Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 8th May 2009, 06:50
bzzik bzzik is offline
Member
 
Join Date: Aug 2008
Posts: 67
Thanks: 1
Thanked 2 Times in 2 Posts
Exclamation Is my postfix hacked?

Hi guys! I really need help in my matter!

Yesterday I analyzed mail logs and noticed something really strange. I think my postfix is hacked. We do not use our mail server too much, but maillog is full of unrecognized records. Here is the part of it:

Quote:
May 8 07:32:55 s2 postfix/qmgr[10256]: 7FDF11049C6: to=<hemingway@ctv.es>, relay=none, delay=75981, delays=75981/0/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host inw.wanadoo.es
[62.36.20.20] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 8 07:32:55 s2 postfix/qmgr[10256]: 71C79104A43: from=<info@banesnet.es>, size=2453, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 71C79104A43: to=<davidmorg@mixmail.com>, relay=none, delay=73514, delays=73514/0/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host ing.wanad
oo.es[62.36.20.73] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 8 07:32:55 s2 postfix/qmgr[10256]: 71C79104A43: to=<davidsuescunm@wanadoo.es>, relay=none, delay=73514, delays=73514/0/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host inw.wa
nadoo.es[62.36.20.20] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 8 07:32:55 s2 postfix/qmgr[10256]: 7C1C210479C: from=<info@bancaja.es>, size=2421, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 72A04104B17: from=<>, size=5258, nrcpt=1 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 980FF10483E: from=<info@bancaja.es>, size=2395, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 93DE41049B6: from=<info@santandersupernet.es>, size=3322, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 93DE41049B6: to=<asoto4@bellsouth.net>, relay=none, delay=76076, delays=76076/0/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host gateway-f1
.isp.att.net[204.127.217.16] refused to talk to me: 550-87.226.13.245 blocked by ldapu=rblmx,dc=att,dc=net 550 Error - Blocked for abuse. See http://att.net/blocks)
May 8 07:32:55 s2 postfix/qmgr[10256]: 9CEC21049E1: from=<info@santandersupernet.es>, size=3322, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 9CEC21049E1: to=<reyamartinez@bellsouth.net>, relay=none, delay=75833, delays=75833/0.01/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host g
ateway-f1.isp.att.net[204.127.217.16] refused to talk to me: 550-87.226.13.245 blocked by ldapu=rblmx,dc=att,dc=net 550 Error - Blocked for abuse. See http://att.net/blocks)
May 8 07:32:55 s2 postfix/qmgr[10256]: 9CEC21049E1: to=<reyangel117@comcast.net>, relay=none, delay=75833, delays=75833/0.01/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host mx1b
.comcast.net[76.96.62.116] refused to talk to me: 554 IMTA22.westchester.pa.mail.comcast.net comcast 87.226.13.245 Comcast requires that all mail servers must have a PTR record with a valid Reverse DN
S entry. Currently your mail server does not fill that requirement. For more information, refer to: http://help.comcast.net/content/faq/PTR)
May 8 07:32:55 s2 postfix/qmgr[10256]: 9CEC21049E1: to=<reyalice@juno.com>, relay=none, delay=75833, delays=75833/0.02/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host mx.dca.unt
d.com[64.136.44.37] refused to talk to me: 550 Access denied...4f513585c185a9a9616014d901bdb901804d3d59f 0658d50a9b4f050e990904495cdad1090ad6420e100...)
May 8 07:32:55 s2 postfix/qmgr[10256]: 95BDD1049BC: from=<info@santandersupernet.es>, size=3322, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 9750E1047F7: from=<info@bancaja.es>, size=2395, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 6F4F8104704: from=<oficina@banestnet.es>, size=2466, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 6AA8C1047BD: from=<info@bancaja.es>, size=2421, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 6A0111046F2: from=<oficina@banestnet.es>, size=2466, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 6C3D210492F: from=<info@bancaja.es>, size=2395, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 6C3D210492F: to=<jesussv@wanadoo.es>, relay=none, delay=213500, delays=213500/0.01/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host inw.wan
adoo.es[62.36.20.20] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 8 07:32:55 s2 postfix/qmgr[10256]: 634571047A1: from=<info@bancaja.es>, size=2421, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 634571047A1: to=<keliichang@comcast.net>, relay=none, delay=327123, delays=327123/0/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host mx1b.c
