a handful of Drupal websites. If my email server was insecure, I assume spammers would be using my server for a lot more than it's being used now.How do you know that they aren't using it more? or just testing it?
Hi Ron-E. Well thanks for all the help you have given thus far. Well, what I would like to know is whether this person is sending the email to my server spoofing my email address or using my web/email server to send the emails. I'm hoping someone else comes across this thread and can answer that question.
As for now, I'm going to assume, since the lines state:
Received: from [41.60.100.77] (unknown [41.60.100.77])
by panel.MYDOMAIN.com (Postfix) with ESMTP id B0EDD16B025
for <contact@MYDOMAIN.com>; Sun, 8 May 2016 06:02:31 +0900 (JST)
I'm guessing this just means that my web/email server received the email destined for my email address with the spammer spoofing the same email address as the FROM address. Spamassassin picked it up as spam, tagged it, and then my email server forwarded it along to my gmail address which I have setup in my web/email server for this contact@MYDOMAIN.com address.
So perhaps everything is working as expected and it's just some low scum of the earth spammer just using my email address in the TO and FROM section of the email.
I came across this two articles during my research. So I think it's nothing out of the norm, but I'd love someone that is a bit more experienced than you and I to confirm this. At least email what story these email headers are telling us. Thanks!!
http://lifehacker.com/5875848/how-can-i-...and-family
http://lifehacker.com/how-spammers-spoof...1579478914
