Local Mail Transport Protocol (LMTP) spam?

Martin

9/23/23, 1:08 PM

Our sever receives a fair bit of spam, most of this is standard spam but looking at the headers of some spam we get directly it seems to show that the mail is received by the LMTP (Local Mail Transport Protocol) rather than SMTP so I am curious if the below indicates that mail is coming from another account on the same server?

My email address is [email protected]
Our server is our-server.com

Envelope-to: martin=here.com Delivery-date: Mon, 23 May 2022 13:07:31 +0100 Received: from [203.28.246.238] (port=42475 helo=mail.mashfacts.com) by our-server.com with esmtps (TLS1.2) tls TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <[email protected]>)     id 1nt6q4-000302-3a     for [email protected];    Mon, 23 May 2022
13:07:31 +0100
DKIM-Signature:

I know and can see the line:

Received: from [203.28.246.238] (port=42475 helo=mail.mashfacts.com) by our-server.com with esmtps

Which implies it is a remote delivery but I wanted to double check that the LMTP was expected and that this particular email is not being received by one account on the server to pass on to another account on the server.

The line:

Received: from our-server.com by our-server.com with LMTP

Seems to imply this?

0 + 0

spam

Martin

9/23/23, 1:21 PM

Apologies this is probably a bit of dumb question but I wanted to double check why it states server recieved the email from itself.

anx

9/24/23, 11:35 AM

Your quoted mail headers look odd. Can you [edit] your question to post the headers as-is in a *code* formatting as my edit suggests, with no changes to order and newlines?

Martin

9/24/23, 12:43 PM

@anx there was no change to line orders, only changing identification and added `<br>` . cheers

Score:2

Server

anx

9/24/23, 11:32 AM

Each hop in your mail system adds another Received: header, reading them bottom up tells you the story of where the mail has travelled (though that story might only be told truthfully for the last few Received: headers, those added by your system).

If you message was received from [203.28.246.238] as the last quoted header from your server says, and was only later passed on to your LMTP service locally, as the header further up implies, this mail was delivered just fine.

I think all your mail is eventually delivered via LMTP - a very common configuration. However, as you can verify by checking the output of ss -xtl | grep lmtp, your LMTP service will only listen on local unix socket files or loopback addresses (127.0.0.0/8, ::1), never directly receive message from the internet.

If it could, then yes, that could lead to you receiving abusive messages circumventing any restrictions imposed by your mail server. But you would have to explicitly deviate from default settings to do that.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Local Mail Transport Protocol (LMTP) spam?

TH: Local Mail Transport Protocol (LMTP) เป็นสแปมหรือไม่

RO: Spam prin protocolul de transport local de e-mail (LMTP)?

RU: Спам по протоколу локальной почты (LMTP)?

VI: thư rác Giao thức vận chuyển thư cục bộ (LMTP)?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.