J
justinwyllie
Someone is using the Postfix mail server on my CentOs 6.4 system to send spam mail.
I see this in the log:
Jul 5 19:25:45 048582 courier-pop3d: LOGIN, user=info@x.com, ip=[::ffff:nn.nnn.nnn.54], port=[1265]
Jul 5 19:25:57 048582 courier-pop3d: LOGIN, user=info@x.com, ip=[::ffff:nn.nnn.nnn.54], port=[1267]
Jul 5 19:31:52 048582 courier-pop3d: LOGIN, user=info@x.com, ip=[::ffff:nn.nnn.nnn.54], port=[1295]
That looks to me like a line saying there has been a successful login for a user 'info@x.com'. Is this right?
And, secondly, what are those port numbers? That looks like scanning - but
isn't this the IP and port of the client making the connection?
EDIT: Reading up on this a bit. Am I correct in thinking that this is the client trying to establish multiple simultaneous connections by using different ports?
Thank-you
--Justin Wyllie
Continue reading...
I see this in the log:
Jul 5 19:25:45 048582 courier-pop3d: LOGIN, user=info@x.com, ip=[::ffff:nn.nnn.nnn.54], port=[1265]
Jul 5 19:25:57 048582 courier-pop3d: LOGIN, user=info@x.com, ip=[::ffff:nn.nnn.nnn.54], port=[1267]
Jul 5 19:31:52 048582 courier-pop3d: LOGIN, user=info@x.com, ip=[::ffff:nn.nnn.nnn.54], port=[1295]
That looks to me like a line saying there has been a successful login for a user 'info@x.com'. Is this right?
And, secondly, what are those port numbers? That looks like scanning - but
isn't this the IP and port of the client making the connection?
EDIT: Reading up on this a bit. Am I correct in thinking that this is the client trying to establish multiple simultaneous connections by using different ports?
Thank-you
--Justin Wyllie
Continue reading...