Lan Barnes wrote: > Forwarded in its entirety is this mail bounce notice. I need adult > advice > on what it means. It looks to me like a Canadian Doctor spam was sent > BY [EMAIL PROTECTED] (me) TO a "lan" in Norway ... and it bounced. > > The only incoming service my firewall allows is ssh. I found a gaping > security hole in this (easily guessed username/password) and closed > it. Perhaps too late? > > I'd be grateful if the mail gurus could assess this for me and suggest > methods of testing the box/home net for intrusion. > > TIA, > > ---------------------------- Original Message > ---------------------------- Subject: Undelivered Mail Returned to > Sender > From: "Mail Delivery System" > <[EMAIL PROTECTED]> Date: Mon, April 30, > 2007 6:06 am > To: [EMAIL PROTECTED] > -------------------------------------------------------------------------- > > This is the mail system at host postfix1.ostfold-f.kommune.no. > > I'm sorry to have to inform you that your message could not > be delivered to one or more recipients. It's attached below. > > For further assistance, please send mail to <postmaster> > > If you do so, please include this problem report. You can > delete your own text from the attached returned message. > > The mail system > > <[EMAIL PROTECTED]>: host 139.98.9.13[139.98.9.13] said: 550 5.1.1 > Recipient unknown (in reply to RCPT TO command)
Would you happen to have all the headers from the original message? 5.1.1 is a standard account or alias doesn't exist error message. It is possible your home email system is some how configured as an open relay. What kind of SMTP server are you using? I guess it could be possible that the SSH account was compromised, but your sshd logs should give you a clue as to who's logging in when. Thanks! Mark Schoonover IS Manager American Geotechnical - California, Nevada and Arizona V-> 858.450.4040 F-> 714.685.3909 C-> 858.472.3816 "Eternity is a very long time, especially towards the end." -- Stephen Hawking -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
