On Thu, Jun 14, 2012 at 11:34:17AM +0200, Giuseppe Perna wrote: > Good morning, I noticed that postmaster connects IMAP4 whit webmail > and I generated spam.
This does not make sense. Try to work on a better problem description. Why did you "generate spam"? How did you find out about it? > I can reset the password for postmaster? > give me the info? Maybe, but this is not a Postfix issue. A Slackware system uses passwd(1) to set shadow(5) passwords for user accounts. By default there is no Slackware "postmaster" user. If you created this user, do you not know how to change a password? For basic Slackware management, see http://slackbook.org/ (use the "beta" version for best results.) I suspect that the real problem might be a cracked PHP/webmail app. Resetting passwords is not going to fix exploitable software. If I am right about this, you must pull the plug and get this machine off the Internet. Ensure that your httpd and php packages are updated to the latest in slackware-$VERSION/patches/packages/ directory. For example, for Slackware64 13.37: http://slackware.org.uk/slackware/slackware64-13.37/patches/packages/httpd-2.2.22-x86_64-1_slack13.37.txz http://slackware.org.uk/slackware/slackware64-13.37/patches/packages/php-5.3.13-x86_64-1_slack13.37.txz or for 32-bit 13.37: http://slackware.org.uk/slackware/slackware-13.37/patches/packages/httpd-2.2.22-i486-1_slack13.37.txz http://slackware.org.uk/slackware/slackware-13.37/patches/packages/php-5.3.13-i486-1_slack13.37.txz These packages are dated 2012-02-07 and 2012-05-08 respectively. > Content-Tr48:09 nameserver imapd[16380]: imap service init from 127.0.0.1 > Jun 14 07:48:09 nameserver imapd[16380]: Login user=postmaster > host=localhost [127.0.0.1] > puoi reset48:09 nameserver imapd[16380]: Logout user=postmaster > host=localhost [127.0.0.1] These are probably from uw-imapd. That's not supported here. > 48:10 nameserver postfix/smtp[16403]: 23094B81BD7: > to=<Ayaz@ayaz.lezgin>, relay=none, delay=2, status=bounced (Host or > domain n$ > Jun 14 07:48:10 nameserver postfix/smtp[16402]: 23094B81BD7: > to=<brian.stew...@avovent.com>, relay=none, delay=2, status=bounced > (Host or$ > Jun 14 07:48:10 nameserver postfix/smtp[16472]: 23094B81BD7: > to=<CialisAndV45@gmail.comomar2010ahmed>, relay=none, delay=2, > status=bounce$ Those are all truncated, and they do not show the origination of the message then known as queue ID 23094B81BD7. Use a pager like less(1) to view logs, not an editor. Sometimes the truncated parts are important. (In this case, so are the omitted lines.) The first and third recipient addresses, Ayaz@ayaz.lezgin and CialisAndV45@gmail.comomar2010ahmed, are not valid. I guess if you or your user did not deliberately send any of these, you have been exploited. > Jun 14 07:48:10 nameserver postfix/smtp[16451]: warning: > valid_hostname: empty hostname > Jun 14 07:48:10 nameserver postfix/smtp[16451]: warning: malformed > domain name in resource data of MX record for DontEmail.com: > Jun 14 07:48:10 nameserver postfix/smtp[16451]: 23094B81BD7: > to=<callorsmsmedirec...@dontemail.com>, relay=none, delay=2, > status=deferred$ I don't think I'd try sending mail to an address like <callorsmsmedirec...@dontemail.com>; one might think they do not wish to be emailed. > New mail f48:10 nameserver postfix/smtp[16438]: warning: > valid_hostname: empty hostname > ----14 07:48:10 nameserver postfix/smtp[16438]: warning: malformed > domain name in resource data of MX record for consensus.com: -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
