OK, so last night I started getting a lot of "undelivered" bounce messages on my mail server (postfix+dovecot+mysql).
What confuses me is that they've spoofed my domain, but I have SPF records set up that say only my mail host can send and that receiving servers should be strict about it.
EDIT: my SPF record -
example.org. TXT "v=spf1 a mx ptr -all"
Only consistency through 100+ messages are my domain.
Should I assume that things are OK (on my end) and that these bounces are real bounces, and that the SPF records will flag any mail actually delivered as being spoofed?
Here's complete headers from one message - I've replaced my internal hostname with srvr1
and my domain with example.org
- all other names/addresses are real. What is bothersome is that it seems the original receiving server isn't flagging this message as spam, even though I have SPF records setup...
Suggestions on this?
Return-Path: <>
Delivered-To: [email protected]
Received: from mail.example.org
by srvr1 (Dovecot) with LMTP id +m3lJVxxkVocZgAAa5pXxw
for <[email protected]>; Sat, 24 Feb 2018 14:06:20 +0000
Received: by mail.example.org (Postfix)
id 95F85462B3; Sat, 24 Feb 2018 14:06:20 +0000 (UTC)
Date: Sat, 24 Feb 2018 14:06:20 +0000 (UTC)
From: [email protected] (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: [email protected]
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="5CA7D462B1.1519481180/mail.example.org"
Content-Transfer-Encoding: 8bit
Message-Id: <[email protected]>
This is a MIME-encapsulated message.
--5CA7D462B1.1519481180/mail.example.org
Content-Description: Notification
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
This is the mail system at host mail.example.org.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<[email protected]>: host mx1.free.fr[212.27.48.6] said: 550 spam detected
(in reply to end of DATA command)
--5CA7D462B1.1519481180/mail.example.org
Content-Description: Delivery report
Content-Type: message/delivery-status
Content-Transfer-Encoding: 8bit
Reporting-MTA: dns; mail.example.org
X-Postfix-Queue-ID: 5CA7D462B1
X-Postfix-Sender: rfc822; [email protected]
Arrival-Date: Sat, 24 Feb 2018 14:06:18 +0000 (UTC)
Final-Recipient: rfc822; [email protected]
Original-Recipient: rfc822;[email protected]
Action: failed
Status: 5.0.0
Remote-MTA: dns; mx1.free.fr
Diagnostic-Code: smtp; 550 spam detected
--5CA7D462B1.1519481180/mail.example.org
Content-Description: Undelivered Message
Content-Type: message/rfc822
Content-Transfer-Encoding: 8bit
Return-Path: <[email protected]>
Received: from sinovapaint.com (unknown [85.255.199.39])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by mail.example.org (Postfix) with ESMTPSA id 5CA7D462B1
for <[email protected]>; Sat, 24 Feb 2018 14:06:18 +0000 (UTC)
Date: Sat, 24 Feb 2018 15:06:16 +0100
To: [email protected]
From: "Annabel A." <[email protected]>
Reply-To: "Annabel A." <[email protected]>
Subject: =?utf-8?Q?Y_a-t-il_d'autres_bons_=C3=A9talons_au_lit_=3F?=
Message-ID: <[email protected]>
X-Mailer: PHPMailer 5.2.23 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_15f058ce5dc516426d9dc772f549682f"
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,HTML_MESSAGE,
URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.1
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on srvr1
srvr1
orexample.org
is my stuff, everything else is copy/paste as-is from the headers. As to why the bounce appears to have gone through my system, etc. - that is what I am asking. Online checkers (like mxtoolbox.com) all report that everything is OK and good and not allowing relaying, etc. I'm just trying to be a good netizen and find out what is going on so I can fix whatever I need to on my end!