Bacula User group, Forwarded was an E-mail I had received with the subject "Hacker Attack". I investigated the header of the E-mail, expecting it to be random spam (it was sent by "test" who was at [EMAIL PROTECTED]") and looking at the message trail, it appears to have originated from my I.P. address (203.206.99.253). This is where I 'm concerned since I'm the only person who uses this machine, and it went specifically to my own E-mail. So here I am sending E-mails to myself.
Could this be bsmtp? I have three PC's on the network, one windows and two linux. I can understand that a variety of these could be the source, however, I'm only aware of one having smtp capabilities, being the same one running bacula and all other software I regularly use. In addition, I have many e-mail addresses and this e-mail address also happens to be the one configured for bacula to send e-mail. I've just finished a fresh install of this PC and am grateful I modified bacula-dir and sd to not run as root user (it wasn't configured to do that by default, apparently, by the gentoo package manager - since my storage daemon wrote in a folder it should not have had access to unless the filesystem was mounted). Anyway, I'm kind of stuck for thought. Hopefully there is nothing malicious here and I can't work out what else could have sent this E-mail. I also remember playing with bsmtp or perhaps some other mail sending package and entering in the dummy user details of "test<[EMAIL PROTECTED]>". I do suspect I have code on my system which has been modified and I have received this e-mail a couple of times. If anyone has any advice on how I can check if this could be bsmtp or perhaps something else (again, I think of bacula specifically because of the e-mail address that this e-mail was sent to). It could be some really clever spam / spoof thing happening, but I feel that there are too many things pointing to my machine. I appreciate any help as I am concerned. Gary. -------- Original Message -------- From: - Sun Jul 1 21:42:18 2007 X-Account-Key: account7 X-UIDL: GmailId113721bad87ddde2 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Delivered-To: [EMAIL PROTECTED] Received: by 10.78.29.17 with SMTP id c17cs198244huc; Thu, 28 Jun 2007 04:33:48 -0700 (PDT) Received: by 10.114.149.2 with SMTP id w2mr1483576wad.1183030427564; Thu, 28 Jun 2007 04:33:47 -0700 (PDT) Return-Path: <[EMAIL PROTECTED]> Received: from mail-ihug.icp-qv1-irony5.iinet.net.au (ihug-mail.icp-qv1-irony5.iinet.net.au [203.59.1.199]) by mx.google.com with ESMTP id m28si6423140waf.2007.06.28.04.33.40; Thu, 28 Jun 2007 04:33:47 -0700 (PDT) Received-SPF: neutral (google.com: 203.59.1.199 is neither permitted nor denied by best guess record for domain of [EMAIL PROTECTED]) Date: Thu, 28 Jun 2007 04:33:42 -0700 (PDT) Received: from 203-206-99-253.dyn.iinet.net.au (HELO localhost) ([203.206.99.253]) by mail-ihug.icp-qv1-irony5.iinet.net.au with ESMTP; 28 Jun 2007 19:33:39 +0800 Message-Id: <[EMAIL PROTECTED]> X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AluPAFE5g0bLzmP9/2dsb2JhbACODQE+ X-IronPort-AV: i="4.16,470,1175443200"; d="scan'"; a="1151747546:sNHT19809976" From: test<[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Hacker Attack!!! eStamp: ca2e1154 LastTimeStamp: ca2e1191 LastTimeStamp: ca2e11d1 LastTimeStamp: ca2e120e LastTimeStamp: ca2e124e LastTimeStamp: ca2e128b LastTimeStamp: ca2e12c7 LastTimeStamp: ca2e1308 LastTimeStamp: ca2e1346 LastTimeStamp: ca2e1383 LastTimeStamp: ca2e13c0 LastTimeStamp: ca2e13fc LastTimeStamp: ca2e1438 LastTimeStamp: ca2e1475 LastTimeStamp: ca2e14b5 LastTimeStamp: ca2e14f2 LastTimeStamp: ca2e1530 LastTimeStamp: ca2e156d LastTimeStamp: ca2e15ab LastTimeStamp: ca2e15e8 LastTimeStamp: ca2e162a LastTimeStamp: ca2e1667 LastTimeStamp: ca2e16a4 LastTimeStamp: ca2e16e0 LastTimeStamp: ca2e171c LastTimeStamp: ca2e175d LastTimeStamp: ca2e179a LastTimeStamp: ca2e17da LastTimeStamp: ca2e1817 LastTimeStamp: ca2e1857 LastTimeStamp: ca2e1894 LastTimeStamp: ca2e18d0 LastTimeStamp: ca2e1911 LastTimeStamp: ca2e1951 LastTimeStamp: ca2e198e LastTimeStamp: ca2e19ca LastTimeStamp: ca2e1a09 LastTimeStamp: ca2e1a4c LastTimeStamp: ca2e1a8d LastTimeStamp: ca2e1acf LastTimeStamp: ca2e1b0e ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
