I just setup a linux based spam filter/relay using MailScanner, ClamAV, and SpamAssassin. When an email arrives it scans the messages and then forwards it on to my exchange server if everything is ok and clean.
Everything works in regards to scanning incoming emails and filtering, however for some reason, once an email passes the filters it gets forwarded to the address "firstname.lastname@example.org".
The weird part is that all the headers say it should go to the actual email address. It's blowing my mind.
Here is what my /var/log/maillog looks like once the scan has completed and it forwards the message on:
May 6 08:04:28 hostfilter postfix/smtp: 8081C6567B5: to=<email@example.com>, orig_to=<firstname.lastname@example.org>, relay=172.25.2.249[172.25.2.249]:25, delay=22, delays=21/0.01/0/0.18, dsn=2.6.0, status=sent (250 2.6.0 <20110506140413.94AA96567AB@hostfilter.mydomain.com> Queued mail for delivery)
Notice it is sending to "email@example.com" with an "orig_to" the actual email address.
Now, I tried to add the address "firstname.lastname@example.org" as an alias to my account, but that just makes EVERY email in my organization go to ME. Even when the "TO:" address has someone elses email address on it.
Here's the header from an email message that I received that was meant to someone else. You'll notice everything in the header says it's destined for "email@example.com". But because I added the email account "firstname.lastname@example.org" as my alias, I received it.
Here's the header:
X-Antivirus: AVG for E-mail
Received: from hostfilter.mydomain.com (172.25.2.141) by
peak2010.mydomain.com (172.25.2.249) with Microsoft SMTP Server id
220.127.116.11; Fri, 6 May 2011 07:58:41 -0600
Received: from col0-omc2-s2.col0.hotmail.com (col0-omc2-s2.col0.hotmail.com
[18.104.22.168]) by hostfilter.mydomain.com (Postfix) with ESMTP id
AA8E16567AB for <email@example.com>; Fri, 6 May 2011 07:59:22 -0600 (MDT)
Received: from COL106-W58 ([22.214.171.124]) by col0-omc2-s2.col0.hotmail.com
with Microsoft SMTPSVC(6.0.3790.4675); Fri, 6 May 2011 06:59:20 -0700
From: Bill Patterson <firstname.lastname@example.org>
Date: Fri, 6 May 2011 07:59:19 -0600
X-OriginalArrivalTime: 06 May 2011 13:59:20.0252 (UTC) FILETIME=[CBE41FC0:01CC0BF5]
X-peakalarm-MailScanner-Information: Please contact the ISP for more information
X-peakalarm-MailScanner: Found to be clean
Everything would work PERFECTLY, if it would forward to the address it has listed in the "orig_" field ..
Any ideas? I don't know if it's MailScanner, or ClamAV, or SpamAssassin sending to that address, but I can't find reference to "ok@" after grepping for hours...