You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-user@james.apache.org by Ole Ersoy <ol...@yahoo.com> on 2006/10/16 16:26:22 UTC
My james server got hacked
Hi,
A few days ago James was getting blocked up. I
noticed a lot of mail that I was not sending in the
outgoing/ directory.
My James password was 8 characters all text, and I
just changed it to make it more secure.
I changed the password on my James POP3 account (I'm
the only user).
Does anyone know of any other way to get mail into the
outgoing directory?
Does James have any type of password encryption
mechanism. Right now the password is in cleartext in
the config file.
I suppose I could create a checksum and just cut and
paste whenever I telnet in, but hopefully there's a
more ideal solution.
Thanks,
- Ole
P.S.
Here's an example of the type of mail in my outgoing
folder in case anyone knows if there are helpful clues
in there:
Return-Path: <>^M
Message-ID:
<14...@workstation.localdomain>^M
From: ole@pyramidetechnologies.com^M
To: coralcalder@rplh.com^M
Subject: Re:copernicusbipolarcreating^M
In-Reply-To: <29...@F9TAGC2>^M
Mime-Version: 1.0^M
Content-Type: multipart/mixed;
boundary="----=_Part_4_9838890.1160955044244"^M
Date: Mon, 16 Oct 2006 07:28:33 +0800^M
^M
------=_Part_4_9838890.1160955044244^M
Content-Type: multipart/alternative; ^M
boundary="----=_Part_5_5990238.1160955044244"^M
^M
------=_Part_5_5990238.1160955044244^M
Content-Type: text/plain; charset=us-ascii^M
Content-Transfer-Encoding: 7bit^M
Content-Disposition: inline^M
^M
We were unable to deliver the attached message because
of an error in the mail server.
Error message below:
550 - Requested action not taken: no such user here
Message details:
Subject: copernicusbipolarcreating
Sent date: Sun Oct 15 18:28:33 CDT 2006
MAIL FROM: coralcalder@rplh.com
RCPT TO: mail@pyramidetechnologies.com
info@pyramidetechnologies.com
home@pyramidetechnologies.com
guest@pyramidetechnologies.com
From: "diagonal" <co...@rplh.com>
To: <ma...@pyramidetechnologies.com>
Size (in bytes): 16700
^M
------=_Part_5_5990238.1160955044244--^M
^M
------=_Part_4_9838890.1160955044244--^M
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: My james server got hacked
Posted by Danny Angus <da...@gmail.com>.
Looks like someone (probably a spammer) has been trying to send mail
to accounts they *think* might connect to people (info@, home@, guest@
etc) James is replying automatically to say "they don't live here".
You might want to switch that off, otherwise its all legitimate,
perhaps a bit scary the first time! Someone tried to send mail to an
address that didn't exist is all.
d.
On 10/16/06, Ole Ersoy <ol...@yahoo.com> wrote:
> Hi,
>
> A few days ago James was getting blocked up. I
> noticed a lot of mail that I was not sending in the
> outgoing/ directory.
>
> My James password was 8 characters all text, and I
> just changed it to make it more secure.
>
> I changed the password on my James POP3 account (I'm
> the only user).
>
> Does anyone know of any other way to get mail into the
> outgoing directory?
>
> Does James have any type of password encryption
> mechanism. Right now the password is in cleartext in
> the config file.
>
> I suppose I could create a checksum and just cut and
> paste whenever I telnet in, but hopefully there's a
> more ideal solution.
>
> Thanks,
> - Ole
>
> P.S.
>
> Here's an example of the type of mail in my outgoing
> folder in case anyone knows if there are helpful clues
> in there:
>
> Return-Path: <>^M
> Message-ID:
> <14...@workstation.localdomain>^M
> From: ole@pyramidetechnologies.com^M
> To: coralcalder@rplh.com^M
> Subject: Re:copernicusbipolarcreating^M
> In-Reply-To: <29...@F9TAGC2>^M
> Mime-Version: 1.0^M
> Content-Type: multipart/mixed;
> boundary="----=_Part_4_9838890.1160955044244"^M
> Date: Mon, 16 Oct 2006 07:28:33 +0800^M
> ^M
> ------=_Part_4_9838890.1160955044244^M
> Content-Type: multipart/alternative; ^M
>
> boundary="----=_Part_5_5990238.1160955044244"^M
> ^M
> ------=_Part_5_5990238.1160955044244^M
> Content-Type: text/plain; charset=us-ascii^M
> Content-Transfer-Encoding: 7bit^M
> Content-Disposition: inline^M
> ^M
> We were unable to deliver the attached message because
> of an error in the mail server.
>
> Error message below:
> 550 - Requested action not taken: no such user here
>
> Message details:
> Subject: copernicusbipolarcreating
> Sent date: Sun Oct 15 18:28:33 CDT 2006
> MAIL FROM: coralcalder@rplh.com
> RCPT TO: mail@pyramidetechnologies.com
> info@pyramidetechnologies.com
> home@pyramidetechnologies.com
> guest@pyramidetechnologies.com
> From: "diagonal" <co...@rplh.com>
> To: <ma...@pyramidetechnologies.com>
> Size (in bytes): 16700
>
> ^M
> ------=_Part_5_5990238.1160955044244--^M
> ^M
> ------=_Part_4_9838890.1160955044244--^M
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: RemoteDelivery Gateway
Posted by Danny Angus <da...@gmail.com>.
