[BlueOnyx:04706] send mail Relay exploit

Hugo Sesma hsesma at gmail.com
Mon Jun 7 17:47:18 -05 2010 

Hi,

since friday our server has been exploited as a relay for several domains
who are spammers
we have Solar speed ver 5 installed and up to date but seems that the
exp´liot can't be detected

Here is some logs

Jun  7 16:23:14 ns1 sendmail[23694]: o57LMj4U023694:
from=<tbent at wanadoo.co.uk>, size=1509, class=0, nrcpts=50,
msgid=<201006072122.o57LMj4U023694 at ns1.abaco.net.mx>, proto=ESMTP,
daemon=MTA, relay=adsl1888.4u.com.gh [41.210.18.88]
Jun  7 16:23:14 ns1 sendmail[23694]: o57LMj4U023694: Milter add:
header: X-Virus-Scanned: clamav-milter 0.96.1 at ns1.abaco.net.mx
Jun  7 16:23:14 ns1 sendmail[23694]: o57LMj4U023694: Milter add:
header: X-Virus-Status: Clean
Jun  7 16:23:14 ns1 sendmail[23733]: o57LNBb5023733: lost input
channel from [188.48.168.35] to MTA after rcpt
Jun  7 16:23:14 ns1 sendmail[23733]: o57LNBb5023733:
from=<confluentBq at justnet.org>, size=0, class=0, nrcpts=0, proto=SMTP,
daemon=MTA, relay=[188.48.168.35]
Jun  7 16:23:15 ns1 sendmail[23674]: o57LLwBd023608:
to=<frederick.stone at snet.net>, delay=00:01:12, xdelay=00:00:06,
mailer=esmtp, pri=1591509, relay=snetmx9.prodigy.net. [207.115.36.22],
dsn=2.0.0, stat=Sent (o57MgVYP021714 Message accepted for delivery)
Jun  7 16:23:15 ns1 sendmail[23755]: o57LMj4U023694:
to=<fumble30 at aol.com>, delay=00:00:26, xdelay=00:00:01, mailer=esmtp,
pri=1591509, relay=mailin-02.mx.aol.com. [205.188.155.110], dsn=5.1.1,
stat=User unknown
Jun  7 16:23:15 ns1 sendmail[23755]: o57LMj4U023694:
to=<fulte at aol.com>, delay=00:00:26, xdelay=00:00:01, mailer=esmtp,
pri=1591509, relay=mailin-02.mx.aol.com. [205.188.155.110], dsn=5.1.1,
stat=User unknown
Jun  7 16:23:15 ns1 sendmail[23755]: o57LMj4U023694:
to=<fuls8 at aol.com>, delay=00:00:26, xdelay=00:00:01, mailer=esmtp,
pri=1591509, relay=mailin-02.mx.aol.com. [205.188.155.110], dsn=5.1.1,
stat=User unknown
Jun  7 16:23:16 ns1 sendmail[23674]: o57LLwBd023608:
to=<frederick.louie at sun.com>, delay=00:01:13, xdelay=00:00:01,
mailer=esmtp, pri=1591509, relay=btmx4.sun.com. [192.5.209.6],
dsn=2.0.0, stat=Sent (Message received and queued)
Jun  7 16:23:16 ns1 sendmail[23755]: o57LMj4U023694:
to=<fultonmr at aol.com>,<fultimeslackervb at aol.com>,<fulmoon19 at aol.com>,<fulltipz at aol.com>,
delay=00:00:27, xdelay=00:00:02, mailer=esmtp, pri=1591509,
relay=mailin-02.mx.aol.com. [205.188.155.110], dsn=2.0.0, stat=Sent
(2.0.0 Ok: queued as 3EC3F38000CAD)

Any suggestion will be apreciate.

thanks in advance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20100607/c21ca4d1/attachment.html>

More information about the Blueonyx mailing list