It's hard to make anything out of the information you've supplied. First of all, go
through the logs and see if you can track down this wierd behaviour. Also, check your
Sent-mail box and check the headers for those unknown messages. You might want to try
to send an email without using a MUA. Try some �echo -n "to: [EMAIL PROTECTED]\nsubject:
test\n[..more headers..]" |/var/qmail/bin/qmail-inject� and see if you can reproduce
the results.
If you can't find a logical explanation, consider the information below:
vchkpw has had remote-exploitable vulnerabilities resulting in root access. I don't
have the version number of the vulnerable vpopmail in my head, but inter7 should be
able to supply you with that information. (I think there might be some information on
their homepage still.)
My advice, check if you've used a vulnerable version of vpopmail, and if you have, try
to figure out if you've been owned.
The risk might not be that high, but it's the first I'd look into if my mail would
start delivering mail to adresses I've never heard of and can't track down in any of
my postings.
Martin Paulucci wrote:
> Hi!,
>
> I'm having problems with qmail. I don't know why, but when I send an email to
>certain addresses at certain moments the mail gets sent to other addresses that I
>don't even know, and many even not exist. So if I send an email to
>[EMAIL PROTECTED] (my default domain) the mail gets perfectly delivered to that
>mailbox but it seems that qmail also tries to send it to some more destinations which
>I don't even know the email addresses ever. The weird thing is that this happens
>sometimes, not always. One of the account is a vpopmail account with a .qmail inside
>the maildir, which includes 3 address in this format:
> .qmail contents:
> &[EMAIL PROTECTED]
> &[EMAIL PROTECTED]
> &[EMAIL PROTECTED]
>
> And belongs to vpopmail:vchkpw (user:group)
>
> Any idea at all?...is it a virus to the clients (I've tried different machines,
>different clients - outlook, pegasus- and happens the same thing....) or anything
>else?.
> One cause could be that I upgraded my vpopmail version lately....but I really don't
>know!..
> Here's one of the messages I get:
>
> Received: (qmail 5833 invoked from network); 28 Mar 2000 22:41:21 -0000
> Received: from unknown (HELO www6.realwebsite.com) (206.159.209.7)
> by babel.sintesoft.net with SMTP; 28 Mar 2000 22:41:21 -0000
> Received: from babel.sintesoft.net ([200.43.4.34]) by www6.realwebsite.com
> (Post.Office MTA v3.5.3 release 223 ID# 0-57750U2200L400S0V35)
> with SMTP id com for <[EMAIL PROTECTED]>;
> Tue, 28 Mar 2000 14:38:06 -0800
> Received: (qmail 5820 invoked for bounce); 28 Mar 2000 22:41:12 -0000
> Date: 28 Mar 2000 22:41:12 -0000
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: failure notice
>
> Hi. This is the qmail-send program at babel.sintesoft.net.
> I'm afraid I wasn't able to deliver your message to the following addresses.
> This is a permanent error; I've given up. Sorry it didn't work out.
>
> <[EMAIL PROTECTED]>:
> Sorry, I couldn't find any host named amerarg.com.ar. (#5.1.2)
>
> <[EMAIL PROTECTED]>:
> 200.10.100.10 does not like recipient.
> Remote host said: 550 <[EMAIL PROTECTED]>... User unknown
> Giving up on 200.10.100.10.
>
> --- Below this line is a copy of the message.
>
> Return-Path: <[EMAIL PROTECTED]>
> Received: (qmail 5800 invoked by uid 108); 28 Mar 2000 22:41:10 -0000
> Delivered-To: [EMAIL PROTECTED]
> Received: (qmail 5798 invoked by uid 108); 28 Mar 2000 22:41:10 -0000
> Delivered-To: [EMAIL PROTECTED]
> Received: (qmail 5796 invoked from network); 28 Mar 2000 22:41:09 -0000
> Received: from unknown (HELO ils) (200.43.4.4)
> by babel.sintesoft.net with SMTP; 28 Mar 2000 22:41:09 -0000
> Message-ID: <00c601bf9906$b3468520$[EMAIL PROTECTED]>
> Reply-To: "Martin Paulucci" <[EMAIL PROTECTED]>
> From: "Martin Paulucci" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: prueba
> Date: Tue, 28 Mar 2000 19:41:04 -0300
> Organization: ServiRED Company
> MIME-Version: 1.0
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 5.00.2314.1300
> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
