I noticed something weird today on my mail server. I had a message in my inbox that said:
Received: from myserver.com (localhost)
by myserver.com (8.14.3/8.14.3/Debian-9.2ubuntu1) id r3GJ4H5S005124;
Tue, 16 Apr 2013 19:05:02 GMT
Date: Tue, 16 Apr 2013 19:05:02 GMT
From: Mail Delivery Subsystem <[email protected]>
It's a bounce from a message that seems to have been sent from my server. Logs show that I recieved a spam message from this address, but then the last line of the log I pasted below caught my attention. How would I have a "TO" message to this email address? I can guarantee that I never responded, etc.
This is running sendmail on ubuntu.
syslog:Apr 16 14:48:23 myserversm-mta[32741]: r3GEmLnq032741: from=<[email protected]>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA-v4, relay=[37.45.241.125]
syslog:Apr 16 14:53:32 myservermilter-regex[4633]: [37.45.241.125] [37.45.241.125]: cb_envfrom('<[email protected]>')
syslog:Apr 16 14:53:32 myservermilter-regex[4633]: [37.45.241.125] [37.45.241.125]: macro {mail_addr} = [email protected]
syslog:Apr 16 14:53:32 myservermilter-greylist: r3GErUP7000362: addr [37.45.241.125][37.45.241.125] from <[email protected]> to <[email protected]> delayed for 00:04:51 (ACL 154)
syslog:Apr 16 14:53:33 myserversm-mta[362]: r3GErUP7000362: from=<[email protected]>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA-v4, relay=[37.45.241.125]
syslog:Apr 16 14:58:50 myservermilter-regex[4633]: [37.45.241.125] [37.45.241.125]: cb_envfrom('<[email protected]>')
syslog:Apr 16 14:58:50 myservermilter-regex[4633]: [37.45.241.125] [37.45.241.125]: macro {mail_addr} = [email protected]
syslog:Apr 16 14:58:52 myserversm-mta[459]: r3GEwm3L000459: from=<[email protected]>, size=1102, class=0, nrcpts=1, msgid=<002701ce3ab0$bfb09940$236828a4@vadiminljjo>, proto=SMTP, daemon=MTA-v4, relay=[37.45.241.125]
syslog:Apr 16 14:58:52 myservermilter-regex[4633]: [37.45.241.125] [37.45.241.125]: cb_header('From', '"Vivian Cotton" <[email protected]>')
syslog:Apr 16 14:58:52 myservermilter-regex[4633]: [37.45.241.125] [37.45.241.125]: ACCEPT, HELO: 37.45.241.125, FROM: <[email protected]>, RCPT: <[email protected]>, From: "Vivian Cotton" <[email protected]>, To: <[email protected]>, Subject: Get Ready For More News From This Company!
syslog:Apr 16 19:05:02 myserversm-mta[5124]: r3GJ4H5R005124: to=<[email protected]>, delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=30000, relay=mail.bio.ru. [83.222.200.20], dsn=5.1.1, stat=User unknown
This can either be deleted, or left with the answer...
It turned out that the aliases file had a typo so that mail for one particular user was getting sent to an invalid address. Fixed the typo and ran newaliases and all was well.