Hello folks:
Some of my users have had their email addresses harvested by the so.big virus.
I am blocking any incoming virus emails now.
However I see this entry in my /var/log/mail file:
Sep 4 19:31:36 falcon postfix/smtp[21404]: connect to smtp.myrealbox.com[192.108.102.204]: server refused mail service (port 25)
Sep 4 19:31:36 falcon postfix/smtp[21404]: 1DEB71C159: to=, relay=none, delay=71626, status=deferred (connect to smtp.myrealbox.com[192.108.102.204]: server refused mail service)
Is this a connection to my mail server or my mail server being used to attempt to send mail to oleg_inconnu@myrealbox.com?
I can't believe that any legitimate users of my system would be attempting to send mail to this address.
Would this be in indication that my server is compromised? And if so, what tools or resources might I get
access to in order to fix any possible compromise?
-Thanks
