PDA

View Full Version : Something weird in mail.info

bswinnerton
2nd February 2008, 23:55
Feb 2 15:18:20 cw-webserver postfix/smtpd[32640]: connect from dns1.dotdoms.com[70.84.54.74]
Feb 2 15:18:20 cw-webserver postfix/smtpd[32640]: EBEF31C842C: client=dns1.dotdoms.com[70.84.54.74]
Feb 2 15:18:21 cw-webserver postfix/cleanup[32644]: EBEF31C842C: message-id=<43630686.20070502122711@zdi.com>
Feb 2 15:18:21 cw-webserver postfix/qmgr[17999]: EBEF31C842C: from=<main@zdi.com>, size=1380, nrcpt=1 (queue active)
Feb 2 15:18:21 cw-webserver postfix/smtpd[32640]: disconnect from dns1.dotdoms.com[70.84.54.74]


Is someone trying to hack in?
thecaoticone
3rd February 2008, 06:24
It looks to me like a standard Postfix transaction.

dns1.dotdoms.com is the server that connected and they delivered a message from main@zdi.com. Then the message was placed in the Postfix queue to be delivered to your user and the connection was closed.


What part looks wierd to you?
bswinnerton
3rd February 2008, 08:40
Well I don't recognize the email address at all, I know all of my email users and don't think they'd be sending something to that email address.
thecaoticone
3rd February 2008, 09:07
I checked the zdi.com website. This is from the site:

ZD is an established electronic component distribution powerhouse with an emphasis on board level active semiconductor devices.

I don't know your SPAM prevention set-up, but if one of your users did not contact this site, I would think it was a piece of ***SPAM*** that got past your system.

You might want to monitor you mail log for a few days and see if the user responds.

I honestly don't think it was a hack attempt. Usually a hack attempt will try to login and they tend last for a while. I deliberately watched a kiddie-script try to get in on my server one night. It lasted over 3 hours trying all kinds of logins. I had just built the server so nothing was on it yet. They never got in.
bswinnerton
3rd February 2008, 17:42
Alright, Thanks for all of your help =)

I guess I'm just a little worried about getting hacked. I just noticed this morning that there was a relay access denied message in there, which kind of re-assured me, and after a little google-ing I found I wasn't the only person getting it from that email address.

Well thanks again, and I'll keep an eye on the log.