#1  
Old 2nd February 2008, 22:55
bswinnerton bswinnerton is offline
Senior Member
 
Join Date: Jul 2007
Location: Connecticut, US
Posts: 502
Thanks: 51
Thanked 16 Times in 13 Posts
Default Something weird in mail.info

Code:
Feb  2 15:18:20 cw-webserver postfix/smtpd[32640]: connect from dns1.dotdoms.com[70.84.54.74]
Feb  2 15:18:20 cw-webserver postfix/smtpd[32640]: EBEF31C842C: client=dns1.dotdoms.com[70.84.54.74]
Feb  2 15:18:21 cw-webserver postfix/cleanup[32644]: EBEF31C842C: message-id=<43630686.20070502122711@zdi.com>
Feb  2 15:18:21 cw-webserver postfix/qmgr[17999]: EBEF31C842C: from=<main@zdi.com>, size=1380, nrcpt=1 (queue active)
Feb  2 15:18:21 cw-webserver postfix/smtpd[32640]: disconnect from dns1.dotdoms.com[70.84.54.74]
Is someone trying to hack in?
Reply With Quote
Sponsored Links
  #2  
Old 3rd February 2008, 05:24
thecaoticone thecaoticone is offline
Member
 
Join Date: Nov 2007
Posts: 89
Thanks: 1
Thanked 18 Times in 16 Posts
Default

It looks to me like a standard Postfix transaction.

dns1.dotdoms.com is the server that connected and they delivered a message from main@zdi.com. Then the message was placed in the Postfix queue to be delivered to your user and the connection was closed.


What part looks wierd to you?

Last edited by thecaoticone; 3rd February 2008 at 05:33.
Reply With Quote
  #3  
Old 3rd February 2008, 07:40
bswinnerton bswinnerton is offline
Senior Member
 
Join Date: Jul 2007
Location: Connecticut, US
Posts: 502
Thanks: 51
Thanked 16 Times in 13 Posts
Default

Well I don't recognize the email address at all, I know all of my email users and don't think they'd be sending something to that email address.
Reply With Quote
  #4  
Old 3rd February 2008, 08:07
thecaoticone thecaoticone is offline
Member
 
Join Date: Nov 2007
Posts: 89
Thanks: 1
Thanked 18 Times in 16 Posts
Default

I checked the zdi.com website. This is from the site:

Quote:
ZD is an established electronic component distribution powerhouse with an emphasis on board level active semiconductor devices.
I don't know your SPAM prevention set-up, but if one of your users did not contact this site, I would think it was a piece of ***SPAM*** that got past your system.

You might want to monitor you mail log for a few days and see if the user responds.

I honestly don't think it was a hack attempt. Usually a hack attempt will try to login and they tend last for a while. I deliberately watched a kiddie-script try to get in on my server one night. It lasted over 3 hours trying all kinds of logins. I had just built the server so nothing was on it yet. They never got in.

Last edited by thecaoticone; 3rd February 2008 at 08:24.
Reply With Quote
  #5  
Old 3rd February 2008, 16:42
bswinnerton bswinnerton is offline
Senior Member
 
Join Date: Jul 2007
Location: Connecticut, US
Posts: 502
Thanks: 51
Thanked 16 Times in 13 Posts
 
Default

Alright, Thanks for all of your help =)

I guess I'm just a little worried about getting hacked. I just noticed this morning that there was a relay access denied message in there, which kind of re-assured me, and after a little google-ing I found I wasn't the only person getting it from that email address.

Well thanks again, and I'll keep an eye on the log.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Weird experience with vsftpd vonedaddy Server Operation 3 14th January 2008 17:06
Need help ISPConfig and NAT weird domain problems nightshade2109 Installation/Configuration 11 16th November 2006 14:49
Re: Weird Thing with PHP bccisp01 Installation/Configuration 7 15th September 2006 19:43
Weird problem when sending email from a PHP form. edge Installation/Configuration 5 5th September 2006 16:57
Weird postfix problem: mail gets delivered again and again to infinity mority Server Operation 3 11th August 2006 16:48


All times are GMT +2. The time now is 21:55.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.