Hi Postfix gurus, This morning, I encountered a spam email. When I was looking for the trace of this spam email, I saw something strange with the timestamp in the postfix log. I am running postfix 2.1.5 which is very old and I need to upgrade. However, it is working fine except this strange thing that I have not seen it. The logs are like these:
Apr 27 22:03:39 server_name postfix/smtpd[13724]: C8E9FC62EC: client=sender.replaceddomain.com[3.3.3.3] Apr 27 22:03:39 server_name postfix/cleanup[13727]: C8E9FC62EC: message-id=<9972e8dedf439120d7c14cff7272a...@80.91.191.90> Apr 27 22:03:40 server_name postfix/qmgr[10713]: C8E9FC62EC: from=<spa...@yahoo.com>, size=12608, nrcpt=1 (queue active) Apr 27 12:03:48 server_name postfix/smtp[13728]: C8E9FC62EC: to=<recipi...@something.com>, relay=127.0.0.1[127.0.0.1], delay=9, status=sent (250 2.6.0 Ok, id=13738-01, from MTA: 250 Ok: queued as 1326FC62F4) Apr 27 22:03:48 server_name postfix/qmgr[10713]: C8E9FC62EC: removed Apr 27 22:06:51 server_name postfix/smtpd[13781]: 355FBC62F8: client=sender.replaceddomain.com[3.3.3.3] Apr 27 22:06:51 server_name postfix/cleanup[13727]: 355FBC62F8: message-id=<1b5c91c52ccac76b8fbfb357468f0...@80.91.191.90> Apr 27 22:06:51 server_name postfix/qmgr[10713]: 355FBC62F8: from=<spa...@yahoo.com>, size=13220, nrcpt=1 (queue active) Apr 27 12:07:07 server_name postfix/smtp[13730]: 355FBC62F8: to=<recipi...@something.com>, relay=127.0.0.1[127.0.0.1], delay=17, status=sent (250 2.6.0 Ok, id=13795-02, from MTA: 250 Ok: queued as AD7B8C5CF6) Apr 27 22:07:07 server_name postfix/qmgr[10713]: 355FBC62F8: removed If you look at 'smtp' records, the time is recorded there is without the timezone being applied. I would like to make sure that this is not a sign of the server being compromised. Regards, Puthick
