HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   mail bouncing in the account which were never sent. (http://www.howtoforge.com/forums/showthread.php?t=59625)

pawan 18th November 2012 12:23
mail bouncing in the account which were never sent.
 
Today I have received many bounced mails in my account, which I never sent.

It appears that my system is compromised and mail are being sent from my account.

please suggest a appropriate solution to overcome this.

here is a copy of the bounced mail.

Code:
This is the mail system at host server1.mywebsolutions.co.in.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                  The mail system

<jd_abulan@yahoo.com>: host mta6.am0.yahoodns.net[66.196.118.36] said: 554
    delivery error: dd This user doesn't have a yahoo.com account
    (jd_abulan@yahoo.com) [0] - mta1233.mail.bf1.yahoo.com (in reply to end of
    DATA command)

Reporting-MTA: dns; server1.mywebsolutions.co.in
X-Postfix-Queue-ID: 9E0EB2101C6C
X-Postfix-Sender: rfc822; pkjoshi@cbsindia.in
Arrival-Date: Sun, 18 Nov 2012 16:35:54 +0530 (IST)

Final-Recipient: rfc822; jd_abulan@yahoo.com
Original-Recipient: rfc822;jd_abulan@yahoo.com
Action: failed
Status: 5.0.0
Remote-MTA: dns; mta6.am0.yahoodns.net
Diagnostic-Code: smtp; 554 delivery error: dd This user doesn't have a
    yahoo.com account (jd_abulan@yahoo.com) [0] - mta1233.mail.bf1.yahoo.com

Return-Path: <pkjoshi@cbsindia.in>
Received: from localhost (localhost.localdomain [127.0.0.1])
        by server1.mywebsolutions.co.in (Postfix) with ESMTP id 9E0EB2101C6C
        for <jd_abulan@yahoo.com>; Sun, 18 Nov 2012 16:35:54 +0530 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cbsindia.in; h=
        message-id:content-transfer-encoding:content-type:content-type
        :reply-to:from:fromubjectubject:x-mailer:date:date
        :mime-version:received:received; s=mail; t=1353236753; x=
        1355051153; bh=tql5hx8+TtPY6Up7FZKa82B2NIa3/LRZI5lS673xuFU=; b=S
        yhCE7CLKF4TTUzBPLC5ZcgaJuJbVbz5K00f3M/ZrulpcuAXBJNUR7e41vEwLdz8E
        B+IsjmM/igof3yA6weuzYON9l9b26GccDbtHtF0x9OK5fFocm8Va+RJUOIcBdASL
        yvJwiilGUSmUEe+qNSPYoaURXIKta5XPLVy75DiNTI=
X-Virus-Scanned: Debian amavisd-new at server1.mywebsolutions.co.in
Received: from server1.mywebsolutions.co.in ([127.0.0.1])
        by localhost (server1.mywebsolutions.co.in [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id Nqrq6J9OM3NU for <jd_abulan@yahoo.com>;
        Sun, 18 Nov 2012 16:35:53 +0530 (IST)
Received: from hannes (unknown [190.222.173.217])
        (Authenticated sender: pkjoshi@cbsindia.in)
        by server1.mywebsolutions.co.in (Postfix) with ESMTPA id 886922101C2F
        for <jd_abulan@yahoo.com>; Sun, 18 Nov 2012 16:35:52 +0530 (IST)
MIME-Version: 1.0
Date: Sun, 18 Nov 2012 14:05:50 +0300
X-Priority: 3 (Normal)
X-Mailer: Mailman v3.3.3
Subject: Change your way of life
From: pkjoshi@cbsindia.in
Reply-To: abusereport@google.com
To: "jdabulan" <jd_abulan@yahoo.com>
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Message-ID: <OUTLOOK-IDM-aab7c3e7-ffab-5613-d998-5d10afefcbbc@hannes>

Greetings,=0A=0AMy dear fellow gay citizens! I salute you, and would lik=
e to welcome you to my web site. Using this simple tool we can arrange a=
 meeting to execute all kinds of sex dreams you can imagine starting fro=
m anal to BDSM and simple oral and urinal joys! We're promoting gay way =
of life to the masses and want to invite you to our web site=0A=0Ahttps:=
//sites.google.com/site/varchuksergey/home=0A=0A=0A=0A******************=
**********************************=0AThis message was sent according to =
Google's Terms of Service. If you find this message abusing or would lik=
e to file a complaint or submit a legal request please contact us at htt=
ps://sites.google.com/site/varchuksergey/system/app/pages/reportAbuse=0A=
****************************************************

till 18th November 2012 16:15
This does not nescessarily mean that the server is compromised, most likely someone got just a password of a email account on your server e.g. when the user authenticated without encryption over a open wlan and someone sniffed the password. Is this a email account on your server?

pkjoshi@cbsindia.in

If yes, then you should change the password of this account to stop the mail sending.

pawan 18th November 2012 19:47
Thanks.
Yes, this mail account is on the server.
I have changed the password and that appears to have solved the problem, but how can I prevent the same in the future.

till 18th November 2012 19:56
You can not prevent it. If you give somone a password for a service on your server like amil, ftp, ssh, mysql, etc. then it can happen that he looses the password or someone steals or guesses the password etc. So all you can do is to monotor your system and when you recognice any unusual activity, investigate it and shutdown the account or change the password.


All times are GMT +2. The time now is 01:51.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.