HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=4)
-   -   Security problem 2 ???? the revenge :) (http://www.howtoforge.com/forums/showthread.php?t=39452)

albertux 21st September 2009 17:44

Security problem 2 ???? the revenge :)
 
Is better to have a little humor with all this, but again i have a rare cod in my info log of my email server, really i can't understand this, but appear each time is very very rare for me, and i hope your comments, thank you and this is the error (very long) :


Sep 21 11:13:29 www postfix/smtpd[11505]: connect from unknown[192.168.0.7]
Sep 21 11:13:29 www postfix/smtpd[11505]: setting up TLS connection from unknown[192.168.0.7]
Sep 21 11:13:29 www postfix/smtpd[11505]: unknown[192.168.0.7]: TLS cipher list "ALL:+RC4:@STRENGTH"
Sep 21 11:13:29 www postfix/smtpd[11505]: SSL_accept:before/accept initialization
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD50] (11 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD50] (11 bytes => 11 (0xB))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 16 03 01 00 ac 01 00 00|a8 03 01 ........ ...
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD5B] (166 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD5B] (166 bytes => 166 (0xA6))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 4a b7 98 32 47 0b f2 c5|e4 48 a7 67 a8 11 32 08 J..2G... .H.g..2.
Sep 21 11:13:29 www postfix/smtpd[11505]: 0010 9d bf c1 e2 ff e9 52 89|94 30 d6 bb 32 2a 49 1a ......R. .0..2*I.
Sep 21 11:13:29 www postfix/smtpd[11505]: 0020 20 e2 2b e3 be 4e c6 7e|d4 83 34 1d 39 c9 2e a1 .+..N.~ ..4.9...
Sep 21 11:13:29 www postfix/smtpd[11505]: 0030 3f e0 46 97 e2 ba 52 a7|a2 f8 1b 2c 16 74 2a 03 ?.F...R. ...,.t*.
Sep 21 11:13:29 www postfix/smtpd[11505]: 0040 a7 00 38 c0 0a c0 14 00|39 00 38 c0 0f c0 05 00 ..8..... 9.8.....
Sep 21 11:13:29 www postfix/smtpd[11505]: 0050 35 c0 07 c0 09 c0 11 c0|13 00 33 00 32 c0 0c c0 5....... ..3.2...
Sep 21 11:13:29 www postfix/smtpd[11505]: 0060 0e c0 02 c0 04 00 04 00|05 00 2f c0 08 c0 12 00 ........ ../.....
Sep 21 11:13:29 www postfix/smtpd[11505]: 0070 16 00 13 c0 0d c0 03 fe|ff 00 0a 01 00 00 27 00 ........ ......'.
Sep 21 11:13:29 www postfix/smtpd[11505]: 0080 00 00 11 00 0f 00 00 0c|66 6d 61 63 68 69 6c 65 ........ fmachile
Sep 21 11:13:29 www postfix/smtpd[11505]: 0090 2e 6f 72 67 00 0a 00 08|00 06 00 17 00 18 00 19 .org.... ........
Sep 21 11:13:29 www postfix/smtpd[11505]: 00a0 00 0b 00 02 01 .....
Sep 21 11:13:29 www postfix/smtpd[11505]: 00a5 - <SPACES/NULLS>
Sep 21 11:13:29 www postfix/smtpd[11505]: unknown[192.168.0.7]: looking up session E22BE3BE4EC67ED483341D39C92EA13FE04697E2BA52A7A2F8 1B2C16742A03A7&s=smtp in smtpd cache
Sep 21 11:13:29 www postfix/tlsmgr[7261]: lookup smtpd session id=E22BE3BE4EC67ED483341D39C92EA13FE04697E2BA52A7A 2F81B2C16742A03A7&s=smtp
Sep 21 11:13:29 www postfix/tlsmgr[7261]: read smtpd TLS cache entry E22BE3BE4EC67ED483341D39C92EA13FE04697E2BA52A7A2F8 1B2C16742A03A7&s=smtp: time=1253545459 [data 144 bytes]
Sep 21 11:13:29 www postfix/smtpd[11505]: unknown[192.168.0.7]: reloaded session E22BE3BE4EC67ED483341D39C92EA13FE04697E2BA52A7A2F8 1B2C16742A03A7&s=smtp from smtpd cache
Sep 21 11:13:29 www postfix/smtpd[11505]: SSL_accept:SSLv3 read client hello B
Sep 21 11:13:29 www postfix/smtpd[11505]: SSL_accept:SSLv3 write server hello A
Sep 21 11:13:29 www postfix/smtpd[11505]: SSL_accept:SSLv3 write change cipher spec A
Sep 21 11:13:29 www postfix/smtpd[11505]: SSL_accept:SSLv3 write finished A
Sep 21 11:13:29 www postfix/smtpd[11505]: write to 7F6925B38D90 [7F6925B69E80] (138 bytes => 138 (0x8A))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 16 03 01 00 4a 02 00 00|46 03 01 4a b7 98 19 36 ....J... F..J...6
Sep 21 11:13:29 www postfix/smtpd[11505]: 0010 88 52 18 c1 48 6d a8 79|10 b5 20 0e 17 7c 54 3c .R..Hm.y .. ..|T<
Sep 21 11:13:29 www postfix/smtpd[11505]: 0020 84 65 c3 3d 1c cd 56 3b|1f 64 37 20 e2 2b e3 be .e.=..V; .d7 .+..