omcast.net[76.96.62.116] refused to talk to me: 554 IMTA22.westchester.pa.mail.comcast.net comcast 87.226.13.245 Comcast requires that all mail servers must have a PTR record with a valid Reverse DNS
entry. Currently your mail server does not fill that requirement. For more information, refer to: http://help.comcast.net/content/faq/PTR)
May 8 07:32:55 s2 postfix/qmgr[10256]: 634571047A1: to=<keithevan@cox.net>, relay=none, delay=327123, delays=327123/0/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host mx.west.cox
May 8 07:32:56 s2 postfix/qmgr[10256]: 303C410494A: to=<mha@eresmas.com>, relay=none, delay=213333, delays=213332/0.82/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host ine.wanado
o.es[62.36.20.20] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 8 07:32:56 s2 postfix/qmgr[10256]: E3BD71048A3: to=<harppo_nene@eresmas.com>, relay=none, delay=248015, delays=248014/0.69/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host in
e.wanadoo.es[62.36.20.20] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 8 07:32:56 s2 postfix/qmgr[10256]: E1B1310480D: to=<ishtarkmm@eresmas.com>, relay=none, delay=214804, delays=214804/0.67/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host ine.
wanadoo.es[62.36.20.20] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 8 07:32:56 s2 postfix/qmgr[10256]: 08B9E10479B: to=<agfg@eresmas.com>, relay=none, delay=326939, delays=326939/0.64/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host ine.wanad
oo.es[62.36.20.20] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 8 07:32:56 s2 postfix/qmgr[10256]: 08B9E10479B: to=<agnogales@eresmas.com>, relay=none, delay=326939, delays=326939/0.64/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host ine.
wanadoo.es[62.36.20.20] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 8 07:32:56 s2 postfix/smtp[21724]: certificate verification failed for mx.terra.es: num=19:self signed certificate in certificate chain
May 8 07:32:56 s2 postfix/smtp[21724]: certificate verification failed for mx.terra.es: num=24:invalid CA certificate
May 8 07:32:56 s2 postfix/smtp[21724]: certificate verification failed for mx.terra.es: num=26:unsupported certificate purpose
May 8 07:32:56 s2 postfix/smtp[21724]: certificate verification failed for mx.terra.es: num=10:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21724]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21724]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21724]: certificate verification failed for mx.terra.es: num=10:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21724]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21724]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21725]: certificate verification failed for mx.terra.es: num=19:self signed certificate in certificate chain
May 8 07:32:56 s2 postfix/smtp[21725]: certificate verification failed for mx.terra.es: num=24:invalid CA certificate
May 8 07:32:56 s2 postfix/smtp[21725]: certificate verification failed for mx.terra.es: num=26:unsupported certificate purpose
May 8 07:32:56 s2 postfix/smtp[21725]: certificate verification failed for mx.terra.es: num=10:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21725]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21725]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21725]: certificate verification failed for mx.terra.es: num=10:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21725]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21725]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21709]: certificate verification failed for mail.aselegal.com: num=18:self signed certificate
May 8 07:32:56 s2 postfix/smtp[21659]: 1B3CD1048F0: to=<jrsamada@ramonsamada.es>, relay=none, delay=245073, delays=245072/0.12/1/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name ser
vice error for name=ramonsamada.es type=MX: Host not found, try again)
May 8 07:32:56 s2 postfix/smtp[21740]: certificate verification failed for tnetmx.telefonica.net: num=19:self signed certificate in certificate chain
May 8 07:32:56 s2 postfix/smtp[21740]: certificate verification failed for tnetmx.telefonica.net: num=24:invalid CA certificate
May 8 07:32:56 s2 postfix/smtp[21740]: certificate verification failed for tnetmx.telefonica.net: num=26:unsupported certificate purpose
