Translator

English flagItalian flagKorean flagChinese (Simplified) flagChinese (Traditional) flagPortuguese flagGerman flagFrench flagSpanish flag
Japanese flagArabic flagRussian flagGreek flagDutch flagBulgarian flagCzech flagCroat flagDanish flag
Finnish flagHindi flagPolish flagRumanian flagSwedish flagNorwegian flagCatalan flagFilipino flagHebrew flag
Indonesian flagLatvian flagLithuanian flagSerbian flagSlovak flagSlovenian flagUkrainian flagVietnamese flagAlbanian flag
Estonian flagGalician flagMaltese flagThai flagTurkish flagHungarian flag   

Not bad hosting
« DIY SEO – Tip 2 – Domain Name Selection for SEO - Webmaster Forum  
  Only Pay ONE CENT For Your First Month - Unlimited Space/Bandwidth »

Backscatter / Server rooted or hacked?

This morning, I noticed that my Google Apps account showed 12000 e-mails in the SPAM folder. Checking into it, I saw that the spam were all undeliverables/ndr received back from my dedicated server with IP aa.bb.cc.dd that I’ve changed in the header. I’ve been running RKhunter and Clamav which have been coming back clean. I’ve blocked inbound SMTP. There was a few thousand (at least) messages in /var/spool/mqueue and /var/spool/clientmqueue which I deleted and restarted sendmail after. I need to run to a meeting but will be back to check on this … the header looks legit in every way that it’s from my dedicated server. —- Delivered-To: user@abc.com Received: by 10.90.106.3 with SMTP id e3cs91435agc; Thu, 2 Jul 2009 11:53:06 -0700 (PDT) Received: by 10.141.41.12 with SMTP id t12mr362057rvj.127.1246553987615; Thu, 02 Jul 2009 09:59:47 -0700 (PDT) Return-Path: Received: from xyz (mail.xyz [aa.bb.cc.dd]) by mx.google.com with ESMTP id 29si4186558yxe.9.2009.07.02.09.59.47; Thu, 02 Jul 2009 09:59:47 -0700 (PDT) Received-SPF: pass (google.com: domain of xyz designates aa.bb.cc.dd as permitted sender) client-ip=aa.bb.cc.dd; Authentication-Results: mx.google.com; spf=pass (google.com: domain of xyz designates aa.bb.cc.dd as permitted sender) smtp.mail= Received: from localhost (localhost) by xyz (8.13.1/8.13.1) id n62IxEbU021883; Thu, 2 Jul 2009 14:59:14 -0400 Date: Thu, 2 Jul 2009 14:59:14 -0400 From: Mail Delivery Subsystem Message-Id: To: MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary=”n62IxEbU021883.1246561154/xyz” Content-Transfer-Encoding: 8bit Subject: Returned mail: see transcript for details Auto-Submitted: auto-generated (failure) This is a MIME-encapsulated message –n62IxEbU021883.1246561154/xyz The original message was received at Thu, 2 Jul 2009 14:59:11 -0400 from localhost.localdomain [127.0.0.1] —– The following addresses had permanent fatal errors —– (reason: 550-5.1.1 The email account that you tried to reach does not exist. Please try) —– Transcript of session follows —– … while talking to aspmx.l.google.com.: > > > DATA

More here:
Backscatter / Server rooted or hacked?

Bookmark and Share

Related posts:

  1. [0.3] Problem with SMTP server - RoundCube Webmail Forum
  2. How Do I Use A Remote Smtp Server In Outlook? | day trading
  3. [0.3] Unable to send messages with SMTP and RoundCube - RoundCube …
  4. <Martani/> Tech: Bloginy.com is hacked! Google too [video]
  5. Joshua Clark: How to setup your own mail server for free

July 2nd, 2009 | Category: | Leave a comment

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>