Sep 21 11:13:29 www postfix/smtpd[11505]: 0030 4e c6 7e d4 83 34 1d 39|c9 2e a1 3f e0 46 97 e2 N.~..4.9 ...?.F..
Sep 21 11:13:29 www postfix/smtpd[11505]: 0040 ba 52 a7 a2 f8 1b 2c 16|74 2a 03 a7 00 39 00 14 .R....,. t*...9..
Sep 21 11:13:29 www postfix/smtpd[11505]: 0050 03 01 00 01 01 16 03 01|00 30 ff 9f 9b aa 72 9a ........ .0....r.
Sep 21 11:13:29 www postfix/smtpd[11505]: 0060 c6 94 c5 71 10 1f 60 74|5c 1d 82 12 61 6f 1c 4d ...q..`t \...ao.M
Sep 21 11:13:29 www postfix/smtpd[11505]: 0070 30 a9 16 04 62 65 17 67|bf f3 98 c7 a0 b4 7c ad 0...be.g ......|.
Sep 21 11:13:29 www postfix/smtpd[11505]: 0080 0c 2a 48 80 02 19 19 76|04 ac .*H....v ..
Sep 21 11:13:29 www postfix/smtpd[11505]: SSL_accept:SSLv3 flush data
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD50] (5 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD50] (5 bytes => 5 (0x5))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 14 03 01 00 01 .....
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD55] (1 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD55] (1 bytes => 1 (0x1))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 01 .
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD50] (5 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD50] (5 bytes => 5 (0x5))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 16 03 01 00 30 ....0
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD55] (48 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD55] (48 bytes => 48 (0x30))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 1a b9 54 fa 8f 40 dd 01|f1 01 4a 36 c2 66 48 41 ..T..@.. ..J6.fHA
Sep 21 11:13:29 www postfix/smtpd[11505]: 0010 d8 3e a5 2a 44 54 3a 67|c7 36 b8 3c 08 da 3f 1b .>.*DT:g .6.<..?.
Sep 21 11:13:29 www postfix/smtpd[11505]: 0020 b8 7e 05 ac 4f 87 2f d1|5d a8 eb fc 45 56 17 30 .~..O./. ]...EV.0
Sep 21 11:13:29 www postfix/smtpd[11505]: SSL_accept:SSLv3 read finished A
Sep 21 11:13:29 www postfix/smtpd[11505]: unknown[192.168.0.7]: Reusing old session
Sep 21 11:13:29 www postfix/smtpd[11505]: Anonymous TLS connection established from unknown[192.168.0.7]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD50] (5 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD50] (5 bytes => 5 (0x5))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 17 03 01 00 30 ....0
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD55] (48 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD55] (48 bytes => 48 (0x30))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 91 96 52 b4 aa e8 b3 bd|1e e0 5d 60 2e 37 f0 b6 ..R..... ..]`.7..
Sep 21 11:13:29 www postfix/smtpd[11505]: 0010 48 e2 f6 3e 1e d1 ce 86|ac a1 6d b8 af 3d 61 8a H..>.... ..m..=a.