May 8 07:32:56 s2 postfix/smtp[21740]: certificate verification failed for tnetmx.telefonica.net: num=10:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21740]: certificate verification failed for tnetmx.telefonica.net:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21740]: certificate verification failed for tnetmx.telefonica.net:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21740]: certificate verification failed for tnetmx.telefonica.net: num=10:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21740]: certificate verification failed for tnetmx.telefonica.net:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21740]: certificate verification failed for tnetmx.telefonica.net:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21696]: certificate verification failed for mail.envalladolid.com: num=18:self signed certificate
May 8 07:32:56 s2 postfix/smtp[21696]: certificate verification failed for mail.envalladolid.com: num=10:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21696]: certificate verification failed for mail.envalladolid.com:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21696]: certificate verification failed for mail.envalladolid.com:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21691]: 738FC1049C2: host mailin-02.mx.aol.com[205.188.249.91] said: 421 SERVICE NOT AVAILABLE, TEMPORARY DNS FAILURE (in reply to MAIL FROM command)
May 8 07:32:56 s2 postfix/smtp[21741]: certificate verification failed for mx.terra.es: num=19:self signed certificate in certificate chain
May 8 07:32:56 s2 postfix/smtp[21741]: certificate verification failed for mx.terra.es: num=24:invalid CA certificate
May 8 07:32:56 s2 postfix/smtp[21741]: certificate verification failed for mx.terra.es: num=26:unsupported certificate purpose
May 8 07:32:56 s2 postfix/smtp[21741]: certificate verification failed for mx.terra.es: num=10:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21741]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21741]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21741]: certificate verification failed for mx.terra.es: num=10:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21741]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21741]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21747]: 980FF10483E: to=<m.marsan@tiscali.it>, relay=imp-1.mail.tiscali.it[213.205.33.248]:25, delay=214747, delays=214746/0.74/0.42/0, dsn=4.0.0, status=deferred (host
imp-1.mail.tiscali.it[213.205.33.248] refused to talk to me: 554 imp-1.mail.tiscali.it ESMTP server not available if you do not have a reverse dns mapping)
May 8 07:32:56 s2 postfix/smtp[21673]: 1FFFF104B60: to=<maite@todoyoga.es>, relay=none, delay=58192, delays=58190/0.24/0.99/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service
error for name=todoyoga.es type=MX: Host not found, try again)
May 8 07:32:56 s2 postfix/smtp[21731]: connect to mail.q8online.com[195.39.142.2]: Connection refused (port 25)
May 8 07:32:56 s2 postfix/smtp[21731]: 7FDF11049C6: to=<helpdesk@q8online.com>, relay=none, delay=75982, delays=75981/0.68/0.5/0, dsn=4.4.1, status=deferred (connect to mail.q8online.com[195.39.142.2
]: Connection refused)
May 8 07:32:56 s2 postfix/smtp[21708]: 754B810452E: to=<pilarm.hoces.sspa@deandalucia.es>, relay=none, delay=246705, delays=246704/0.55/0.65/0, dsn=4.4.3, status=deferred (Host or domain name not fou
nd. Name service error for name=deandalucia.es type=MX: Host not found, try again)
May 8 07:32:56 s2 postfix/smtp[21726]: certificate verification failed for relay.unizar.es: num=19:self signed certificate in certificate chain
May 8 07:32:56 s2 postfix/smtp[21707]: 771BB1047A8: host mailin-02.mx.aol.com[205.188.249.91] said: 421 SERVICE NOT AVAILABLE, TEMPORARY DNS FAILURE (in reply to MAIL FROM command)
Many .es domain names, but our mail server is in .lv zone! And we do not have so much users, to send SO MANY emails!!!

What steps should I take now? Is it trojan horse on my server or something???

P.S.
I am using CentoOS 5.2 (Perfect server install)

Last edited by bzzik; 8th May 2009 at 12:51.
Reply With Quote
Sponsored Links
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix not responding to telnet CarbonCopy Server Operation 6 8th May 2009 05:39
Undelivered Mail Returned to Sender Error202 General 5 7th May 2009 11:14
localhost postfix/master: fatal: bind 127.0.0.1 port 125: Permission denied g18c Installation/Configuration 4 24th March 2009 17:39
Centos 4.4 32bit Hangs, High Server load 3cwired_com Server Operation 11 16th November 2006 15:47
Verify email setup meekish Installation/Configuration 28 27th October 2006 15:36


All times are GMT +2. The time now is 05:04.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.