Misdelivered messages

[Joseph Brennan]

Recipient addresses don't have to appear anywhere in the message.
And in spam the To: header is often garbage.  Ignore that.

Look at the system log records written by your MTA (Postfix?) to
see who the recipients were.

Joseph Brennan
Lead Email Systems Engineer
Columbia University Information Technology





--On Wednesday, May 23, 2007 9:37 -0400 Dana Canfield <canfield at uindy.edu> 
wrote:

> In the past week or so, we've had trouble with spam being delivered to
> the wrong recipients.  It's difficult to explain, so I'll use an example:
>
> hackxx at uindy.edu and xxmelser at uindy.edu are local users receiving
> hundreds of spam per hour.  None of it is addressed to them.  Their email
> addresses don't appear anywhere in the message source.  The messages in
> hackxx's account appear to be the same messages that xxmelser is
> receiving.  Most of the misdirected messages seem to be addressed to
> other local users, such as xxmilton at uindy.edu or foxworthxx at uindy.edu.
> To further confuse the issue, this only happens with spam.  A legitimate
> message mailed to xxmilton at uindy.edu goes through to xxmilton's account
> and doesn't appear in the other users' mailboxes.  The *only* clue I have
> found is that most of these spams that get misdirected have a gap between
> the To: and the address in the message header, like this:
> To:           <foxworthxx at uindy.edu>
>
> Does anyone have any clue what might be going on here?
>
> Thanks
> DC
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html