Sep 21 11:13:29 www postfix/smtpd[11505]: 0020 3d 4d f7 18 fb 6d cf 29|c1 ce 02 12 fc ad f9 b6 =M...m.) ........
Sep 21 11:13:29 www postfix/smtpd[11505]: Read 21 chars: EHLO [172.30.20.54]??
Sep 21 11:13:29 www postfix/smtpd[11505]: Write 171 chars: 250-www.domain.cl??250-PIPELINING??
Sep 21 11:13:29 www postfix/smtpd[11505]: write to 7F6925B38D90 [7F6925B65560] (197 bytes => 197 (0xC5))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 17 03 01 00 c0 13 e7 0c|f1 f9 c9 1f f3 9c e6 a5 ........ ........
Sep 21 11:13:29 www postfix/smtpd[11505]: 0010 7f d4 30 a5 90 0d 9f 23|66 ce 77 9c 9f d2 99 f3 ..0....# f.w.....
Sep 21 11:13:29 www postfix/smtpd[11505]: 0020 2c d5 26 81 7f eb 1a 5c|97 2a 29 83 f5 76 f7 3e ,.&....\ .*)..v.>
Sep 21 11:13:29 www postfix/smtpd[11505]: 0030 cf cb 6d 53 07 fb 11 30|f8 f5 da f3 44 f1 2f 21 ..mS...0 ....D./!
Sep 21 11:13:29 www postfix/smtpd[11505]: 0040 89 72 62 b6 76 97 9e 37|55 03 52 0e 2e 5e c8 2c .rb.v..7 U.R..^.,
Sep 21 11:13:29 www postfix/smtpd[11505]: 0050 97 f2 33 bc 51 9d cf 4d|a8 12 28 83 c2 22 c8 05 ..3.Q..M ..(.."..
Sep 21 11:13:29 www postfix/smtpd[11505]: 0060 86 ba 61 01 4f 5f ed e3|a8 b8 ab f6 ce 09 4c 60 ..a.O_.. ......L`
Sep 21 11:13:29 www postfix/smtpd[11505]: 0070 bf 32 27 b0 99 d8 90 65|f1 74 f3 e3 5d 2e 93 0c .2'....e .t..]...
Sep 21 11:13:29 www postfix/smtpd[11505]: 0080 e9 4e 81 d7 42 24 16 89|18 8f 7b db 21 2c 3c 5b .N..B$.. ..{.!,<[
Sep 21 11:13:29 www postfix/smtpd[11505]: 0090 36 29 7e 6f d8 c3 03 fc|d7 3e f3 85 21 3c 73 c0 6)~o.... .>..!<s.
Sep 21 11:13:29 www postfix/smtpd[11505]: 00a0 72 86 b5 11 ec 9e 98 70|ff 95 cf f6 70 f9 e1 9b r......p ....p...
Sep 21 11:13:29 www postfix/smtpd[11505]: 00b0 9a 3e 5f 82 22 87 d5 f7|6d 3a a0 6e 87 7f 52 b2 .>_."... m:.n..R.
Sep 21 11:13:29 www postfix/smtpd[11505]: 00c0 8e b8 d0 c7 85 .....
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD50] (5 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD50] (5 bytes => 5 (0x5))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 17 03 01 00 40 ....@
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD55] (64 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD55] (64 bytes => 64 (0x40))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 70 19 2e 31 e4 ba 15 57|dd e1 72 4c 66 40 52 81 p..1...W ..rLf@R.
Sep 21 11:13:29 www postfix/smtpd[11505]: 0010 a5 44 6a 37 ce aa 9f 10|d4 0e df 94 a2 30 8c df .Dj7.... .....0..
Sep 21 11:13:29 www postfix/smtpd[11505]: 0020 21 26 c7 5c 19 29 51 a3|14 b4 f0 f6 28 9c ef 81 !&.\.)Q. ....(...
Sep 21 11:13:29 www postfix/smtpd[11505]: 0030 6c 20 8b 5a 7b 80 33 8b|a0 bf 80 d2 a2 48 b3 fd l .Z{.3. .....H..
Sep 21 11:13:29 www postfix/smtpd[11505]: Read 41 chars: AUTH PLAIN AHhhbGFyY29uAGdlcm1pdGEyNzEz?
Sep 21 11:13:29 www postfix/smtpd[11505]: Write 37 chars: 235 2.7.0 Authentication successful??
