[xmail] Re: HEELP - mailserver has been hacked!!

Thu, 21 Aug 2003 14:22:16 -0700 

1) Add your Class see to the smtprelay.tab file
    "X.X.X.0"    [tab]    "255.255.255.0"
    Or any other network configuration you need open
2) Make sure the line:
    "0.0.0.0"    [tab]    "0.0.0.0"
    does not exist in smtprelay.tab
3) Block the IP address(es) by using smtp.ipmap.tab

HTH

-Mike

----- Original Message ----- 
From: "Michael Mehrle" <[EMAIL PROTECTED]>
To: "xmail" <[EMAIL PROTECTED]>
Sent: Thursday, August 21, 2003 2:03 PM
Subject: [xmail] HEELP - mailserver has been hacked!!


> I got a few 'bounced' messages this morning quoting emails that I never
sent out. Now, I'm tailing my smtp log and it appears somebody is using
several machines to connect to my server and send out messages:
>
> "www.streetnoise.org"   "www.streetnoise.org"   "67.40.79.230"
"2003-08-21 12:36:54"
>         "SHADAB"        "datasaur.com"  "[EMAIL PROTECTED]"
"[EMAIL PROTECTED]"       "S3753" "RCPT=OK"       ""      "0"
> "www.streetnoise.org"   "www.streetnoise.org"   "67.40.79.230"
"2003-08-21 12:38:44"
>         "SHADAB"        ""      "[EMAIL PROTECTED]"
"[EMAIL PROTECTED]"      "S3754" "RCPT=EAVAIL"   ""      "0"
> "www.streetnoise.org"   "www.streetnoise.org"   "66.82.160.1"
"2003-08-21 12:47:08"
> "www.streetnoise.org"   "www.streetnoise.org"   "200.204.69.223"
"2003-08-21 12:48:56"        "kHQPdp"        ""      "[EMAIL PROTECTED]"
""      ""      "SNDR=ENODNS"        ""      "0" "www.streetnoise.org"
"www.streetnoise.org"   "81.10.181.89"  "2003-08-21 12:49:26"
> "Y4StNN"        ""      "[EMAIL PROTECTED]" ""      ""
"SNDR=ENODNS"    ""      "0"
>
> datasaur.com, streetnoise.org, and neovisionlabs.com are all my domains,
so that much is correct. What's peculiar is that:
>
> 1) I have email realying disabled
> 2) I ran chkrootkit and it found nothing
> 3) I found clamscan to check for viruses and it found nothing
>
> Any ideas?
> -
> To unsubscribe from this list: send the line "unsubscribe xmail" in
> the body of a message to [EMAIL PROTECTED]
> For general help: send the line "help" in the body of a message to
> [EMAIL PROTECTED]
>

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

Reply via email to