||18th November 2012 13:23
mail bouncing in the account which were never sent.
Today I have received many bounced mails in my account, which I never sent.
It appears that my system is compromised and mail are being sent from my account.
please suggest a appropriate solution to overcome this.
here is a copy of the bounced mail.
This is the mail system at host server1.mywebsolutions.co.in.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<email@example.com>: host mta6.am0.yahoodns.net[220.127.116.11] said: 554
delivery error: dd This user doesn't have a yahoo.com account
(firstname.lastname@example.org)  - mta1233.mail.bf1.yahoo.com (in reply to end of
Reporting-MTA: dns; server1.mywebsolutions.co.in
X-Postfix-Sender: rfc822; email@example.com
Arrival-Date: Sun, 18 Nov 2012 16:35:54 +0530 (IST)
Final-Recipient: rfc822; firstname.lastname@example.org
Remote-MTA: dns; mta6.am0.yahoodns.net
Diagnostic-Code: smtp; 554 delivery error: dd This user doesn't have a
yahoo.com account (email@example.com)  - mta1233.mail.bf1.yahoo.com
Received: from localhost (localhost.localdomain [127.0.0.1])
by server1.mywebsolutions.co.in (Postfix) with ESMTP id 9E0EB2101C6C
for <firstname.lastname@example.org>; Sun, 18 Nov 2012 16:35:54 +0530 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cbsindia.in; h=
:mime-version:received:received; s=mail; t=1353236753; x=
1355051153; bh=tql5hx8+TtPY6Up7FZKa82B2NIa3/LRZI5lS673xuFU=; b=S
X-Virus-Scanned: Debian amavisd-new at server1.mywebsolutions.co.in
Received: from server1.mywebsolutions.co.in ([127.0.0.1])
by localhost (server1.mywebsolutions.co.in [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Nqrq6J9OM3NU for <email@example.com>;
Sun, 18 Nov 2012 16:35:53 +0530 (IST)
Received: from hannes (unknown [18.104.22.168])
(Authenticated sender: firstname.lastname@example.org)
by server1.mywebsolutions.co.in (Postfix) with ESMTPA id 886922101C2F
for <email@example.com>; Sun, 18 Nov 2012 16:35:52 +0530 (IST)
Date: Sun, 18 Nov 2012 14:05:50 +0300
X-Priority: 3 (Normal)
X-Mailer: Mailman v3.3.3
Subject: Change your way of life
To: "jdabulan" <firstname.lastname@example.org>
Greetings,=0A=0AMy dear fellow gay citizens! I salute you, and would lik=
e to welcome you to my web site. Using this simple tool we can arrange a=
meeting to execute all kinds of sex dreams you can imagine starting fro=
m anal to BDSM and simple oral and urinal joys! We're promoting gay way =
of life to the masses and want to invite you to our web site=0A=0Ahttps:=
**********************************=0AThis message was sent according to =
Google's Terms of Service. If you find this message abusing or would lik=
e to file a complaint or submit a legal request please contact us at htt=
||18th November 2012 17:15
This does not nescessarily mean that the server is compromised, most likely someone got just a password of a email account on your server e.g. when the user authenticated without encryption over a open wlan and someone sniffed the password. Is this a email account on your server?
If yes, then you should change the password of this account to stop the mail sending.
||18th November 2012 20:47
Yes, this mail account is on the server.
I have changed the password and that appears to have solved the problem, but how can I prevent the same in the future.
||18th November 2012 20:56
You can not prevent it. If you give somone a password for a service on your server like amil, ftp, ssh, mysql, etc. then it can happen that he looses the password or someone steals or guesses the password etc. So all you can do is to monotor your system and when you recognice any unusual activity, investigate it and shutdown the account or change the password.
|All times are GMT +2. The time now is 08:26.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.