Email / Exchange / PostFix / MailScanner / ClamAV / SpamAssassin sending to wrong address ..

Posted on 2011-05-06
Last Modified: 2015-08-22

I just setup a linux based spam filter/relay using MailScanner, ClamAV, and SpamAssassin. When an email arrives it scans the messages and then forwards it on to my exchange server if everything is ok and clean.

Everything works in regards to scanning incoming emails and filtering, however for some reason, once an email passes the filters it gets forwarded to the address "".

The weird part is that all the headers say it should go to the actual email address. It's blowing my mind.

Here is what my /var/log/maillog looks like once the scan has completed and it forwards the message on:

May  6 08:04:28 hostfilter postfix/smtp[24950]: 8081C6567B5: to=<>, orig_to=<>, relay=[]:25, delay=22, delays=21/0.01/0/0.18, dsn=2.6.0, status=sent (250 2.6.0 <> Queued mail for delivery)

Open in new window

Notice it is sending to "" with an "orig_to" the actual email address.

Now, I tried to add the address "" as an alias to my account, but that just makes EVERY email in my organization go to ME. Even when the "TO:" address has someone elses email address on it.

Here's the header from an email message that I received that was meant to someone else. You'll notice everything in the header says it's destined for "". But because I added the email account "" as my alias, I received it.

Here's the header:
X-Antivirus: AVG for E-mail
Received: from ( by ( with Microsoft SMTP Server id; Fri, 6 May 2011 07:58:41 -0600
Received: from (
 [])	by (Postfix) with ESMTP id
 AA8E16567AB	for <>; Fri,  6 May 2011 07:59:22 -0600 (MDT)
Received: from COL106-W58 ([]) by
 with Microsoft SMTPSVC(6.0.3790.4675);	 Fri, 6 May 2011 06:59:20 -0700
Message-ID: <col106-w589F1D49081EA69F5EA62EF1830@phx.gbl>
Content-Type: multipart/alternative;
X-Originating-IP: []
From: Bill Patterson <>
To: <>
Subject: Testing
Date: Fri, 6 May 2011 07:59:19 -0600
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 06 May 2011 13:59:20.0252 (UTC) FILETIME=[CBE41FC0:01CC0BF5]
X-peakalarm-MailScanner-Information: Please contact the ISP for more information
X-peakalarm-MailScanner-ID: AA8E16567AB.A66B8
X-peakalarm-MailScanner: Found to be clean
X-Spam-Status: No

Open in new window

Everything would work PERFECTLY, if it would forward to the address it has listed in the "orig_" field ..

Any ideas? I don't know if it's MailScanner, or ClamAV, or SpamAssassin sending to that address, but I can't find reference to "ok@" after grepping for hours...

Question by:wpatterson82
    LVL 2

    Expert Comment

    How or where are you adding the alias ?
    LVL 2

    Accepted Solution

    I use relay_recipients.proto / .db

    here's an excerpt:     OK     OK     OK     OK     OK

    Open in new window

    That's the only file I have any "OK" .. but those are needed for postfix correct?

    Here are a few lines from my /etc/postfix/ file:

    relay_recipient_maps = hash:/etc/postfix/relay_recipients
    transport_maps = hash:/etc/postfix/transport
    virtual_maps = hash:/etc/postfix/relay_recipients

    Open in new window

    *Note: If I don't have "virtual_maps" added and just leave "relay_recipient_maps", postfix completely ignores any addresses found in the relay_recipients file.
    LVL 17

    Expert Comment

    by:Sikhumbuzo Ntsada
    Open all your rules and look for the e-mail, this seems to be in the filter rules not the config files of your mails.
    LVL 2

    Author Closing Comment


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    The purpose of this article is to demonstrate how we can use conditional statements using Python.
    Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
    Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
    Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now