Autor: Tim Jackson Data: A: Ryan Kerwin Macrohon CC: exim-users Assumpte: Re: [exim] error!am i hacked?
> Guys!!there are many messages that I receive...when i read the logs, this > is what it mostly say...Am i compromised!!!any comment would be of big
> help!!!
[snip lots of messages from mail@??? to mail@???]
Quite possibly, to some extent. You didn't show the log excerpts of the
messages entering your system, nor say what else (if anything) the machine
is doing other than handling mail. There are many possibilities, of which
the below are only some:
- If it's a webserver too, it's quite possible that you just have an
insecure mail form of some description (especially with the current PHP
header injection automated exploits that are doing the rounds). It could
also be a compromise via phpBB or some other vulnerable web app
- you could have a malicious user on your machine
- if you use SMTP AUTH, maybe one of your users has got a weak password
that has been bruteforced
- if this machine is a mail hub, maybe one of your users has a
virus/trojan, or maybe one of the other machines it relays for is
compromised