1

Our sever receives a fair bit of spam, most of this is standard spam but looking at the headers of some spam we get directly it seems to show that the mail is received by the LMTP (Local Mail Transport Protocol) rather than SMTP so I am curious if the below indicates that mail is coming from another account on the same server?

Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from our-server.com   by our-server.com with LMTP id uAvaLwN5i2K7KwAAAZdYnQ (envelope-from <[email protected]>) for <martin=here.com>; Mon, 23 May 2022 13:07:31 +0100
Return-path: <[email protected]>
Envelope-to: martin=here.com Delivery-date: Mon, 23 May 2022 13:07:31 +0100 Received: from [203.28.246.238] (port=42475 helo=mail.mashfacts.com) by our-server.com with esmtps (TLS1.2) tls TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <[email protected]>)     id 1nt6q4-000302-3a     for [email protected];    Mon, 23 May 2022
13:07:31 +0100
DKIM-Signature:

I know and can see the line:

Received: from [203.28.246.238] (port=42475 helo=mail.mashfacts.com) by our-server.com with esmtps

Which implies it is a remote delivery but I wanted to double check that the LMTP was expected and that this particular email is not being received by one account on the server to pass on to another account on the server.

The line:

Received: from our-server.com by our-server.com with LMTP

Seems to imply this?

3
  • Apologies this is probably a bit of dumb question but I wanted to double check why it states server recieved the email from itself.
    – Martin
    Commented May 23, 2022 at 13:21
  • Your quoted mail headers look odd. Can you edit your question to post the headers as-is in a code formatting as my edit suggests, with no changes to order and newlines?
    – anx
    Commented May 24, 2022 at 11:35
  • @anx there was no change to line orders, only changing identification and added <br> . cheers
    – Martin
    Commented May 24, 2022 at 12:43

1 Answer 1

2

Each hop in your mail system adds another Received: header, reading them bottom up tells you the story of where the mail has travelled (though that story might only be told truthfully for the last few Received: headers, those added by your system).

If you message was received from [203.28.246.238] as the last quoted header from your server says, and was only later passed on to your LMTP service locally, as the header further up implies, this mail was delivered just fine.

I think all your mail is eventually delivered via LMTP - a very common configuration. However, as you can verify by checking the output of ss -xtl | grep lmtp, your LMTP service will only listen on local unix socket files or loopback addresses (127.0.0.0/8, ::1), never directly receive message from the internet.

If it could, then yes, that could lead to you receiving abusive messages circumventing any restrictions imposed by your mail server. But you would have to explicitly deviate from default settings to do that.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .