[BlueOnyx:06795] Server haked?

Hugo Sesma hsesma at gmail.com
Thu Mar 24 11:12:46 -05 2011 

Hi,

yesterday I've noticed tha the mail log has entries as shown in the log with
an empty from=<> field is this a hack or there is any other sympthom I could
look for.

Thanks in advance

Mar 23 08:51:29 ns1 sendmail[7123]: p2NEpRPb007123: from=<>,
size=2488, class=0, nrcpts=1,
msgid=<201103231451.p2NEpRPb007123 at ns1.abaco.net.mx>, proto=ESMTP,
daemon=MSA, relay=dsl-189-247-108-69-dyn.prod-infinitum.com.mx
[189.247.108.69] (may be forged)
Mar 23 09:50:38 ns1 sendmail[12615]: p2NFoblu012615: from=<>, size=0,
class=0, nrcpts=0, proto=SMTP, daemon=MTA,
relay=mx.mailscanservice.com [174.133.213.146]
Mar 23 09:50:38 ns1 sendmail[12615]: p2NFoblv012615: from=<>, size=0,
class=0, nrcpts=1, proto=SMTP, daemon=MTA,
relay=mx.mailscanservice.com [174.133.213.146]
Mar 23 09:56:50 ns1 sendmail[13194]: p2NFujLl013194: from=<>,
size=2459, class=0, nrcpts=1,
msgid=<201103231556.p2NFujLl013194 at ns1.abaco.net.mx>, proto=ESMTP,
daemon=MSA, relay=dsl-189-247-108-69-dyn.prod-infinitum.com.mx
[189.247.108.69] (may be forged)
Mar 23 10:15:28 ns1 sendmail[15936]: p2NGFLSG015936: from=<>,
size=2502, class=0, nrcpts=1,
msgid=<201103231615.p2NGFLSG015936 at ns1.abaco.net.mx>, proto=ESMTP,
daemon=MSA, relay=dsl-201-124-78-62-dyn.prod-infinitum.com.mx
[201.124.78.62] (may be forged)
Mar 23 11:53:34 ns1 sendmail[28114]: p2NHrWUT028114: from=<>,
size=2745, class=0, nrcpts=1,
msgid=<EXCHANGEspDKicUbvBD00000d37 at exchange.nacobre.com.mx>,
proto=ESMTP, daemon=MTA,
relay=customer-148-223-253-35.uninet-ide.com.mx [148.223.253.35] (may
be forged)
Mar 23 13:23:52 ns1 sendmail[15118]: p2NJNoUG015118: from=<>,
size=138444, class=0, nrcpts=1,
msgid=<OF1C66F029.E3F48B1B-ON8625785C.006BC2B5-8625785C.006B7D56 at metlife.com.mx>,
proto=ESMTP, daemon=MTA, relay=imsa.metlife.com.mx [200.53.119.250]
Mar 23 13:49:46 ns1 sendmail[18378]: p2NJnhPG018378: from=<>,
size=2576, class=0, nrcpts=1,
msgid=<201103231949.p2NJnhPG018378 at ns1.abaco.net.mx>, proto=ESMTP,
daemon=MSA, relay=dsl-189-247-108-69-dyn.prod-infinitum.com.mx
[189.247.108.69] (may be forged)
Mar 23 14:42:21 ns1 sendmail[24057]: p2NKgIHi024057: from=<>,
size=1563, class=0, nrcpts=1,
msgid=<B8426D9F0B352E4AB303AAD4E5DAE76D17B4118406 at EXCHMAILVIRTM.ixecorp.ixe.com.mx>,
proto=ESMTP, daemon=MTA, relay=mail4.ixe.com.mx [200.23.204.15]
Mar 23 16:21:54 ns1 sendmail[3942]: p2NMLq3A003942: from=<>,
size=5307, class=0, nrcpts=1,
msgid=<7fc966fd-41f4-4242-bd3d-b285e4fc16ed>, proto=ESMTP, daemon=MTA,
relay=mail.ahmsa.com [207.248.158.22]
Mar 23 16:53:39 ns1 sendmail[7133]: p2NMrcbd007133: from=<>, size=0,
