Hey folks:<br><br>I think my mailserver has been cracked. It's on a fully updated Debian Sarge running Postfix.<br clear="all"><br>I woke up this morning to find this:<br><br><pre>Mar 6 07:56:47 caliban postfix/smtp[7632]: C3B4C42607: to=
<a class="moz-txt-link-rfc2396E" href="mailto:anatoliy@zlat.dp.ua"><anatoliy@zlat.dp.ua></a>, relay=webhoster.dp.ua[<a href="http://195.24.144.32">195.24.144.32</a>], delay=9, status=deferred (host webhoster.dp.ua[<a href="http://195.24.144.32">
195.24.144.32</a>] refused to talk to me: 421 4.4.5 Directory harvest attack detected)<br><br>Now my mail queue is full of:<br><br>Mar 6 12:10:12 caliban postfix/smtp[12294]: 7362B42DCC: to=<a class="moz-txt-link-rfc2396E" href="mailto:bvsuxar@of.racial.attack.com">
<bvsuxar@of.racial.attack.com></a>, relay=of.racial.attack.com[<a href="http://67.107.40.9">67.107.40.9</a>], delay=1705, status=deferred (host of.racial.attack.com[<a href="http://67.107.40.9">67.107.40.9</a>] refused to talk to me: 554
5.7.1 <a href="http://chifw001.inforte.com">chifw001.inforte.com</a> Connection not authorized)<br>Mar 6 12:13:53 caliban postfix/smtp[12239]: 8AACB43170: to=<a class="moz-txt-link-rfc2396E" href="mailto:job@novattack.com.ua">
<job@novattack.com.ua></a>, relay=omega.uar.net[<a href="http://194.44.214.39">194.44.214.39</a>], delay=145, status=bounced (host omega.uar.net[<a href="http://194.44.214.39">194.44.214.39</a>] said: 554 5.7.1 Dynamic address
<a href="http://dsl-58-6-5-170.wa.westnet.com.au">dsl-58-6-5-170.wa.westnet.com.au</a> [<a href="http://58.6.5.170">58.6.5.170</a>] , use your provider's SMTP-server (in reply to RCPT TO command))<br>Mar 6 12:16:50 caliban postfix/qmgr[11082]: 64ED34316E: from=
<a class="moz-txt-link-rfc2396E" href="mailto:sb@art.attack.com"><sb@art.attack.com></a>, size=5678, nrcpt=4 (queue active)<br></pre><br>Suggestions?<br><br>skribe<br>-- <br>One dog said to the other - <br><br> <a href="http://onedogsaid.blogspot.com">
http://onedogsaid.blogspot.com</a>