[exim] Fw: what is log part ? attack ?

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Sławomir Dworaczek
Ημερομηνία:  
Προς: exim-users
Αντικείμενο: [exim] Fw: what is log part ? attack ?
Hi
This is the same PID, look

2015-10-10 13:27:20 [26891] no IP address found for host smarthost.win.pl
(during SMTP connection from mx2.wp.pl [212.77.101.7])
2015-10-10 13:27:20 [26891] 1ZksJ6-0006zj-PI DKIM: d=wp.pl s=1024a
c=relaxed/relaxed a=rsa-sha256 t=1444476439 [verification succeeded] 2

Exim get such names from:
hosts - clear not info smarthost.win.pl
dns - clear not info smarthost.win.pl
all files in system is clear no find smarthost.win.pl

root@tax-net:~# nslookup
> set type=any
> smarthost.win.pl

Server:         85.11.67.250
Address:        85.11.67.250#53


** server can't find smarthost.win.pl: NXDOMAIN
i check any dns in resolv.conf - clear no such domain smarthost.win.pl

Regards

----- Original Message -----
From: "Sławomir Dworaczek" <slawek@???>
To: <Exim-users@???>
Sent: Friday, October 9, 2015 2:40 PM
Subject: RE: what is log part ? attack ?


> the problem is that this log enrolls at all the messages that come in the
> log is an example of the correct messages with facebook
> the host does not exist smarthost.win.pl and there is no IP address
>
> regards
> Slawek
> ----- Original Message -----
> From: "Sławomir Dworaczek" <slawek@???>
> To: <Exim-users@???>
> Sent: Friday, October 9, 2015 1:30 PM
> Subject: Re: what is log part ? attack ?
>
>
>>
>> The problem is that I never have set such a domain in any configuration
>> file in the system
>>
>> Regards
>> Slawek
>>
>> ----- Original Message -----
>> From: "Sławomir Dworaczek" <slawek@???>
>> To: <exim-users@???>
>> Sent: Thursday, October 8, 2015 12:27 PM
>> Subject: what is log part ? attack ?
>>
>>
>>> Hello
>>> The log in Exim, I received some strange news
>>> no IP address found for host smarthost.win.pl (during SMTP connection
>>> xxx.xxx.xxx
>>>
>>> It comes up with all e-mail coming from the outside.
>>>
>>> 2015-10-08 00:52:14 no IP address found for host smarthost.win.pl
>>> (during SMTP connection from 66-220-155-136.outmail.facebook.com
>>> (mx-out.facebook.com) [66.220.155.136])
>>> 2015-10-08 00:52:14 1ZjxZG-0001Jk-7v DKIM: d=facebookmail.com
>>> s=s1024-2013-q3 c=relaxed/simple a=rsa-sha256 t=1444256974 [verification
>>> succeeded]
>>> 2015-10-08 00:52:14 1ZjxZG-0001Jk-7v <=
>>> notification+kjdm75-dp3-m@???
>>> H=66-220-155-136.outmail.facebook.com (mx-out.facebook.com)
>>> [66.220.155.136] P=esmtp S=8933 id=794518beb5$
>>> 2015-10-08 00:52:15 1ZjxZG-0001Jr-K7 <=
>>> notification+kjdm75-dp3-m@??? U=exim P=bogodone S=9220
>>> id=794518beb59e9298de50ed47cb4f2c39@???
>>> 2015-10-08 00:52:15 1ZjxZG-0001Jr-K7 => myuser <myuser@???>
>>> R=localuser T=local_delivery
>>> 2015-10-08 00:52:15 1ZjxZG-0001Jr-K7 Completed
>>>
>>>
>>>
>>> 2015-10-08 01:46:38 no IP address found for host smarthost.win.pl
>>> (during
>>> SMTP connection from mx3.mf.gov.pl (cobzas-pr-ia-9-ft2-spam.mf.gov.pl)
>>> [145.237.192.4])
>>> 2015-10-08 01:46:38 no IP address found for host smarthost.win.pl
>>> (during
>>> SMTP connection from mx3.mf.gov.pl (cobzas-pr-ia-9-ft2-spam.mf.gov.pl)
>>> [145.237.192.4])
>>> 2015-10-08 01:46:38 1ZjyPu-0001tr-LT <= us2420vatref@???
>>> H=mx3.mf.gov.pl (cobzas-pr-ia-9-ft2-spam.mf.gov.pl) [145.237.192.4]
>>> P=esmtps
>>> X=TLSv1:DHE-RSA-AES256-SHA:256 CV=no S=23$
>>> 2015-10-08 01:46:39 1ZjyPu-0001ty-Vq <= us2420vatref@???
>>> U=exim
>>> P=bogodone S=237596
>>> id=475053812.102741444261592745.JavaMail.csiapp@???
>>> 2015-10-08 01:46:39 1ZjyPu-0001ty-Vq => myuser1 <myuser1@???>
>>> R=localuser T=local_delivery
>>> 2015-10-08 01:46:39 1ZjyPu-0001ty-Vq Completed
>>>
>>>
>>>
>>>
>>> Regards
>>> Slawek
>>>
>>>
>>
>