class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=mx06.suantispam.com
[74.54.239.80]
Mar 23 16:53:39 ns1 sendmail[7133]: p2NMrcbe007133: from=<>, size=0,
class=0, nrcpts=1, proto=SMTP, daemon=MTA, relay=mx06.suantispam.com
[74.54.239.80]
Mar 23 17:39:14 ns1 sendmail[11708]: p2NNdDJ4011708: from=<>, size=0,
class=0, nrcpts=0, proto=SMTP, daemon=MTA,
relay=mx.mailscanservice.com [174.133.213.146]
Mar 23 17:39:15 ns1 sendmail[11708]: p2NNdDJ5011708: from=<>, size=0,
class=0, nrcpts=1, proto=SMTP, daemon=MTA,
relay=mx.mailscanservice.com [174.133.213.146]
Mar 23 17:41:37 ns1 sendmail[12058]: p2NNfafF012058: from=<>, size=0,
class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=smtp.iwsservers.com
[205.251.131.20]
Mar 23 17:41:38 ns1 sendmail[12058]: p2NNfafG012058: from=<>, size=0,
class=0, nrcpts=1, proto=SMTP, daemon=MTA, relay=smtp.iwsservers.com
[205.251.131.20]
Mar 23 20:03:19 ns1 sendmail[27166]: p2O23GtV027166: from=<>,
size=1174, class=0, nrcpts=1,
msgid=<201103240203.p2O23GtV027166 at ns1.abaco.net.mx>, proto=ESMTP,
daemon=MSA, relay=dsl-189-134-88-172-dyn.prod-infinitum.com.mx
[189.134.88.172] (may be forged)
Mar 23 23:48:43 ns1 sendmail[12062]: p2O5mf7H012062: from=<>,
size=2890, class=0, nrcpts=1, msgid=<2523f1$en7s31 at pluto.ksr.lan>,
proto=ESMTP, daemon=MTA, relay=smtpout.karoo.kcom.com [212.50.160.34]
Mar 24 01:51:34 ns1 sendmail[21693]: p2O7pWBe021693: from=<>,
size=3153, class=0, nrcpts=1,
msgid=<A0nQsx33E00097663 at COL0-MC2-F35.Col0.hotmail.com>, proto=ESMTP,
daemon=MTA, relay=col0-omc4-s4.col0.hotmail.com [65.55.34.206]
Mar 24 01:51:34 ns1 sendmail[21694]: p2O7pWpY021694: from=<>,
size=3104, class=0, nrcpts=1,
msgid=<20110324080320.4709E21940 at ldmistage1.mbo.com>, proto=SMTP,
daemon=MTA, relay=reverse.252.147.118.64.static.ldmi.com
[64.118.147.252] (may be forged)
Mar 24 08:21:54 ns1 sendmail[18878]: p2OELqvo018878: from=<>,
size=2427, class=0, nrcpts=1,
msgid=<201103241421.p2OELqvo018878 at ns1.abaco.net.mx>, proto=ESMTP,
daemon=MSA, relay=dsl-189-247-108-69-dyn.prod-infinitum.com.mx
[189.247.108.69] (may be forged)
Mar 24 09:12:00 ns1 sendmail[22957]: p2OFBwgc022957: from=<>, size=0,
class=0, nrcpts=0, proto=ESMTP, daemon=MTA,
relay=mail-vx0-f194.google.com [209.85.220.194]
Mar 24 09:16:20 ns1 sendmail[23508]: p2OFGJrj023508: from=<>,
size=2493, class=0, nrcpts=1,
msgid=<201103241516.p2OFGJrj023508 at ns1.abaco.net.mx>, proto=ESMTP,
daemon=MSA, relay=dsl-189-247-108-69-dyn.prod-infinitum.com.mx
[189.247.108.69] (may be forged)

    Last lines of /var/log/maillog    Only show lines with text
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20110324/f15d1ce9/attachment.html>

More information about the Blueonyx mailing list