Something weird in mail.info

Discussion in 'Installation/Configuration' started by bswinnerton, Feb 2, 2008.

  1. bswinnerton

    bswinnerton New Member

    Code:
    Feb  2 15:18:20 cw-webserver postfix/smtpd[32640]: connect from dns1.dotdoms.com[70.84.54.74]
    Feb  2 15:18:20 cw-webserver postfix/smtpd[32640]: EBEF31C842C: client=dns1.dotdoms.com[70.84.54.74]
    Feb  2 15:18:21 cw-webserver postfix/cleanup[32644]: EBEF31C842C: message-id=<43630686.20070502122711@zdi.com>
    Feb  2 15:18:21 cw-webserver postfix/qmgr[17999]: EBEF31C842C: from=<main@zdi.com>, size=1380, nrcpt=1 (queue active)
    Feb  2 15:18:21 cw-webserver postfix/smtpd[32640]: disconnect from dns1.dotdoms.com[70.84.54.74]
    
    Is someone trying to hack in?
     
  2. thecaoticone

    thecaoticone New Member

    It looks to me like a standard Postfix transaction.

    dns1.dotdoms.com is the server that connected and they delivered a message from main@zdi.com. Then the message was placed in the Postfix queue to be delivered to your user and the connection was closed.


    What part looks wierd to you?
     
    Last edited: Feb 3, 2008
  3. bswinnerton

    bswinnerton New Member

    Well I don't recognize the email address at all, I know all of my email users and don't think they'd be sending something to that email address.
     
  4. thecaoticone

    thecaoticone New Member

    I checked the zdi.com website. This is from the site:

    I don't know your SPAM prevention set-up, but if one of your users did not contact this site, I would think it was a piece of ***SPAM*** that got past your system.

    You might want to monitor you mail log for a few days and see if the user responds.

    I honestly don't think it was a hack attempt. Usually a hack attempt will try to login and they tend last for a while. I deliberately watched a kiddie-script try to get in on my server one night. It lasted over 3 hours trying all kinds of logins. I had just built the server so nothing was on it yet. They never got in.
     
    Last edited: Feb 3, 2008
  5. bswinnerton

    bswinnerton New Member

    Alright, Thanks for all of your help =)

    I guess I'm just a little worried about getting hacked. I just noticed this morning that there was a relay access denied message in there, which kind of re-assured me, and after a little google-ing I found I wasn't the only person getting it from that email address.

    Well thanks again, and I'll keep an eye on the log.
     

Share This Page