I got a few 'bounced' messages this morning quoting emails that I never sent out. Now,
I'm tailing my smtp log and it appears somebody is using several machines to connect
to my server and send out messages:
"www.streetnoise.org" "www.streetnoise.org" "67.40.79.230" "2003-08-21 12:36:54"
"SHADAB" "datasaur.com" "[EMAIL PROTECTED]" "[EMAIL PROTECTED]"
"S3753" "RCPT=OK" "" "0"
"www.streetnoise.org" "www.streetnoise.org" "67.40.79.230" "2003-08-21 12:38:44"
"SHADAB" "" "[EMAIL PROTECTED]" "[EMAIL PROTECTED]"
"S3754" "RCPT=EAVAIL" "" "0"
"www.streetnoise.org" "www.streetnoise.org" "66.82.160.1" "2003-08-21 12:47:08"
"www.streetnoise.org" "www.streetnoise.org" "200.204.69.223" "2003-08-21
12:48:56" "kHQPdp" "" "[EMAIL PROTECTED]" "" ""
"SNDR=ENODNS" "" "0" "www.streetnoise.org" "www.streetnoise.org"
"81.10.181.89" "2003-08-21 12:49:26"
"Y4StNN" "" "[EMAIL PROTECTED]" "" "" "SNDR=ENODNS" ""
"0"
datasaur.com, streetnoise.org, and neovisionlabs.com are all my domains, so that much
is correct. What's peculiar is that:
1) I have email realying disabled
2) I ran chkrootkit and it found nothing
3) I found clamscan to check for viruses and it found nothing
Any ideas?
-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]
