If you note in the original message : Received: from localhost (localhost [127.0.0.1]) (uid 48)
who is uid 48? ----- Original Message ----- From: "Jesse Keating" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, July 11, 2002 4:18 PM Subject: [courier-users] Hack attempt? > This morning I got some odd undeliverable error messages: > > Received: from localhost (localhost [127.0.0.1]) > (ftp://ftp.isi.edu/in-notes/rfc1894.txt) > by mail.j2solutions.net with dsn; Thu, 11 Jul 2002 07:00:32 -0700 > From: "Courier mail server at mail.j2solutions.net" <@> > To: [EMAIL PROTECTED] > Subject: NOTICE: mail delivery status. > Mime-Version: 1.0 > Content-Type: multipart/report; report-type=delivery-status; > boundary="=_courier_0" > Content-Transfer-Encoding: 7bit > Message-ID: <[EMAIL PROTECTED]> > Date: Thu, 11 Jul 2002 07:00:32 -0700 > > > This is a delivery status notification from mail.j2solutions.net, > running the Courier mail server, version 0.39.1. > > The original message was received on Thu, 11 Jul 2002 07:00:32 -0700 > from localhost (localhost [127.0.0.1]) > > ----------------------------------------------------------------------- > ---- > > UNDELIVERABLE MAIL > > Your message to the following recipients cannot be delivered: > > <[EMAIL PROTECTED]>: > <<< No such domain. > > ----------------------------------------------------------------------- > ---- > > If your message was also sent to additional recipients, their delivery > status is not included in this report. You may or may not receive > other delivery status notifications for additional recipients. > > The original message follows as a separate attachment. > > > > [message/delivery-status (337 bytes)] > Reporting-MTA: dns; mail.j2solutions.net > Arrival-Date: Thu, 11 Jul 2002 07:00:32 -0700 > Received-From-MTA: dns; localhost (localhost [127.0.0.1]) > > Final-Recipient: rfc822; [EMAIL PROTECTED] > Action: failed > Status: 5.0.0 > Diagnostic-Code: unknown; No such domain. > > > Received: from localhost (localhost [127.0.0.1]) > (uid 48) > by mail.j2solutions.net with local; Thu, 11 Jul 2002 07:00:32 -0700 > To: [EMAIL PROTECTED] > Subject: > From: [EMAIL PROTECTED] > Reply-To: > Message-ID: <[EMAIL PROTECTED]> > Date: Thu, 11 Jul 2002 07:00:32 -0700 > > > > > > MESSAGE: sure some people would be interested about whats in here > > > > This conserns me because it looks like the mail is coming from > [EMAIL PROTECTED] (which only I have a password for, and root doesn't > allow remote logins), and the original message doesn't look like > anything that one of my services would send out. > > After further investigation into my log files, I do see some mail go > through as [EMAIL PROTECTED] to [EMAIL PROTECTED] which is a valid > address. This bothers me greatly, and I would like help in finding out > if somehow I was hacked or if there is an unknown exploit to > courier-mta. > > These are the versions of Courier running on my Red Hat 7.2 server: > > courier-maildrop-wrapper-0.39.1-1.7.2 > courier-sendmail-wrapper-0.39.1-1.7.2 > courier-imapd-0.39.1-1.7.2 > courier-pop3d-0.39.1-1.7.2 > courier-webmail-0.39.1-1.7.2 > courier-maildrop-0.39.1-1.7.2 > courier-mysql-0.39.1-1.7.2 > courier-webadmin-0.39.1-1.7.2 > courier-0.39.1-1.7.2 > courier-mlm-0.39.1-1.7.2 > courier-smtpauth-0.39.1-1.7.2 > > > -- > Jesse Keating > j2solutions.net > Mondo DevTeam (www.mondorescue.org) > > Was I helpful? Let others know: > http://svcs.affero.net/rm.php?r=jkeating > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > PC Mods, Computing goodies, cases & more > http://thinkgeek.com/sf > _______________________________________________ > courier-users mailing list > [EMAIL PROTECTED] > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users > ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek PC Mods, Computing goodies, cases & more http://thinkgeek.com/sf _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
