Score:1

Local Mail Transport Protocol (LMTP) spam?

cn flag

Our sever receives a fair bit of spam, most of this is standard spam but looking at the headers of some spam we get directly it seems to show that the mail is received by the LMTP (Local Mail Transport Protocol) rather than SMTP so I am curious if the below indicates that mail is coming from another account on the same server?

Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from our-server.com   by our-server.com with LMTP id uAvaLwN5i2K7KwAAAZdYnQ (envelope-from <[email protected]>) for <martin=here.com>; Mon, 23 May 2022 13:07:31 +0100
Return-path: <[email protected]>
Envelope-to: martin=here.com Delivery-date: Mon, 23 May 2022 13:07:31 +0100 Received: from [203.28.246.238] (port=42475 helo=mail.mashfacts.com) by our-server.com with esmtps (TLS1.2) tls TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <[email protected]>)     id 1nt6q4-000302-3a     for [email protected];    Mon, 23 May 2022
13:07:31 +0100
DKIM-Signature:

I know and can see the line:

Received: from [203.28.246.238] (port=42475 helo=mail.mashfacts.com) by our-server.com with esmtps

Which implies it is a remote delivery but I wanted to double check that the LMTP was expected and that this particular email is not being received by one account on the server to pass on to another account on the server.

The line:

Received: from our-server.com by our-server.com with LMTP

Seems to imply this?

Martin avatar
cn flag
Apologies this is probably a bit of dumb question but I wanted to double check why it states server recieved the email from itself.
anx avatar
fr flag
anx
Your quoted mail headers look odd. Can you [edit] your question to post the headers as-is in a *code* formatting as my edit suggests, with no changes to order and newlines?
Martin avatar
cn flag
@anx there was no change to line orders, only changing identification and added `<br>` . cheers
Score:2
fr flag
anx

Each hop in your mail system adds another Received: header, reading them bottom up tells you the story of where the mail has travelled (though that story might only be told truthfully for the last few Received: headers, those added by your system).

If you message was received from [203.28.246.238] as the last quoted header from your server says, and was only later passed on to your LMTP service locally, as the header further up implies, this mail was delivered just fine.

I think all your mail is eventually delivered via LMTP - a very common configuration. However, as you can verify by checking the output of ss -xtl | grep lmtp, your LMTP service will only listen on local unix socket files or loopback addresses (127.0.0.0/8, ::1), never directly receive message from the internet.

If it could, then yes, that could lead to you receiving abusive messages circumventing any restrictions imposed by your mail server. But you would have to explicitly deviate from default settings to do that.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.