Question : is someone hacking my postfix email server?

I've been noticing (not very frequent but disturbing nevertheless) some weird emails on our postfix setup.

Background: this is a relay server that we have deployed to retrieve and archieve all sent and received emails from all accounts. Our ISP does the actual sending.

The strange part is that on the "Sent" folder, every now and then, I see an email that is most definetely a spam. Which means this email is sent either via our relay server or via the ISP's account.

This email account is used by many employees, but I can't be sure if it actually originates from us.

So my question is: how do I know which computer station is sending the email? (Can I get the IP from the header?)

Thank You

Answer : is someone hacking my postfix email server?

Hi,

I am not sure on how it came on your sent account folder.
Do you have pop access ? I mean is there any POP access enabled in the server.

Also one possibility is:

1. They use the From: [email protected]  and say To: [email protected]   BCC: [email protected],  [email protected] etc
Now, the message from yahoo will be bounced back to your server saying:  123 does not exist at yahoo. Then again, if [email protected] is not configured in your server, your server will again send an email back to yahoo saying company@ does not exist.  The email on your sent could be a backscatter http://en.wikipedia.org/wiki/Backscatter_(e-mail)

Check out this also: http://www.pcworld.com/businesscenter/article/145449/100_email_bouncebacks_youve_been_backscattered.html


Cheers,
Shashi