Something weird in

Discussion in 'Installation/Configuration' started by bswinnerton, Feb 2, 2008.

  1. bswinnerton

    bswinnerton New Member

    Feb  2 15:18:20 cw-webserver postfix/smtpd[32640]: connect from[]
    Feb  2 15:18:20 cw-webserver postfix/smtpd[32640]: EBEF31C842C:[]
    Feb  2 15:18:21 cw-webserver postfix/cleanup[32644]: EBEF31C842C: message-id=<[email protected]>
    Feb  2 15:18:21 cw-webserver postfix/qmgr[17999]: EBEF31C842C: from=<[email protected]>, size=1380, nrcpt=1 (queue active)
    Feb  2 15:18:21 cw-webserver postfix/smtpd[32640]: disconnect from[]
    Is someone trying to hack in?
  2. thecaoticone

    thecaoticone New Member

    It looks to me like a standard Postfix transaction. is the server that connected and they delivered a message from [email protected] Then the message was placed in the Postfix queue to be delivered to your user and the connection was closed.

    What part looks wierd to you?
    Last edited: Feb 3, 2008
  3. bswinnerton

    bswinnerton New Member

    Well I don't recognize the email address at all, I know all of my email users and don't think they'd be sending something to that email address.
  4. thecaoticone

    thecaoticone New Member

    I checked the website. This is from the site:

    I don't know your SPAM prevention set-up, but if one of your users did not contact this site, I would think it was a piece of ***SPAM*** that got past your system.

    You might want to monitor you mail log for a few days and see if the user responds.

    I honestly don't think it was a hack attempt. Usually a hack attempt will try to login and they tend last for a while. I deliberately watched a kiddie-script try to get in on my server one night. It lasted over 3 hours trying all kinds of logins. I had just built the server so nothing was on it yet. They never got in.
    Last edited: Feb 3, 2008
  5. bswinnerton

    bswinnerton New Member

    Alright, Thanks for all of your help =)

    I guess I'm just a little worried about getting hacked. I just noticed this morning that there was a relay access denied message in there, which kind of re-assured me, and after a little google-ing I found I wasn't the only person getting it from that email address.

    Well thanks again, and I'll keep an eye on the log.

Share This Page