Sep 21 11:13:29 www postfix/smtpd[11505]: write to 7F6925B38D90 [7F6925B65560] (69 bytes => 69 (0x45))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 17 03 01 00 40 55 94 33|28 33 76 61 43 0b 93 f8 ....@U.3 (3vaC...
Sep 21 11:13:29 www postfix/smtpd[11505]: 0010 87 48 3e 37 c9 89 12 f4|0c a8 94 44 57 e3 06 a9 .H>7.... ...DW...
Sep 21 11:13:29 www postfix/smtpd[11505]: 0020 3a e0 ce db 09 49 cd 2c|08 5b 88 cf 60 58 b1 93 :....I., .[..`X..
Sep 21 11:13:29 www postfix/smtpd[11505]: 0030 f1 84 60 a5 e6 bb 9a 3d|64 c7 0e 0e 31 82 18 10 ..`....= d...1...
Sep 21 11:13:29 www postfix/smtpd[11505]: 0040 8c 24 8b f0 f0 .$...
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD50] (5 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD50] (5 bytes => 5 (0x5))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 17 03 01 00 50 ....P
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD55] (80 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD55] (80 bytes => 80 (0x50))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 6b ea c4 b8 db 92 82 42|00 7e 54 25 b7 b6 bd 1a k......B .~T%....
Sep 21 11:13:29 www postfix/smtpd[11505]: 0010 45 28 a9 d3 dd 46 63 8d|df f9 6d 91 2c 1a 5a 8c E(...Fc. ..m.,.Z.
Sep 21 11:13:29 www postfix/smtpd[11505]: 0020 91 23 69 17 19 1a dc 97|06 81 5c e2 4c 1b 81 f0 .#i..... ..\.L...
Sep 21 11:13:29 www postfix/smtpd[11505]: 0030 5d f7 9f b9 23 c2 a3 13|2e 31 30 9b d3 66 1b fe ]...#... .10..f..
Sep 21 11:13:29 www postfix/smtpd[11505]: 0040 8d 7e 28 c9 09 c0 a5 af|9f fa 94 0e 8a 4c db 26 .~(..... .....L.&
Sep 21 11:13:29 www postfix/smtpd[11505]: Read 44 chars: MAIL FROM:<xalarcon@domain.cl> SIZE=6
Sep 21 11:13:29 www postfix/smtpd[11505]: Write 14 chars: 250 2.1.0 Ok??
Sep 21 11:13:29 www postfix/smtpd[11505]: write to 7F6925B38D90 [7F6925B65560] (53 bytes => 53 (0x35))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 17 03 01 00 30 2b b2 01|4e 37 64 39 03 b6 49 af ....0+.. N7d9..I.
Sep 21 11:13:29 www postfix/smtpd[11505]: 0010 5e ba ae ca 73 20 81 3d|90 45 d9 35 43 b4 5d 5f ^...s .= .E.5C.]_
Sep 21 11:13:29 www postfix/smtpd[11505]: 0020 1c bc 8f e3 52 62 a6 fc|be 4f 2c 2c 33 8c 92 61 ....Rb.. .O,,3..a
Sep 21 11:13:29 www postfix/smtpd[11505]: 0030 3e b2 8d 86 2e >....
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD50] (5 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD50] (5 bytes => 5 (0x5))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 17 03 01 00 40 ....@
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD55] (64 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD55] (64 bytes => 64 (0x40))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 33 81 83 02 5f 3e f9 ca|00 b9 6a 07 25 86 9f 4c 3..._>.. ..j.%..L
Sep 21 11:13:29 www postfix/smtpd[11505]: 0010 8b 32 ea 4b ec dd a1 19|77 ab f3 e1 e7 83 5e 40 .2.K.... w.....^@
Sep 21 11:13:29 www postfix/smtpd[11505]: 0020 02 08 1c 12 e4 a9 c3 07|d1 16 0a dc c7 ca 90 e8 ........ ........
Sep 21 11:13:29 www postfix/smtpd[11505]: 0030 54 5b 99 8b 55 ba 7c ef|52 95 93 37 53 82 7c cf T[..U.|. R..7S.|.
Sep 21 11:13:29 www postfix/smtpd[11505]: Read 34 chars: RCPT TO:<fvenegas@domain2.cl>??
