sipXecs 4.4.0 has no firewall enabled, so if you have your system raw on the internet or you have port 25 open inbound to it you could have some sort of DoS related thing going on.
clean out your mail directory, disallow external connections to the server and see what happens. doesn't sound like you're 'hacked', just broken. mike On Fri, Oct 12, 2012 at 1:55 AM, Davide Poletto <davide.pole...@gmail.com>wrote: > Hi, could be something related to Polycom's phones FTP provisioning ? I've > read that the default FTP user name for that is 'PlcmSpIp' and the default > password is the same (so well-known credentials). > > Over ther internet there are some references about that (AFAIK see this > one<http://www.mail-archive.com/sipx-users@list.sipfoundry.org/msg04452.html>, > just as example, that has a good explanation about logged messages). > > Regards, Davide. > > > > On Fri, Oct 12, 2012 at 5:48 AM, Noah Mehl <n...@tritonlimited.com> wrote: > >> All, >> >> I just realized that my emails from my SipXecs 4.4 server were not being >> delivered. Upon further investigation, I found that my SipXecs VM had a >> sendmail queue with over 13000 messages in it. I'm trying to figure out >> how my machine was sending mail, and it doesn't look like the relay is >> open, but I found something curious: >> >> [root@sipx1 log]# cat secure | grep "pam_unix(sshd:session): session >> opened" >> Oct 11 06:09:25 sipx1 sshd[22059]: pam_unix(sshd:session): session opened >> for user PlcmSpIp by (uid=0) >> Oct 11 18:36:02 sipx1 sshd[29185]: pam_unix(sshd:session): session opened >> for user PlcmSpIp by (uid=0) >> Oct 11 18:36:16 sipx1 sshd[29192]: pam_unix(sshd:session): session opened >> for user PlcmSpIp by (uid=0) >> Oct 11 18:36:21 sipx1 sshd[29195]: pam_unix(sshd:session): session opened >> for user PlcmSpIp by (uid=0) >> Oct 11 20:57:58 sipx1 sshd[30561]: pam_unix(sshd:session): session opened >> for user PlcmSpIp by (uid=0) >> >> Those are what I think to be successful ssh logins with the user >> PlcmSplp. Is this user part of the SipXecs install? >> >> ~Noah >> >> Scanned for viruses and content by the Tranet Spam Sentinel service. >> _______________________________________________ >> sipx-users mailing list >> sipx-users@list.sipfoundry.org >> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >> > > > _______________________________________________ > sipx-users mailing list > sipx-users@list.sipfoundry.org > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > -- Michael Picher, Director of Technical Services eZuce, Inc. 300 Brickstone Square**** Suite 201**** Andover, MA. 01810 O.978-296-1005 X2015 M.207-956-0262 @mpicher <http://twitter.com/mpicher> linkedin <http://www.linkedin.com/profile/view?id=35504760&trk=tab_pro> www.ezuce.com ------------------------------------------------------------------------------------------------------------ There are 10 kinds of people in the world, those who understand binary and those who don't.
_______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users/