My FC3 machine appears to be compromised, please help
Bob Brennan
rbrennan96 at gmail.com
Thu Apr 6 16:55:06 UTC 2006
On 4/6/06, Les Mikesell <lesmikesell at gmail.com> wrote:
> On Thu, 2006-04-06 at 10:33, Bob Brennan wrote:
> > >
> > > ;; QUESTION SECTION:
> > > ;thebrennan.net. IN MX
> > >
> > > ;; ANSWER SECTION:
> > > thebrennan.net. 2400 IN MX 0 mail.mi-server.net.
> > > thebrennan.net. 2400 IN MX 10 mx1.sitelutions.com.
> > > thebrennan.net. 2400 IN MX 20 mx2.sitelutions.com.
>
> > Thanks for that Les. The mail.mi-server.net is the same IP as all of
> > my domains, I just use it as a generic pointer in case I chop and/or
> > change other names. Sitelutions is a mail backup service that is
> > hopefully gathering and saving my email as we speak, well worth the
> > $1.50/month because even though my FC3 system is fairly watertight
> > there is no telling how, why, or for how long some lowlife has
> > compromised Demon's nameservers.
>
> But any mail being sent to you right now should be going to:
> ;; QUESTION SECTION:
> ;mail.mi-server.net. IN A
>
> ;; ANSWER SECTION:
> mail.mi-server.net. 2385 IN A 83.104.235.34
>
> as long as it answers, regardless of any CNAME oddities. Mail
> will always use the MX record. I think your real issue is
> only that your server doesn't know its own name which you
> can fix as I mentioned in the last message.
>
> --
> Les Mikesell
> lesmikesell at gmail.com
Hi Les,
In your previous email you said "You can override that on the inbound
side by providing all the domain names it should accept in the
/etc/mail/local-host-names" which is the way my server has always been
set up. It was only this morning that 2 CNAME entries were added to
the records of the domains I am having trouble with, to
"wc.funnel.revenuedirect.com.akadns.net" which has nothing to do with
me and I did not do it. All the domains that do not have those CNAMES
added have no trouble sending and receiving email, and haven't in
years.
I am of course open to suggestions but am at the moment waiting for
Demon to correct the hacked entries on their nameservers, if that
doesn't work - I'll be back for more help!
Thanks, bob
More information about the fedora-list
mailing list