Sep 21 11:13:29 www postfix/smtpd[11505]: D75641FDC003: client=unknown[192.168.0.7], sasl_method=PLAIN, sasl_username=xalarcon
Sep 21 11:13:29 www postfix/smtpd[11505]: Write 14 chars: 250 2.1.5 Ok??
Sep 21 11:13:29 www postfix/smtpd[11505]: write to 7F6925B38D90 [7F6925B65560] (53 bytes => 53 (0x35))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 17 03 01 00 30 b3 08 35|af 36 bb b9 8e 7c 29 55 ....0..5 .6...|)U
Sep 21 11:13:29 www postfix/smtpd[11505]: 0010 3f 90 84 9b 1c e7 e0 90|1a 0d 6c 6c c6 ad 34 1b ?....... ..ll..4.
Sep 21 11:13:29 www postfix/smtpd[11505]: 0020 09 51 2a ba 8f df 81 38|4b 8f fa e2 b0 f8 b3 6d .Q*....8 K......m
Sep 21 11:13:29 www postfix/smtpd[11505]: 0030 19 cf 6a 7b 81 ..j{.
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD50] (5 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD50] (5 bytes => 5 (0x5))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 17 03 01 ...
Sep 21 11:13:29 www postfix/smtpd[11505]: 0003 - <SPACES/NULLS>
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD55] (32 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD55] (32 bytes => 32 (0x20))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 a5 39 6a a0 20 76 bf e1|a1 d4 d0 f1 17 86 ff 02 .9j. v.. ........
Sep 21 11:13:29 www postfix/smtpd[11505]: 0010 3f 3d ab 35 9f 16 3f 92|b0 61 85 46 48 e8 c1 11 ?=.5..?. .a.FH...
Sep 21 11:13:29 www postfix/smtpd[11505]: Read 6 chars: DATA??
Sep 21 11:13:29 www postfix/smtpd[11505]: Write 37 chars: 354 End data with <CR><LF>.<CR><LF>??
Sep 21 11:13:29 www postfix/smtpd[11505]: write to 7F6925B38D90 [7F6925B65560] (69 bytes => 69 (0x45))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 17 03 01 00 40 66 d2 20|b7 8f ee 2a c5 52 8c 75 ....@f. ...*.R.u
Sep 21 11:13:29 www postfix/smtpd[11505]: 0010 71 7d cf c3 e2 9b 0c be|dc 94 2c 36 8b ac 9c d2 q}...... ..,6....
Sep 21 11:13:29 www postfix/smtpd[11505]: 0020 41 de 0c b9 3e 5d 0a c3|4b 47 ff 9c 21 b6 3e 6a A...>].. KG..!.>j
Sep 21 11:13:29 www postfix/smtpd[11505]: 0030 5a 26 df 3e da 12 75 d6|c5 99 f4 e9 6c 1a ab 14 Z&.>..u. ....l...
Sep 21 11:13:29 www postfix/smtpd[11505]: 0040 db 68 50 9f 1c .hP..
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD50] (5 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD50] (5 bytes => 5 (0x5))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 17 03 01 02 d0 .....
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD55] (720 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD55] (720 bytes => 720 (0x2D0))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 ff 07 2d b9 a1 13 52 b9|f8 5e 10 e5 b2 83 10 46 ..-...R. .^.....F
Sep 21 11:13:29 www postfix/smtpd[11505]: 0010 32 af 76 b9 9a dd 6e ec|3d aa 62 91 66 25 94 ad 2.v...n. =.b.f%..
Sep 21 11:13:29 www postfix/smtpd[11505]: 0020 e7 14 44 61 a3 67 f5 54|66 18 41 ff 05 3b 2a 61 ..Da.g.T f.A..;*a
Sep 21 11:13:29 www postfix/smtpd[11505]: 0030 a8 13 e3 d7 af b3 d7 09|dc 43 29 fa b7 2c 2f 15 ........ .C)..,/.
Sep 21 11:13:29 www postfix/smtpd[11505]: 0040 5c dc 3d 71 a4 aa fd da|80 d7 57 83 e7 a6 36 c4 \.=q.... ..W...6.
Sep 21 11:13:29 www postfix/smtpd[11505]: 0050 3a a5 1b 97 ce 94 68 82|44 c2 c5 64 96 42 86 1e :.....h. D..d.B..
