Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 18th November 2012, 13:23
pawan pawan is offline
Senior Member
 
Join Date: Jul 2010
Posts: 222
Thanks: 44
Thanked 6 Times in 6 Posts
Default mail bouncing in the account which were never sent.

Today I have received many bounced mails in my account, which I never sent.

It appears that my system is compromised and mail are being sent from my account.

please suggest a appropriate solution to overcome this.

here is a copy of the bounced mail.

Code:
This is the mail system at host server1.mywebsolutions.co.in.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<jd_abulan@yahoo.com>: host mta6.am0.yahoodns.net[66.196.118.36] said: 554
    delivery error: dd This user doesn't have a yahoo.com account
    (jd_abulan@yahoo.com) [0] - mta1233.mail.bf1.yahoo.com (in reply to end of
    DATA command)

Reporting-MTA: dns; server1.mywebsolutions.co.in
X-Postfix-Queue-ID: 9E0EB2101C6C
X-Postfix-Sender: rfc822; pkjoshi@cbsindia.in
Arrival-Date: Sun, 18 Nov 2012 16:35:54 +0530 (IST)

Final-Recipient: rfc822; jd_abulan@yahoo.com
Original-Recipient: rfc822;jd_abulan@yahoo.com
Action: failed
Status: 5.0.0
Remote-MTA: dns; mta6.am0.yahoodns.net
Diagnostic-Code: smtp; 554 delivery error: dd This user doesn't have a
    yahoo.com account (jd_abulan@yahoo.com) [0] - mta1233.mail.bf1.yahoo.com

Return-Path: <pkjoshi@cbsindia.in>
Received: from localhost (localhost.localdomain [127.0.0.1])
	by server1.mywebsolutions.co.in (Postfix) with ESMTP id 9E0EB2101C6C
	for <jd_abulan@yahoo.com>; Sun, 18 Nov 2012 16:35:54 +0530 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cbsindia.in; h=
	message-id:content-transfer-encoding:content-type:content-type
	:reply-to:from:fromubjectubject:x-mailer:date:date
	:mime-version:received:received; s=mail; t=1353236753; x=
	1355051153; bh=tql5hx8+TtPY6Up7FZKa82B2NIa3/LRZI5lS673xuFU=; b=S
	yhCE7CLKF4TTUzBPLC5ZcgaJuJbVbz5K00f3M/ZrulpcuAXBJNUR7e41vEwLdz8E
	B+IsjmM/igof3yA6weuzYON9l9b26GccDbtHtF0x9OK5fFocm8Va+RJUOIcBdASL
	yvJwiilGUSmUEe+qNSPYoaURXIKta5XPLVy75DiNTI=
X-Virus-Scanned: Debian amavisd-new at server1.mywebsolutions.co.in
Received: from server1.mywebsolutions.co.in ([127.0.0.1])
	by localhost (server1.mywebsolutions.co.in [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id Nqrq6J9OM3NU for <jd_abulan@yahoo.com>;
	Sun, 18 Nov 2012 16:35:53 +0530 (IST)
Received: from hannes (unknown [190.222.173.217])
	(Authenticated sender: pkjoshi@cbsindia.in)
	by server1.mywebsolutions.co.in (Postfix) with ESMTPA id 886922101C2F
	for <jd_abulan@yahoo.com>; Sun, 18 Nov 2012 16:35:52 +0530 (IST)
MIME-Version: 1.0
Date: Sun, 18 Nov 2012 14:05:50 +0300
X-Priority: 3 (Normal)
X-Mailer: Mailman v3.3.3
Subject: Change your way of life
From: pkjoshi@cbsindia.in
Reply-To: abusereport@google.com
To: "jdabulan" <jd_abulan@yahoo.com>
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Message-ID: <OUTLOOK-IDM-aab7c3e7-ffab-5613-d998-5d10afefcbbc@hannes>

Greetings,=0A=0AMy dear fellow gay citizens! I salute you, and would lik=
e to welcome you to my web site. Using this simple tool we can arrange a=
 meeting to execute all kinds of sex dreams you can imagine starting fro=
m anal to BDSM and simple oral and urinal joys! We're promoting gay way =
of life to the masses and want to invite you to our web site=0A=0Ahttps:=
//sites.google.com/site/varchuksergey/home=0A=0A=0A=0A******************=
**********************************=0AThis message was sent according to =
Google's Terms of Service. If you find this message abusing or would lik=
e to file a complaint or submit a legal request please contact us at htt=
ps://sites.google.com/site/varchuksergey/system/app/pages/reportAbuse=0A=
****************************************************
Reply With Quote
Sponsored Links
  #2  
Old 18th November 2012, 17:15
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,651 Times in 4,461 Posts
Default

This does not nescessarily mean that the server is compromised, most likely someone got just a password of a email account on your server e.g. when the user authenticated without encryption over a open wlan and someone sniffed the password. Is this a email account on your server?

pkjoshi@cbsindia.in

If yes, then you should change the password of this account to stop the mail sending.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
pawan (18th November 2012)
  #3  
Old 18th November 2012, 20:47
pawan pawan is offline
Senior Member
 
Join Date: Jul 2010
Posts: 222
Thanks: 44
Thanked 6 Times in 6 Posts
Default

Thanks.
Yes, this mail account is on the server.
I have changed the password and that appears to have solved the problem, but how can I prevent the same in the future.
Reply With Quote
  #4  
Old 18th November 2012, 20:56
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,651 Times in 4,461 Posts
 
Default

You can not prevent it. If you give somone a password for a service on your server like amil, ftp, ssh, mysql, etc. then it can happen that he looses the password or someone steals or guesses the password etc. So all you can do is to monotor your system and when you recognice any unusual activity, investigate it and shutdown the account or change the password.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
pawan (18th November 2012)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting Email Working ISPConfig3 Squirrelmail and Courier etc Ian Wilson Installation/Configuration 17 19th June 2013 23:58
dovecot: lda: Fatal: Unknown user dpicella Installation/Configuration 1 22nd August 2010 03:59
Postfix + postfixadmin = SMTP errors... Rashef Server Operation 4 25th June 2009 17:12
Problem with dcc-client installation (Postfix) swap-as Installation/Configuration 9 18th September 2008 21:47
Postfix reject connections gabrix Server Operation 27 25th January 2007 09:37


All times are GMT +2. The time now is 10:18.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.