Code: Feb 2 15:18:20 cw-webserver postfix/smtpd[32640]: connect from dns1.dotdoms.com[70.84.54.74] Feb 2 15:18:20 cw-webserver postfix/smtpd[32640]: EBEF31C842C: client=dns1.dotdoms.com[70.84.54.74] Feb 2 15:18:21 cw-webserver postfix/cleanup[32644]: EBEF31C842C: message-id=<[email protected]> Feb 2 15:18:21 cw-webserver postfix/qmgr[17999]: EBEF31C842C: from=<[email protected]>, size=1380, nrcpt=1 (queue active) Feb 2 15:18:21 cw-webserver postfix/smtpd[32640]: disconnect from dns1.dotdoms.com[70.84.54.74] Is someone trying to hack in?
It looks to me like a standard Postfix transaction. dns1.dotdoms.com is the server that connected and they delivered a message from [email protected]. Then the message was placed in the Postfix queue to be delivered to your user and the connection was closed. What part looks wierd to you?
Well I don't recognize the email address at all, I know all of my email users and don't think they'd be sending something to that email address.
I checked the zdi.com website. This is from the site: I don't know your SPAM prevention set-up, but if one of your users did not contact this site, I would think it was a piece of ***SPAM*** that got past your system. You might want to monitor you mail log for a few days and see if the user responds. I honestly don't think it was a hack attempt. Usually a hack attempt will try to login and they tend last for a while. I deliberately watched a kiddie-script try to get in on my server one night. It lasted over 3 hours trying all kinds of logins. I had just built the server so nothing was on it yet. They never got in.
Alright, Thanks for all of your help =) I guess I'm just a little worried about getting hacked. I just noticed this morning that there was a relay access denied message in there, which kind of re-assured me, and after a little google-ing I found I wasn't the only person getting it from that email address. Well thanks again, and I'll keep an eye on the log.