Sep 21 11:13:29 www postfix/smtpd[11505]: 0060 ae 5a d3 53 b4 20 c2 c8|2b a4 3b f4 3a 2a e7 90 .Z.S. .. +.;.:*..
Sep 21 11:13:29 www postfix/smtpd[11505]: 0070 f0 db 6b a9 4e 6d 8c b4|87 7d ac 80 69 dc a1 ef ..k.Nm.. .}..i...
Sep 21 11:13:29 www postfix/smtpd[11505]: 0080 1a b8 c2 7e fd 34 ea c6|c7 09 ad 52 9a 93 7f 91 ...~.4.. ...R....
Sep 21 11:13:29 www postfix/smtpd[11505]: 0090 41 47 80 ed 31 5c 28 c5|cd 1f 15 26 3c 7d 4b b8 AG..1\(. ...&<}K.
Sep 21 11:13:29 www postfix/smtpd[11505]: 00a0 09 b5 88 e2 19 96 b8 46|6a 2f 52 3c d0 c6 a4 09 .......F j/R<....
Sep 21 11:13:29 www postfix/smtpd[11505]: 00b0 3d 8d 2c 96 8e de 37 66|7e e1 16 59 b9 dd 0d 3c =.,...7f ~..Y...<
Sep 21 11:13:29 www postfix/smtpd[11505]: 00c0 4c b1 d2 ae 85 93 eb 18|f8 0b 95 4e 4a e4 32 8b L....... ...NJ.2.
Sep 21 11:13:29 www postfix/smtpd[11505]: 00d0 93 29 8b 4e 96 d7 58 6a|82 41 7e ec 69 c5 a0 72 .).N..Xj .A~.i..r
Sep 21 11:13:29 www postfix/smtpd[11505]: 00e0 67 0b 87 5f 1b 5a 35 7d|67 2b 41 ff 97 c9 66 2c g.._.Z5} g+A...f,
Sep 21 11:13:29 www postfix/smtpd[11505]: 00f0 34 55 eb 05 04 c0 e0 d8|fc fe 1b e0 18 1a 79 50 4U...... ......yP
Sep 21 11:13:29 www postfix/smtpd[11505]: 0100 cf 4c 9d 0c fd 17 e9 98|13 5b 6a 03 ef 38 e4 65 .L...... .[j..8.e
Sep 21 11:13:29 www postfix/smtpd[11505]: 0110 75 ee 44 5c 43 db 64 51|4d e8 00 35 66 f9 fc 28 u.D\C.dQ M..5f..(
Sep 21 11:13:29 www postfix/smtpd[11505]: 0120 29 81 04 00 39 89 ad 8a|43 6a 0d 10 ce 8f 36 95 )...9... Cj....6.
Sep 21 11:13:29 www postfix/smtpd[11505]: 0130 a9 9f b2 6b 40 6f f6 c2|b9 ba 7a 63 d7 dc 4e 55 ...k@o.. ..zc..NU
Sep 21 11:13:29 www postfix/smtpd[11505]: 0140 fa 4f 40 cd b0 ba 20 cd|62 55 3a 3b 53 af a0 2e .O@... . bU:;S...
Sep 21 11:13:29 www postfix/smtpd[11505]: 0150 1b a5 fb 62 7c c0 12 60|b7 93 8a 3c c3 20 eb 9d ...b|..` ...<. ..
Sep 21 11:13:29 www postfix/smtpd[11505]: 0160 3f 2f c3 01 01 52 8a b9|38 f8 c1 97 9e 11 84 1c ?/...R.. 8.......
Sep 21 11:13:29 www postfix/smtpd[11505]: 0170 3f 89 0e 8d 9a ce 7d 38|50 97 3b 14 b2 a1 ee ce ?.....}8 P.;.....
Sep 21 11:13:29 www postfix/smtpd[11505]: 0180 bd 53 95 0e 48 c5 9f 2b|70 87 dc c9 27 65 d8 4e .S..H..+ p...'e.N
Sep 21 11:13:29 www postfix/smtpd[11505]: 0190 bb 99 2c f5 9d 86 b2 ee|5a bc 1f a2 56 4b b7 f2 ..,..... Z...VK..
