On 2018-Jun-03 17:06, Bill Cole wrote:
> Your system has been compromised. The most common vectors are vulnerable web
> applications (e.g. carelessly-written PHP or CGI scripts) but there are many
> other possible modes of attack.
It's most likely our own script, the one that have these credential
On 2018-Jun-03 11:43, Wietse Venema wrote:
> To find out which processes have a connection to or from port 25,
>
> # lsof -Pi | grep :25 (must run as root to see all processes)
Thanks Wietse, actualy I needed to grep :587 as this is mail sent after
authentication and I got pid that I searche
Hello,
I'm seeing lot of emails coming from local IP address trying to send
message to non existing accounts. Sending accounts are valid and even
authenticated. They all try to send messages to domain matching the
sending one. For example:
supp...@example.org -> u...@example.org
supp...@example.n
On 2018-May-05 20:54, Bill Cole wrote:
> Try reject_unknown_reverse_client_hostname first. It is safer than
> reject_unknown_client_hostname. It won't catch the specific miscreant in
> your log but unlike reject_unknown_client_hostname it won't block random
> outbound IPs of major mailbox providers
On 2018-May-05 23:20, Proxy wrote:
> On 2018-May-05 17:08, Viktor Dukhovni wrote:
> >
> > Well, you should now try with "enable_original_recipient = yes" and wait
> > for another message to come in. Then report logging for that. Perhaps
> > the second re
On 2018-May-05 17:08, Viktor Dukhovni wrote:
>
> Well, you should now try with "enable_original_recipient = yes" and wait
> for another message to come in. Then report logging for that. Perhaps
> the second recipient is just local alias expansion, despite the lack
> of "orig_to=" in the log ent
On 2018-May-05 12:03, Viktor Dukhovni wrote:
>
>
> > On May 5, 2018, at 11:55 AM, Proxy wrote:
> >
> >> Report the output of:
> >>
> >> $ postmap -q gmail.com $(postconf -hx virtual_alias_domains
> >> virtual_mailbox_domains)
> >&
On 2018-May-05 12:19, Viktor Dukhovni wrote:
> Report the output of:
>
>$ postmap -q gmail.com $(postconf -hx virtual_alias_domains
> virtual_mailbox_domains)
>
virtual_alias_domains and virtual_mailbox_domains are in mysql database.
That command gives:
postmap: fatal: open /etc/postfix/
On 2018-May-04 17:09, Viktor Dukhovni wrote:
> For actual help:
>
> http://www.postfix.org/DEBUG_README.html#mail
>
I'm sending postconf -n, postconf -Mf and relevant logs in attachments.
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
co
On 2018-May-04 22:03, Proxy wrote:
> On 2018-May-04 13:22, LuKreme wrote:
> > On May 4, 2018, at 12:33, Proxy wrote:
> > > This website have some form for contacting me
> >
> > This is almost certainly where the fault lies. How is this form protected?
> >
On 2018-May-04 13:22, LuKreme wrote:
> On May 4, 2018, at 12:33, Proxy wrote:
> > This website have some form for contacting me
>
> This is almost certainly where the fault lies. How is this form protected?
> How does it authenticate with your server? How ancient is the co
11 matches
Mail list logo
