My FC3 machine appears to be compromised, please help
Bob Brennan
rbrennan96 at gmail.com
Thu Apr 6 10:19:14 UTC 2006
Hello,
I have an FC3 machine that has been running about a dozen websites and
3 dozen mail accounts reliably for more than a year, I stopped
updating about 6 months ago so the versions might be a bit stale but I
would prefer to fix my immediate problem(s) rather than update and
cause new ones. The software I am using that is in question, I
believe, is Sendmail, Dovecote, Procmail, ClamAv, Spamassasin,and
Squirrelmail.
The problem - email into my personal account "bob" @ many different
domains seems to have stopped a few hours ago with the message
"Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 9): 550 5.7.1 <bob at domain>... Relaying
denied. Proper authentication required."
The log file says -
Apr 6 11:05:59 myserver sendmail[5580]: k36A5wFQ005580:
ruleset=check_rcpt, arg1=bob at domain.xxx, relay=zproxy.gmail.com
[64.233.162.192], reject=550 5.7.1 bob at domain.xxx... Relaying denied.
Proper authentication required.
Apr 6 11:05:59 myserver sendmail[5580]: k36A5wFQ005580:
from=<rbrennan96 at gmail.com>, size=0, class=0, nrcpts=0, proto=ESMTP,
daemon=MTA, relay=zproxy.gmail.com [64.233.162.192]
And there are suspicious emails queued in Sendmail such as:
Thu, 6 Apr 2006 10:17:15 "Bob Brennan"
<bob at wc.funnel.revenuedirect.com.akadns.net>bob at wc.funnel.revenuedirect.com.akadns.net1
kBDeferred: Connection timed out with
wc.funnel.revenuedirect.com.akadns.net.
The obvious clue for me is the
"wc.funnel.revenuedirect.com.akadns.net" that appears to be the
culprit, but it has been too long ago that I considered myself a Linux
expert to remember where to start on this type of thing. Wiping the
machine and starting over is not a good option, and yes I had rsynced
everything important to an FC4 machine only hours before this
happened.
Any clues as to where to start looking please?
Thanks in advance,
bob
More information about the fedora-list
mailing list