Sep 21 11:13:29 www postfix/smtpd[11505]: 01a0 ab f7 25 d3 c0 5d 04 1b|c6 d8 a3 aa 63 10 ce 2b ..%..].. ....c..+
Sep 21 11:13:29 www postfix/smtpd[11505]: 01b0 c8 41 18 1c c2 80 a4 f1|d4 ee b0 7b e5 37 f1 99 .A...... ...{.7..
Sep 21 11:13:29 www postfix/smtpd[11505]: 01c0 a1 e3 78 8e 5b 0e e4 2d|0e 7e bd fd 44 a3 9b 34 ..x.[..- .~..D..4
Sep 21 11:13:29 www postfix/smtpd[11505]: 01d0 84 28 a8 a5 d2 dd c3 0a|5a b8 ca e7 a0 f2 b3 05 .(...... Z.......
Sep 21 11:13:29 www postfix/smtpd[11505]: 01e0 6a 4c 33 7e 18 13 a9 a6|55 3d 5d d9 06 e7 f1 d8 jL3~.... U=].....
Sep 21 11:13:29 www postfix/smtpd[11505]: 01f0 3f eb 25 8e 17 be 5a 06|42 d1 b9 3e 5f ba ac ce ?.%...Z. B..>_...
Sep 21 11:13:29 www postfix/smtpd[11505]: 0200 4d e2 c1 0a e6 9f 90 1d|b9 58 37 3a 72 32 cd 0a M....... .X7:r2..
Sep 21 11:13:29 www postfix/smtpd[11505]: 0210 c7 05 cb 82 dc 01 17 91|d7 33 62 7e bf 79 6d c2 ........ .3b~.ym.
Sep 21 11:13:29 www postfix/smtpd[11505]: 0220 08 b1 5e 90 01 81 0e c0|60 5c 5d a6 79 2c 36 de ..^..... `\].y,6.
Sep 21 11:13:29 www postfix/smtpd[11505]: 0230 eb 4d 66 dd 17 1b 4b 24|3c 99 ff c1 fc 8e 6f ca .Mf...K$ <.....o.
Sep 21 11:13:29 www postfix/smtpd[11505]: 0240 dd 4d 9d d2 d0 6c 51 70|30 a1 71 1f 57 a1 99 d7 .M...lQp 0.q.W...
Sep 21 11:13:29 www postfix/smtpd[11505]: 0250 b4 da dc 17 ff 66 a7 92|b5 17 ac 29 bf 39 f9 bf .....f.. ...).9..
Sep 21 11:13:29 www postfix/smtpd[11505]: 0260 ca b4 df c5 d2 5b 44 43|67 dc 88 2f 16 49 dc 97 .....[DC g../.I..
Sep 21 11:13:29 www postfix/smtpd[11505]: 0270 b0 8e 64 45 9e fc 43 24|de 6a a5 12 5e d0 2d ed ..dE..C$ .j..^.-.
Sep 21 11:13:29 www postfix/smtpd[11505]: 0280 63 21 00 38 10 69 d1 22|60 c3 7f 9e 21 55 f1 22 c!.8.i." `...!U."
Sep 21 11:13:29 www postfix/smtpd[11505]: 0290 34 f7 2a 91 51 68 cd b4|2b 87 d2 91 89 96 e9 16 4.*.Qh.. +.......
Sep 21 11:13:29 www postfix/smtpd[11505]: 02a0 83 6f 09 39 35 41 5b 9e|83 20 f1 a2 48 65 fc bd .o.95A[. . ..He..
Sep 21 11:13:29 www postfix/smtpd[11505]: 02b0 32 3e 5e d7 33 45 6d a9|11 05 ab 52 ed 3a a5 26 2>^.3Em. ...R.:.&
Sep 21 11:13:29 www postfix/smtpd[11505]: 02c0 b3 03 78 ed 8e 8a 55 db|a6 3c 2a 9c ae 19 3b 17 ..x...U. .<*...;.
Sep 21 11:13:29 www postfix/smtpd[11505]: Read 687 chars: Message-ID: <4AB79831.2070702@domain.cl
Sep 21 11:13:29 www postfix/cleanup[11509]: D75641FDC003: message-id=<4AB79831.2070702@domain.cl>
Sep 21 11:13:29 www postfix/smtpd[11505]: Write 38 chars: 250 2.0.0 Ok: queued as D75641FDC003??
