 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
7 messages in net.sourceforge.lists.courier-users[courier-users] Has someone hacked my...| From | Sent On | Attachments |
|---|---|---|
| tekn...@wp.pl | Sep 28, 2006 11:26 am | |
| Johnny Lam | Sep 28, 2006 12:35 pm | |
| Ryan Parlee | Oct 10, 2006 11:11 pm | |
| Gordon Messmer | Oct 11, 2006 12:07 am | |
| Ryan Parlee | Oct 11, 2006 9:18 am | |
| Gordon Messmer | Oct 11, 2006 9:30 am | |
| Sam Varshavchik | Oct 11, 2006 3:19 pm |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | [courier-users] Has someone hacked my Courier? | Actions... |
|---|---|---|
| From: | Ryan Parlee (list...@jesca.com) | |
| Date: | Oct 10, 2006 11:11:04 pm | |
| List: | net.sourceforge.lists.courier-users | |
Dear very intelligent people,
I've received a few reports that my server is sending spam messages. A particular recipient has sent me their mail server logs which are included below along with some lines from my log file on my courier server. Can someone please tell me if my box has been hacked?
Thanks, Ryan
--------------My Courier Log--------------
Oct 5 03:42:50 host5 courierd: newmsg,id=00024851.452438EA.00004776: dns; localhost (localhost [127.0.0.1]) Oct 5 03:42:50 host5 courierd: started,id=00024851.452438EA.00004776,from=<>,module=esmtp,host=breastenhanc em Oct 5 03:42:50 host5 courierd: Waiting. shutdown time=none, wakeup time=Thu Oct 5 03:43:00 2006, queuedeliv Oct 5 03:42:50 host5 courierd: completed,id=00024853.451AEB1A.00006E7E Oct 5 03:42:50 host5 courierd: Waiting. shutdown time=none, wakeup time=Thu Oct 5 03:43:00 2006, queuedeliv Oct 5 03:42:51 host5 courieresmtp: id=00024851.452438EA.00004776,from=<>,addr=<crossvladimir@breastenhancemen Oct 5 03:42:51 host5 courieresmtp: id=00024851.452438EA.00004776,from=<>,addr=<crossvladimir@breastenhancemen Oct 5 03:42:51 host5 courieresmtp: id=00024851.452438EA.00004776,from=<>,addr=<crossvladimir@breastenhancemen Oct 5 03:42:51 host5 courierd: completed,id=00024851.452438EA.00004776
-------------Recipient Mail Server Log---------------
Thu 2006-09-28 00:07:42: [429:1] Session 429; child 1; thread 1372 Thu 2006-09-28 00:02:42: [429:1] Accepting SMTP connection from [209.234.66.109 : 46303] Thu 2006-09-28 00:02:42: [429:1] Performing PTR lookup (63.23.25.209.IN-ADDR.ARPA) Thu 2006-09-28 00:02:42: [429:1] * D=63.23.25.209.IN-ADDR.ARPA TTL=(393) PTR=[host5.mydomain.com] Thu 2006-09-28 00:02:42: [429:1] * Gathering A records... Thu 2006-09-28 00:02:42: [429:1] * D=host5.mydomain.com TTL=(74) A=[209.234.66.109] Thu 2006-09-28 00:02:42: [429:1] ---- End PTR results Thu 2006-09-28 00:02:42: [429:1] --> 220-recipientdomain.org ESMTP MDaemon 9.5.0f; Thu, 28 Sep 2006 00:02:42 -0500 Thu 2006-09-28 00:02:42: [429:1] --> 220-Recipient Company SMTP does not authorize the use of its computers or Thu 2006-09-28 00:02:42: [429:1] --> 220 network to deliver, accept, transmit, or distribute unsolicited e-mail. Thu 2006-09-28 00:02:42: [429:1] <-- EHLO host5.mydomain.com Thu 2006-09-28 00:02:42: [429:1] Performing IP lookup (host5.mydomain.com) Thu 2006-09-28 00:02:42: [429:1] * D=host5.mydomain.com TTL=(74) A=[209.234.66.109] Thu 2006-09-28 00:02:42: [429:1] ---- End IP lookup results Thu 2006-09-28 00:02:42: [429:1] --> 250-recipientdomain.org Hello host5.mydomain.com, pleased to meet you Thu 2006-09-28 00:02:42: [429:1] --> 250-ETRN Thu 2006-09-28 00:02:42: [429:1] --> 250-AUTH=LOGIN Thu 2006-09-28 00:02:42: [429:1] --> 250-AUTH LOGIN CRAM-MD5 Thu 2006-09-28 00:02:42: [429:1] --> 250-8BITMIME Thu 2006-09-28 00:02:42: [429:1] --> 250-STARTTLS Thu 2006-09-28 00:02:42: [429:1] --> 250 SIZE 0 Thu 2006-09-28 00:02:42: [429:1] <-- MAIL FROM:<cros...@breastenhancementhq.com> BODY=7BIT SIZE=2643 Thu 2006-09-28 00:02:42: [429:1] Performing SPF lookup (breastenhancementhq.com / 209.234.66.109) Thu 2006-09-28 00:02:42: [429:1] * Result: none; no SPF record in DNS Thu 2006-09-28 00:02:42: [429:1] ---- End SPF results Thu 2006-09-28 00:02:42: [429:1] --> 250 <cros...@breastenhancementhq.com>, Sender ok Thu 2006-09-28 00:02:42: [429:1] <-- RCPT TO:<dfel...@recipientdomain.org> Thu 2006-09-28 00:02:42: [429:1] Performing DNS-BL lookup (209.25.23.69 - connecting IP) Thu 2006-09-28 00:02:42: [429:1] * relays.ordb.org - passed Thu 2006-09-28 00:02:42: [429:1] * bl.spamcop.net - passed Thu 2006-09-28 00:02:42: [429:1] * sbl-xbl.spamhaus.org - passed Thu 2006-09-28 00:02:42: [429:1] ---- End DNS-BL results Thu 2006-09-28 00:02:42: [429:1] --> 250 <dfel...@recipientdomain.org>, Recipient ok Thu 2006-09-28 00:02:42: [429:1] <-- DATA Thu 2006-09-28 00:02:42: [429:1] Creating temp file (SMTP): c:\mdaemon\temp\md50000061674.tmp Thu 2006-09-28 00:02:42: [429:1] --> 354 Enter mail, end with <CRLF>.<CRLF> Thu 2006-09-28 00:07:42: [429:1] Connection closed Thu 2006-09-28 00:07:42: [429:1] SMTP session terminated (Bytes in/out: 2519/524)