I've received similar spam email messages containing virus attachments. These messages are usually sent to one of my domain email addresses that a bot or spammer has somehow indexed. The sender and the recipient are the same. Thus, it may appear that you're sending yourself email, but this is far from the case! It is most likely not coming from your server. When an email message is sent, mail programs allow you to dynamically specify the sender's email address, the recipient's email address, and more.
As such, since there is no way to verify who an email truly comes from, you should use SpamAssassin with ClamAV to filter out some of these emails. However, even this system is far from perfect.
To see where an email originated from, view the original message's headers by looking at the email file.
Received: from [103.41.45.19] (unknown [103.41.45.19])
by HOST (Postfix) with ESMTP id 9AC0044CCAD
for <emailaddress>; Thu, 24 Mar 2016 08:56:15 -0600 (MDT)
You can do this in various email clients. See here for instructions:
http://umyhacker.blogspot.com/2014/01/how-to-get-ip-address-of-e-mail-sender.htmlYou can also check the mail log like this using an email address that received the spam or by using the IP address that sent the message:
cat /var/log/mail.log | grep "email_address_YOU_RECEIVED_SPAM_FROM@YOURDOMAIN.com"
Doing this, I found the following entry:
Mar 24 08:56:19 amavis[29443]: (29443-09) Passed SPAMMY, [103.41.45.19] [103.41.45.19] <emailaddress> -> <emailaddress>, Message-ID: <2CAEA1519BE34C544355FC9530@BORO-SBS.boro.local>, mail_id: Dyt554BAqhhN, Hits: 7.769, size: 8356, queued_as: 4ED5044CCAE, 1751 ms
Then, I looked up entries using that IP address:
cat /var/log/mail.log | grep "103.41.45.19"
I found this:
Mar 24 08:56:13 postfix/smtpd[30589]: connect from unknown[103.41.45.19]
Mar 24 08:56:15 postfix/smtpd[30589]: 9AC0044CCAD: client=unknown[103.41.45.19]
Mar 24 08:56:18 postfix/smtpd[30589]: disconnect from unknown[103.41.45.19]
Mar 24 08:56:19 amavis[29443]: (29443-09) Passed SPAMMY, [103.41.45.19] [103.41.45.19] <emailaddress> -> <emailaddress>, Message-ID: <2CAEA1519BE34C544355FC9530@BORO-SBS.boro.local>, mail_id: Dyt554BAqhhN, Hits: 7.769, size: 8356, queued_as: 4ED5044CCAE, 1751 ms
In my case, the email originated from 103.41.45.19, which is not from my server. The best way to avoid these kind of attacks is to never expose your email address. You can do this by using contact forms which hide email addresses, but once you reply to a message, your email address is revealed. As you can see, it's a tough battle to fight.