Incoming mail have sometimes bad domain part

[KamasCZ]

Hi,
I have this problem - I switched to new Internet provider and now emails from some server (I know of three now) that come to my server have in RCPT domain part same as MX record. I use virtual alias maps so that mail return with user unknown. I can see in tcpdump that the mail is bad from the time it arrives to my server. I change MX record and the domain part of that email changed too, so I think it is a DNS problem.
Does anyone here seen something like this?

 

[Noway2]

Welcome to Tek Tips.

I think the MX record (domain) and the email address (domain) should be semi independent of each other. The MX record says that this server handles mail for this domain. They don't have to be the same. For example, I host a server and domain for my wife's business, mindseyetiedye.com. If you do an nslookup on the domain for record type MX, you will see that there are two servers with different priorities but the domain is noway2.net. In the SPF record, though, it is stated that the two noway2.net servers are declared as the mail exchangers for mindseyetiedye.com.

Aside from having the wrong domain, is the user/account name otherwise valid, also assuming that it isn't something trivial like root, or postmaster, etc. My suspicion is that these messages are attempts to spam your server based upon harvesting the MX record.