memel.parduin
Dabbler
- Joined
- Feb 13, 2012
- Messages
- 42
Hi all,
Yesterday one of my FreeNAS boxes started to send e-mails to various addresses unknown to me, some of them non-existent (I received a failure notice from my hosting provider mailer daemon). I'm a bit concerned, to say the least
I've been searching the net to find solutions and take counter measures, but I didn't get very far, since I'm a noob in these matters. The main thing I found out is that it's likely to be a script somewhere causing this. My mail log (/var/log/maillog) only reports "logfile turned over".
Here's what my mailer daemon returned me
The IP address in line 5 is unknown to me by the way. It originates from my country, and leads to a page showing the iis7 logo.
My FreeNAS box is only accessible from outside through SSH and openVPN (setup using the Joe Paetzel method), allowing replication and remote access to GUI and files.
Could anyone tell me where I should look to solve this problem? I'd be much obliged!
Memel
Yesterday one of my FreeNAS boxes started to send e-mails to various addresses unknown to me, some of them non-existent (I received a failure notice from my hosting provider mailer daemon). I'm a bit concerned, to say the least
I've been searching the net to find solutions and take counter measures, but I didn't get very far, since I'm a noob in these matters. The main thing I found out is that it's likely to be a script somewhere causing this. My mail log (/var/log/maillog) only reports "logfile turned over".
Here's what my mailer daemon returned me
Code:
Return-Path: <myserver@myplace.nl> Received: (qmail 9959 invoked from network); 30 Jul 2015 03:01:04 +0200 Received: from lb3-smtp-cloud2.myhost1.net (yyy.yyy.yyy.yyy) by serverX.myhost2.nl with (DHE-RSA-AES128-SHA encrypted) SMTP; 30 Jul 2015 03:01:04 +0200 Received: from myserver.local ([xxx.xxx.xxx.xxx]) by smtp-cloud2.myhost1.net with ESMTP id yR121q00Q2NBdZ601R141F; Thu, 30 Jul 2015 03:01:04 +0200 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Subject: myserver.local security run output From: myserver@myplace.nl To: sysadmin@myplace.nl Date: Thu, 30 Jul 2015 01:01:02 -0000 Message-ID: <freenas-20150730.010102.597497.ZiyN@myserver.local> X-FreeNAS-Host: myserver.local X-Mailer: FreeNAS CmRhbmllbC5sb2NhbCBwZiBkZW5pZWQgcGFja2V0czoKPiBibG9jayByZXR1cm4gaW4gYWxsIFsg RXZhbHVhdGlvbnM6IDExNTY2NyBQYWNrZXRzOiAxMTgzIEJ5dGVzOiAzOTI0NDUgU3RhdGVzOiAw IF0KPiBibG9jayByZXR1cm4gcXVpY2sgZnJvbSA8YnJ1dGVmb3JjZT4gdG8gYW55IFsgRXZhbHVh ...
The IP address in line 5 is unknown to me by the way. It originates from my country, and leads to a page showing the iis7 logo.
My FreeNAS box is only accessible from outside through SSH and openVPN (setup using the Joe Paetzel method), allowing replication and remote access to GUI and files.
Could anyone tell me where I should look to solve this problem? I'd be much obliged!
Memel