Sep 21 11:13:29 www postfix/smtpd[11505]: write to 7F6925B38D90 [7F6925B65560] (69 bytes => 69 (0x45))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 17 03 01 00 40 ce 59 24|b7 4a 91 d9 4d 4a 72 7a ....@.Y$ .J..MJrz
Sep 21 11:13:29 www postfix/smtpd[11505]: 0010 73 1d 60 9c dd a3 42 54|6b 66 3e ce 27 2b 67 f4 s.`...BT kf>.'+g.
Sep 21 11:13:29 www postfix/qmgr[7258]: D75641FDC003: from=<xalarcon@domain.cl>, size=970, nrcpt=1 (queue active)
Sep 21 11:13:29 www postfix/smtpd[11505]: 0020 b0 0b 7a 06 f3 09 c8 26|33 6c e2 5c 59 9b 01 58 ..z....& 3l.\Y..X
Sep 21 11:13:29 www postfix/smtpd[11505]: 0030 2d 9a 4e 5a d4 95 9a 37|94 6b 6d 59 ad 9d ca 62 -.NZ...7 .kmY...b
Sep 21 11:13:29 www postfix/smtpd[11505]: 0040 7e 29 38 ca 41 ~)8.A
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD50] (5 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD50] (5 bytes => 5 (0x5))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 17 03 01 ...
Sep 21 11:13:29 www postfix/smtpd[11505]: 0003 - <SPACES/NULLS>
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD55] (32 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD55] (32 bytes => 32 (0x20))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 f8 84 b2 72 ea 74 a4 05|1b f5 3c 7b 6d 33 22 3e ...r.t.. ..<{m3">
Sep 21 11:13:29 www postfix/smtpd[11505]: 0010 c6 53 54 ca bf 20 31 4f|49 c5 1d 26 dc f2 37 9a .ST.. 1O I..&..7.
Sep 21 11:13:29 www postfix/smtpd[11505]: Read 6 chars: QUIT??
Sep 21 11:13:29 www postfix/smtpd[11505]: Write 15 chars: 221 2.0.0 Bye??
Sep 21 11:13:29 www postfix/smtpd[11505]: write to 7F6925B38D90 [7F6925B65560] (53 bytes => 53 (0x35))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 17 03 01 00 30 ef a9 4e|46 dc a2 df a1 33 85 fc ....0..N F....3..
Sep 21 11:13:29 www postfix/smtpd[11505]: 0010 f9 a4 a2 0f 18 24 3e 9e|d5 94 64 b3 9d c7 fc 58 .....$>. ..d....X
Sep 21 11:13:29 www postfix/smtpd[11505]: 0020 a5 44 a0 a4 bb 94 56 4d|32 6e 2c 38 c6 20 fc 10 .D....VM 2n,8. ..
Sep 21 11:13:29 www postfix/smtpd[11505]: 0030 f2 14 5d aa 2a ..].*
Sep 21 11:13:29 www postfix/smtpd[11505]: write to 7F6925B38D90 [7F6925B65560] (37 bytes => 37 (0x25))
Sep 21 11:13:29 www postfix/smtpd[11505]: 0000 15 03 01 00 20 4a d5 f2|4f e8 aa b5 b4 e9 29 cf .... J.. O.....).
Sep 21 11:13:29 www postfix/smtpd[11505]: 0010 26 3e 2f 0e 2b 3a 79 5c|7c 5f a4 2f 3e 6e 12 c4 &>/.+:y\ |_./>n..
Sep 21 11:13:29 www postfix/smtpd[11505]: 0020 85 da 3d 68 dd ..=h.
Sep 21 11:13:29 www postfix/smtpd[11505]: read from 7F6925B38D90 [7F6925B5CD50] (5 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Sep 21 11:13:29 www postfix/smtpd[11505]: disconnect from unknown[192.168.0.7]

falko 22nd September 2009 16:02

I'm not sure, but maybe someone tries to send badly formatted emails to your server?

albertux 22nd September 2009 18:44

i thought the same, but the dificulty for me to understand is this ip direction, 192.168.0.7 because this ip is an internal ip address ? maybe is a kind of virus into some machine with windows, because i don't think in some kind of attack over the office is very unlikely ..., but the machine don't have access to this machine, this machine is a proxy squid ... is very very strange .... well if you know something more just tell me... thank you again ...


All times are GMT +2. The time now is 23:01.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.