Re: Hacking activity

Thu, 19 Feb 2009 09:14:54 -0800 

Tait Grove wrote:
Somehow, out of the blue, my postfix setup is allowing relaying. I pass all the relay tests, but a hacker has figured out how to send email through my server without authenticating. I have checked my server for being an open relay and all the tests are passing. The only error log entry that is showing up that may be related is: 


 

Feb 19 08:40:31 post-app3 postfix/smtpd[31907]: warning: connect #10 to 
subsystem private/verify: Connection refused


--


Feb 19 08:40:31 post-app3 postfix/smtpd[32157]: warning: connect #8 to 
subsystem private/verify: Connection refused



Feb 19 08:40:31 post-app3 postfix/smtpd[33028]: fatal: connect #11 to 
subsystem private/verify: Connection refused



Feb 19 08:40:31 post-app3 postfix/pipe[31861]: warning: connect #8 to 
subsystem private/verify: Connection refused


--


Feb 19 08:40:32 post-app3 postfix/qmgr[31126]: warning: private/dovecot 
socket: malformed response



Feb 19 08:40:32 post-app3 postfix/qmgr[31126]: warning: transport 
dovecot failure -- see a previous warning/fatal/panic logfile record for 
the problem description



Feb 19 08:40:32 post-app3 postfix/qmgr[31126]: warning: private/dovecot 
socket: malformed response



Feb 19 08:40:32 post-app3 postfix/qmgr[31126]: warning: transport 
dovecot failure -- see a previous warning/fatal/panic logfile record for 
the problem description



Feb 19 08:40:32 post-app3 postfix/qmgr[31126]: warning: private/dovecot 
socket: malformed response



Feb 19 08:40:32 post-app3 postfix/qmgr[31126]: warning: transport 
dovecot failure -- see a previous warning/fatal/panic logfile record for 
the problem description


--


Feb 19 08:40:37 post-app3 postfix/pipe[33777]: warning: connect #6 to 
subsystem private/verify: Connection refused



Feb 19 08:40:37 post-app3 postfix/smtpd[32018]: fatal: connect #11 to 
subsystem private/verify: Connection refused



I updated postfix and related software, the issue is still happening. Do 
these messages mean anything about my specific problem?



 


-- T


 



The log entries you show are irrelevant to your stated problem.


You need to examine logs of messages that you think should not 
have been accepted or relayed.


Please see http://www.postfix.org/DEBUG_README.html#mail

  -- Noel Jones






















					Reply via email to