Re: [SLE] Weird entry in Postfix mail log

* Jim Norton [09-04-03 22:03]:

Some of my users have had their email addresses harvested by the so.big virus. I am blocking any incoming virus emails now.

However I see this entry in my /var/log/mail file:

Sep 4 19:31:36 falcon postfix/smtp[21404]: connect to smtp.myrealbox.com[192.108.102.204]: server refused mail service (port 25) Sep 4 19:31:36 falcon postfix/smtp[21404]: 1DEB71C159: to=, relay=none, delay=71626, status=deferred (connect to smtp.myrealbox.com[192.108.102.204]: server refused mail service)

Is this a connection to my mail server or my mail server being used to attempt to send mail to oleg_inconnu@myrealbox.com? I can't believe that any legitimate users of my system would be attempting to send mail to this address.

Would this be in indication that my server is compromised? And if so, what tools or resources might I get access to in order to fix any possible compromise?

No, they are telling you that you must relay your mail thru your provider. They will not accept mail directly from your computer, port 25. -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org