On 12/30/2011 10:19 AM, Stephen Atkins wrote:
On 12/30/2011 10:17 AM, Gary Smith wrote:
I've been administering the same postfix server for years so I'm a
little
confused as to how this happened. Granted postifx hasn't been updated
in a
year or so.
This morning I came in to a mailq of over 93000 messages all destine to
@yahoo.com.tw
For now I'm just blocking all email destined for this domain but I would
really like to find out what happened. I haven't changed my main.cf
file for over a year. I can post it if needed.
Are you an open relay or did one of your user accounts get hacked. I'd
check the envelope of one of the messages, cross that with where it
originated and go from there. Just a shoot from the hip guess with
little information.
I'm pretty sure. I'm watching the connections coming in and they are
from external IP addresses. A who is shows them as being from south
America and Europe.
Okay sorry now that I look a little more closely at the messages coming
in, it seems they are using postmaster@ my domain to send from. So
sorry for the inconvenience. Looks like I just have to fix that.
Here's the log of a couple:
Dec 30 10:29:02 mta5 postfix/smtpd[3679]: E6F13186001: reject: RCPT from
unknown[113.94.89.26]: 554 5.7.1 <sglo...@yahoo.com.tw>: Recipient
address rejected: 521; from=<postmas...@skircr.com>
to=<sglo...@yahoo.com.tw> proto=ESMTP helo=<nsizfwnsj>
Dec 30 10:29:02 mta5 postfix/smtpd[3679]: E6F13186001: reject: RCPT from
unknown[113.94.89.26]: 554 5.7.1 <kiven9992...@yahoo.com.tw>: Recipient
address rejected: 521; from=<postmas...@skircr.com>
to=<kiven9992...@yahoo.com.tw> proto=ESMTP helo=<nsizfwnsj>
--
Stephen Atkins
