Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 5th April 2008, 08:19
PierreQuebec PierreQuebec is offline
Junior Member
 
Join Date: Mar 2008
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
Exclamation Have I Been Hacked? :-o

Now I'm wondering if I have been hacked or something!!! :-S

I tried again setting up my MX records to my current IP address, and then I sent myself an e-mail from my Hotmail account. It bounced back with the following message:

Quote:
This is the mail system at host c9mailgw40.amadis.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<pierre@pierrepaquette.net>: host fwd.nsm.ctmail.com[69.64.145.228] said: 550
5.7.1 Invalid recipient: 'pierre@pierrepaquette.net' (in reply to RCPT TO
command)
Now http://www.amadis.com returns nothing (hangs) and http://www.ctmail.com shows an "Under Construction" page, so I can't get much info about those.

Have I been somehow hacked? Their IP address (69.64.145.228) is nothing like mine (currently 69.159.185.137) or the one returned by:
[QUOTE]
$ dig mx pierrepaquette.net

; <<>> DiG 9.4.1-P1 <<>> mx pierrepaquette.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23232
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;pierrepaquette.net. IN MX

;; ANSWER SECTION:
pierrepaquette.net. 3600 IN MX 10 mail.pierrepaquette.net.

;; ADDITIONAL SECTION:
mail.pierrepaquette.net. 3600 IN A 69.159.185.137[QUOTE]

Help me please!

(I will double post this because I need an answer to this issue FAST!)
Reply With Quote
Sponsored Links
  #2  
Old 5th April 2008, 13:26
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

your mx is pointing else where.
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #3  
Old 6th April 2008, 21:43
PierreQuebec PierreQuebec is offline
Junior Member
 
Join Date: Mar 2008
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I've changed the MX records now and everything should work, but it's not working still, Postfix won't get the messages for the domains it's watching.

As I posted in another thread, it all started after my Internet connexion was down for a few hours. Could it be that my ISP decided to block the ports used by Postfix? How could I check that out?
Reply With Quote
  #4  
Old 6th April 2008, 23:51
chipsafts chipsafts is offline
Senior Member
 
Join Date: Nov 2007
Posts: 184
Thanks: 2
Thanked 6 Times in 6 Posts
Default

no response from 65.94.90.173
and traceroute dies at
64.230.186.149 bx1-chicagodt_pos1-1.net.bell.ca
Reply With Quote
  #5  
Old 7th April 2008, 00:17
PierreQuebec PierreQuebec is offline
Junior Member
 
Join Date: Mar 2008
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks. What port were you scanning? I'll try and figure out what is happenning...
Reply With Quote
  #6  
Old 7th April 2008, 00:28
chipsafts chipsafts is offline
Senior Member
 
Join Date: Nov 2007
Posts: 184
Thanks: 2
Thanked 6 Times in 6 Posts
Default

I tried sending an email to the account you mentioned and got the 'no response'. I don't know what traceroute uses, I presume the same as ping.
Reply With Quote
  #7  
Old 7th April 2008, 00:53
PierreQuebec PierreQuebec is offline
Junior Member
 
Join Date: Mar 2008
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Odd. Everything used to work just fine. Maybe I should try deinstalling and reinstalling Postfix?!

I'm puzzled!
Reply With Quote
  #8  
Old 7th April 2008, 02:07
chipsafts chipsafts is offline
Senior Member
 
Join Date: Nov 2007
Posts: 184
Thanks: 2
Thanked 6 Times in 6 Posts
Default

if you can send internally on that pc, then check your firewall.
I can't answer your Postfix questions as I'm a sendmail 'er.
Reply With Quote
  #9  
Old 7th April 2008, 03:01
PierreQuebec PierreQuebec is offline
Junior Member
 
Join Date: Mar 2008
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Well I meant that it was working fine before I had problems with my Internet connexion.

Is it possible to configure Sendmail to handle multiple domains? I chose Postfix because I ran across a "howto" but if I have other choices, I'll consider them...
Reply With Quote
  #10  
Old 7th April 2008, 18:35
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
 
Default

Quote:
Originally Posted by PierreQuebec
Is it possible to configure Sendmail to handle multiple domains?
Yes, but I find Sendmail hard to configure. I'd stay with Postfix.
What's the output of
Code:
iptables -L
? Is port 25 open in your router's firewall?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
My server got hacked and is being used to SPAM greenhornet Installation/Configuration 15 28th January 2008 17:02
hacked by By BeLa & BodyguarD shajazzi HOWTO-Related Questions 2 25th April 2007 23:49
Microsoft hacked? sjau Smalltalk 3 2nd November 2006 17:20
Postfix hacked cvine Server Operation 3 5th August 2006 08:13
Debian server hacked TheRudy Installation/Configuration 2 16th July 2006 09:35


All times are GMT +2. The time now is 00:44.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.