It is telling you that James won't accept incoming mail from machines
who's IP addresses don't match those patterns, that should have
nothing to do with outgoing mail.
On 10/21/06, Ole Ersoy <ol...@yahoo.com> wrote:
> Hi,
>
> I'm trying to get James to deliver my mail via
> Comcast's smtp server.
>
> However I'm getting the following:
> 20/10/06 22:38:31 INFO James.Mailet:
> RemoteAddrNotInNetwork: Authorized addresses:
> [127.0.0.1/255.255.255.255, 192.168.1.0/255.255.255.0,
> 24.13.179.233/255.255.255.255]
>
> I added the gateway element per the wiki instructions
> like this:
>
> <gateway>''smtp.comcast.net''</gateway>
>
> I also tried it like this:
> <gateway>smtp.comcast.net</gateway>
>
> Any ideas?
>
> Thanks,
> - Ole
>
> --- Stefano Bagnara <ap...@bago.org> wrote:
>
> > Ole Ersoy wrote:
> > > Great to know I'm not hacked though. Whooessssh.
> > >
> > > I guess I'm just going to have to purchase an
> > > alternate SMPT port or something from my domain
> > name
> > > provider.
> >
> > You could also configure RemoteDelivery to use a
> > gateway smtp server and
> > use your provider smtp server as a gateway.
> >
> > Stefano
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > server-user-unsubscribe@james.apache.org
> > For additional commands, e-mail:
> > server-user-help@james.apache.org
> >
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: Are you sure? (Was: My james server got hacked)
Posted by Ole Ersoy <ol...@yahoo.com>.
Ah - I think Noel mentioned that as well, I'm
definitely checking that out next.
Thanks guys for all the help.
- Ole
--- Stefano Bagnara <ap...@bago.org> wrote:
> Ole Ersoy wrote:
> > Great to know I'm not hacked though. Whooessssh.
> >
> > I guess I'm just going to have to purchase an
> > alternate SMPT port or something from my domain
> name
> > provider.
>
> You could also configure RemoteDelivery to use a
> gateway smtp server and
> use your provider smtp server as a gateway.
>
> Stefano
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> server-user-unsubscribe@james.apache.org
> For additional commands, e-mail:
> server-user-help@james.apache.org
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: Are you sure? (Was: My james server got hacked)
Posted by Stefano Bagnara <ap...@bago.org>.
Ole Ersoy wrote:
> Great to know I'm not hacked though. Whooessssh.
>
> I guess I'm just going to have to purchase an
> alternate SMPT port or something from my domain name
> provider.
You could also configure RemoteDelivery to use a gateway smtp server and
use your provider smtp server as a gateway.
Stefano
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: Are you sure? (Was: My james server got hacked)
Posted by Ole Ersoy <ol...@yahoo.com>.
Hi Stefano,
Yes - pyramidetechnologies.com is my domain.
Oh - I think I understand what you are saying.
Someone sends Spam to pyramidetechnologies.com
But the person they are sending to is not here.
So James creates a message and puts it in outgoing, to
let them know that the recipient is invalid.
They block the return message (Probably because my ip
is dynamic) causing James to keep trying to send the
message.
Then mail starts to queue up in outgoing/
I tested this earlier with 10 threads and with only 10
threads outgoing/ keeps trying to send email to
recipients who are rejecting it presumably using all
10 threads, so that other email does not go out.
Great to know I'm not hacked though. Whooessssh.
I guess I'm just going to have to purchase an
alternate SMPT port or something from my domain name
provider.
Thank you very much for reviewing that,
- Ole
--- Stefano Bagnara <ap...@bago.org> wrote:
> Are you sure you have been hacked?
>
> I understand that "pyramidetechnologies.com" is the
> domain for your
> james server, right?
>
> Then the mail you see in the outgoing is a simple
> bounce that james
> create because it received a message for some
> invalid recipients on your
> domain.
>
> The abstractNotify mailet create such a message to
> be sent to the
> original sender to let him know that his message has
> not been delivered.
>
> That said I don't think you got hacked, or at least
> this mail has
> nothing special to lead us think so.
>
> Stefano
>
> Ole Ersoy wrote:
> > Hi,
> >
> > A few days ago James was getting blocked up. I
> > noticed a lot of mail that I was not sending in
> the
> > outgoing/ directory.
> >
> > My James password was 8 characters all text, and I
> > just changed it to make it more secure.
> >
> > I changed the password on my James POP3 account
> (I'm
> > the only user).
> >
> > Does anyone know of any other way to get mail into
> the
> > outgoing directory?
> >
> > Does James have any type of password encryption
> > mechanism. Right now the password is in cleartext
> in
> > the config file.
> >
> > I suppose I could create a checksum and just cut
> and
> > paste whenever I telnet in, but hopefully there's
> a
> > more ideal solution.
> >
> > Thanks,
> > - Ole
> >
> > P.S.
