This morning I got some odd undeliverable error messages:
Received: from localhost (localhost [127.0.0.1])
(ftp://ftp.isi.edu/in-notes/rfc1894.txt)
by mail.j2solutions.net with dsn; Thu, 11 Jul 2002 07:00:32 -0700
From: "Courier mail server at mail.j2solutions.net" <@>
To: [EMAIL PROTECTED]
Subject: NOTICE: mail delivery status.
Mime-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="=_courier_0"
Content-Transfer-Encoding: 7bit
Message-ID: <[EMAIL PROTECTED]>
Date: Thu, 11 Jul 2002 07:00:32 -0700
This is a delivery status notification from mail.j2solutions.net,
running the Courier mail server, version 0.39.1.
The original message was received on Thu, 11 Jul 2002 07:00:32 -0700
from localhost (localhost [127.0.0.1])
-----------------------------------------------------------------------
----
UNDELIVERABLE MAIL
Your message to the following recipients cannot be delivered:
<[EMAIL PROTECTED]>:
<<< No such domain.
-----------------------------------------------------------------------
----
If your message was also sent to additional recipients, their delivery
status is not included in this report. You may or may not receive
other delivery status notifications for additional recipients.
The original message follows as a separate attachment.
[message/delivery-status (337 bytes)]
Reporting-MTA: dns; mail.j2solutions.net
Arrival-Date: Thu, 11 Jul 2002 07:00:32 -0700
Received-From-MTA: dns; localhost (localhost [127.0.0.1])
Final-Recipient: rfc822; [EMAIL PROTECTED]
Action: failed
Status: 5.0.0
Diagnostic-Code: unknown; No such domain.
Received: from localhost (localhost [127.0.0.1])
(uid 48)
by mail.j2solutions.net with local; Thu, 11 Jul 2002 07:00:32 -0700
To: [EMAIL PROTECTED]
Subject:
From: [EMAIL PROTECTED]
Reply-To:
Message-ID: <[EMAIL PROTECTED]>
Date: Thu, 11 Jul 2002 07:00:32 -0700
MESSAGE: sure some people would be interested about whats in here
This conserns me because it looks like the mail is coming from
[EMAIL PROTECTED] (which only I have a password for, and root doesn't
allow remote logins), and the original message doesn't look like
anything that one of my services would send out.
After further investigation into my log files, I do see some mail go
through as [EMAIL PROTECTED] to [EMAIL PROTECTED] which is a valid
address. This bothers me greatly, and I would like help in finding out
if somehow I was hacked or if there is an unknown exploit to
courier-mta.
These are the versions of Courier running on my Red Hat 7.2 server:
courier-maildrop-wrapper-0.39.1-1.7.2
courier-sendmail-wrapper-0.39.1-1.7.2
courier-imapd-0.39.1-1.7.2
courier-pop3d-0.39.1-1.7.2
courier-webmail-0.39.1-1.7.2
courier-maildrop-0.39.1-1.7.2
courier-mysql-0.39.1-1.7.2
courier-webadmin-0.39.1-1.7.2
courier-0.39.1-1.7.2
courier-mlm-0.39.1-1.7.2
courier-smtpauth-0.39.1-1.7.2
--
Jesse Keating
j2solutions.net
Mondo DevTeam (www.mondorescue.org)
Was I helpful? Let others know:
http://svcs.affero.net/rm.php?r=jkeating
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
PC Mods, Computing goodies, cases & more
http://thinkgeek.com/sf
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
