Re: [exim] error!am i hacked?

Top Page
Delete this message
Reply to this message
Author: Chris Edwards
Date:  
To: exim-users
Subject: Re: [exim] error!am i hacked?
On Wed, 23 Nov 2005, Ryan Kerwin Macrohon wrote:

| Guys!!there are many messages that I receive...when i read the logs,
| this is what it mostly say...Am i compromised!!!any comment would be of
| big help!!!

|
| Nov 23 23:08:35 server1 exim[7252]: 2005-11-23 23:08:35 1EeyQI-0001fT-DO
| ** mail@??? <Mail@???> R=dnslookup T=remote_smtp: SMTP error
| from remote mailer after RCPT TO:<Mail@???>: host smtp00.fbi.gov
| [204.11.0.66]: 550 <Mail@???>: Recipient address rejected: This
| service is temporarily unavailable. Please contact the recipient via
| other means.


Hi,

No, your Exim mail server is not hacked.

Rather, it's appears to be setup to try to bounce virus mails to the
forged sender. This is not good practice. You want to fix your
configuration to reject such mails - ie. to not accept the things in the
first place.

The infected machine itself may or may not be one of yours. But that's a
another issue. As others have pointed out, the virus is likely a recent
sober variant, which are forging addresses in the fbi.gov domain.

I wonder what the FBI will do with the list of IPs that are DDoSing them
with bogus bounces....