On Wed, 23 Nov 2005, Ryan Kerwin Macrohon wrote: | Guys!!there are many messages that I receive...when i read the logs, | this is what it mostly say...Am i compromised!!!any comment would be of | big help!!! | | Nov 23 23:08:35 server1 exim[7252]: 2005-11-23 23:08:35 1EeyQI-0001fT-DO | ** [EMAIL PROTECTED] <[EMAIL PROTECTED]> R=dnslookup T=remote_smtp: SMTP error | from remote mailer after RCPT TO:<[EMAIL PROTECTED]>: host smtp00.fbi.gov | [204.11.0.66]: 550 <[EMAIL PROTECTED]>: Recipient address rejected: This | service is temporarily unavailable. Please contact the recipient via | other means.
Hi, No, your Exim mail server is not hacked. Rather, it's appears to be setup to try to bounce virus mails to the forged sender. This is not good practice. You want to fix your configuration to reject such mails - ie. to not accept the things in the first place. The infected machine itself may or may not be one of yours. But that's a another issue. As others have pointed out, the virus is likely a recent sober variant, which are forging addresses in the fbi.gov domain. I wonder what the FBI will do with the list of IPs that are DDoSing them with bogus bounces.... -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