> >
> > Here's an example of the type of mail in my
> outgoing
> > folder in case anyone knows if there are helpful
> clues
> > in there:
> >
> > Return-Path: <>^M
> > Message-ID:
> >
>
<14...@workstation.localdomain>^M
> > From: ole@pyramidetechnologies.com^M
> > To: coralcalder@rplh.com^M
> > Subject: Re:copernicusbipolarcreating^M
> > In-Reply-To: <29...@F9TAGC2>^M
> > Mime-Version: 1.0^M
> > Content-Type: multipart/mixed;
> > boundary="----=_Part_4_9838890.1160955044244"^M
> > Date: Mon, 16 Oct 2006 07:28:33 +0800^M
> > ^M
> > ------=_Part_4_9838890.1160955044244^M
> > Content-Type: multipart/alternative; ^M
> >
> > boundary="----=_Part_5_5990238.1160955044244"^M
> > ^M
> > ------=_Part_5_5990238.1160955044244^M
> > Content-Type: text/plain; charset=us-ascii^M
> > Content-Transfer-Encoding: 7bit^M
> > Content-Disposition: inline^M
> > ^M
> > We were unable to deliver the attached message
> because
> > of an error in the mail server.
> >
> > Error message below:
> > 550 - Requested action not taken: no such user
> here
> >
> > Message details:
> > Subject: copernicusbipolarcreating
> > Sent date: Sun Oct 15 18:28:33 CDT 2006
> > MAIL FROM: coralcalder@rplh.com
> > RCPT TO: mail@pyramidetechnologies.com
> > info@pyramidetechnologies.com
> > home@pyramidetechnologies.com
> > guest@pyramidetechnologies.com
> > From: "diagonal" <co...@rplh.com>
> > To: <ma...@pyramidetechnologies.com>
> > Size (in bytes): 16700
> >
> > ^M
> > ------=_Part_5_5990238.1160955044244--^M
> > ^M
> > ------=_Part_4_9838890.1160955044244--^M
>
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> server-user-unsubscribe@james.apache.org
> For additional commands, e-mail:
> server-user-help@james.apache.org
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Are you sure? (Was: My james server got hacked)
Posted by Stefano Bagnara <ap...@bago.org>.
Are you sure you have been hacked?
I understand that "pyramidetechnologies.com" is the domain for your
james server, right?
Then the mail you see in the outgoing is a simple bounce that james
create because it received a message for some invalid recipients on your
domain.
The abstractNotify mailet create such a message to be sent to the
original sender to let him know that his message has not been delivered.
That said I don't think you got hacked, or at least this mail has
nothing special to lead us think so.
Stefano
Ole Ersoy wrote:
> Hi,
>
> A few days ago James was getting blocked up. I
> noticed a lot of mail that I was not sending in the
> outgoing/ directory.
>
> My James password was 8 characters all text, and I
> just changed it to make it more secure.
>
> I changed the password on my James POP3 account (I'm
> the only user).
>
> Does anyone know of any other way to get mail into the
> outgoing directory?
>
> Does James have any type of password encryption
> mechanism. Right now the password is in cleartext in
> the config file.
>
> I suppose I could create a checksum and just cut and
> paste whenever I telnet in, but hopefully there's a
> more ideal solution.
>
> Thanks,
> - Ole
>
> P.S.
>
> Here's an example of the type of mail in my outgoing
> folder in case anyone knows if there are helpful clues
> in there:
>
> Return-Path: <>^M
> Message-ID:
> <14...@workstation.localdomain>^M
> From: ole@pyramidetechnologies.com^M
> To: coralcalder@rplh.com^M
> Subject: Re:copernicusbipolarcreating^M
> In-Reply-To: <29...@F9TAGC2>^M
> Mime-Version: 1.0^M
> Content-Type: multipart/mixed;
> boundary="----=_Part_4_9838890.1160955044244"^M
> Date: Mon, 16 Oct 2006 07:28:33 +0800^M
> ^M
> ------=_Part_4_9838890.1160955044244^M
> Content-Type: multipart/alternative; ^M
>
> boundary="----=_Part_5_5990238.1160955044244"^M
> ^M
> ------=_Part_5_5990238.1160955044244^M
> Content-Type: text/plain; charset=us-ascii^M
> Content-Transfer-Encoding: 7bit^M
> Content-Disposition: inline^M
> ^M
> We were unable to deliver the attached message because
> of an error in the mail server.
>
> Error message below:
> 550 - Requested action not taken: no such user here
>
> Message details:
> Subject: copernicusbipolarcreating
> Sent date: Sun Oct 15 18:28:33 CDT 2006
> MAIL FROM: coralcalder@rplh.com
> RCPT TO: mail@pyramidetechnologies.com
> info@pyramidetechnologies.com
> home@pyramidetechnologies.com
> guest@pyramidetechnologies.com
> From: "diagonal" <co...@rplh.com>
> To: <ma...@pyramidetechnologies.com>
> Size (in bytes): 16700
>
> ^M
> ------=_Part_5_5990238.1160955044244--^M
> ^M
> ------=_Part_4_9838890.1160955044244--^M
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org