Hi. Last time I saw on my mailbox some bounced mail: Code: Nov 27 19:50:57 s1 postfix/smtp[10403]: D495513D948: to=<[email protected]>, relay=mail57.ether123.net[109.236.80.110]:25, delay=160179, delays=160179/0.04/0.13/0.08, dsn=5.0.0, status=bounced (host mail57.ether123.net[109.236.80.110] said: 550 I cannot deliver mail for <[email protected]> (in reply to RCPT TO command)) Earlier was 32 attempts from Nov 26 06:30:51 to Nov 27 19:50:57 like below: Code: Nov 27 18:41:00 s1 postfix/smtp[7296]: D495513D948: to=<[email protected]>, relay=mail57.ether123.net[109.236.80.110]:25, delay=155983, delays=155979/0.04/3.9/0, dsn=4.0.0, status=deferred (host mail57.ether123.net[109.236.80.110] refused to talk to me: 421 timeout) I checked and I found out that this email account is created under domain, which is used for sending spam. Domain is not on spamlists but IP is. Bounced mail pasted above was delivered to do_not_reply account which I use to send information/confirmation emails from my web application, so somebody should use form on website or it could be bot. Is it possible to determine it could be real man or spambot?
If the emails sent from website form then its difficult to find if its man or spambot. However you can check the access logs of that website and check source IP, you may get idea about source with IP information..
Access logs - do you mean mail.log file or some others? I have already checked (in main.log) the source IP of strange email - spamlists, checked domain - clear.
