Webserver wurde gehackt und es werden Spams versendet!

[dilbar]

Hallo an alle admins,

ich habe ein Problem ich habe einen Hacker und spammer auf meinen Confrixx 2.0 server von 1und1 auf einen Linux 8.0 server.

Diese sendet und empfängt keine emails mehr.

Was kann ich machen tun?

Bitte helft mir.

Ein paar auszüge aus den wichtigen logs.

*************************Mail Log***********************
Jul 14 00:16:04 p15146993 postfix/smtp[5965]: 9794F2B75DA: to=<iceman_ng2001@yahoo.com>, relay=mx3.mail.yahoo.com[4.79.181.134], delay=35754, status=sent (250 ok dirdel)
Jul 14 00:16:04 p15146993 postfix/smtp[6664]: D49512C3412: to=<janderson@perf-cap.com>, relay=perf-cap.com[66.225.255.53], delay=30338, status=sent (250 OK id=1G19Ts-0004vy-0L)
Jul 14 00:16:04 p15146993 postfix/qmgr[601]: D4EC22D099C: from=<wwwrun@p15146993.pureserver.info>, size=2360, nrcpt=1 (queue active)
Jul 14 00:16:04 p15146993 postfix/qmgr[601]: D4CDE2D0A43: from=<wwwrun@p15146993.pureserver.info>, size=2361, nrcpt=1 (queue active)
Jul 14 00:16:07 p15146993 postfix/smtp[4508]: 97C672B76F7: to=<jboabo@yahoo.com>, relay=mx3.mail.yahoo.com[64.156.215.18], delay=35738, status=sent (250 ok dirdel)
Jul 14 00:16:07 p15146993 postfix/qmgr[601]: D4FA52D0BA7: from=<wwwrun@p15146993.pureserver.info>, size=2358, nrcpt=1 (queue active)
Jul 14 00:16:08 p15146993 postfix/smtp[5965]: 97C0E2B788E: to=<jokingdawg200312345@yahoo.com>, relay=mx3.mail.yahoo.com[4.79.181.134], delay=35707, status=bounced (host mx3.mail.yahoo.com[4.79.181.134] said: 554 delivery error: dd Sorry your message to jokingdawg200312345@yahoo.com cannot be delivered. This account has been disabled or discontinued [#102]. - mta315.mail.mud.yahoo.com)
Jul 14 00:16:08 p15146993 postfix/cleanup[6460]: 730732B749B: message-id=<20060713221608.730732B749B@p15146993.pureserver.info>
Jul 14 00:16:08 p15146993 postfix/qmgr[601]: D40C02D0C86: from=<wwwrun@p15146993.pureserver.info>, size=2361, nrcpt=1 (queue active)
Jul 14 00:16:09 p15146993 postfix/smtp[6664]: 979EB2B78EF: to=<jromo98@yahoo.com>, relay=mx3.mail.yahoo.com[67.28.113.19], delay=35701, status=bounced (host mx3.mail.yahoo.com[67.28.113.19] said: 554 delivery error: dd Sorry your message to jromo98@yahoo.com cannot be delivered. This account has been disabled or discontinued [#102]. - mta223.mail.re2.yahoo.com)
Jul 14 00:16:09 p15146993 postfix/cleanup[6353]: 320182B75DA: message-id=<20060713221609.320182B75DA@p15146993.pureserver.info>
Jul 14 00:16:09 p15146993 postfix/qmgr[601]: D47D72D0CE3: from=<wwwrun@p15146993.pureserver.info>, size=2363, nrcpt=1 (queue active)
Jul 14 00:16:09 p15146993 postfix/smtpd[6559]: disconnect from mforward.dtag.de[194.25.242.123]
Jul 14 00:16:13 p15146993 popper[6868]: Stats: web4p97 0 0 0 0 h247-217.dus.net 82.100.247.217 [pop_updt.c:296]
Jul 14 00:16:13 p15146993 postfix/smtp[5026]: 9B8102B72D5: to=<megra333@yahoo.com>, relay=mx3.mail.yahoo.com[4.79.181.13], delay=34144, status=sent (250 ok dirdel)
Jul 14 00:16:13 p15146993 postfix/qmgr[601]: D4E652D0D13: from=<wwwrun@p15146993.pureserver.info>, size=2362, nrcpt=1 (queue active)
Jul 14 00:16:13 p15146993 postfix/smtp[5965]: D40C02D0C86: to=<tnhound@highstream.net>, relay=m1.highstream.net[65.214.41.101], delay=30138, status=bounced (host m1.highstream.net[65.214.41.101] said: 550 no such user (#5.1.1))
Jul 14 00:16:13 p15146993 postfix/cleanup[6524]: CBB4B2B72D5: message-id=<20060713221613.CBB4B2B72D5@p15146993.pureserver.info>
Jul 14 00:16:13 p15146993 postfix/qmgr[601]: D41A72D0D2C: from=<wwwrun@p15146993.pureserver.info>, size=2366, nrcpt=1 (queue active)
Jul 14 00:16:14 p15146993 postfix/smtp[4991]: D4CBA2D0659: to=<kbandy@lapoynor.esc7.net>, relay=esc7spam.esc7.net[69.155.178.215], delay=30297, status=sent (250 2.6.0 Message Accepted)
Jul 14 00:16:14 p15146993 postfix/qmgr[601]: D49BA2D0DB1: from=<wwwrun@p15146993.pureserver.info>, size=2363, nrcpt=1 (queue active)
Jul 14 00:16:14 p15146993 postfix/smtp[5967]: connect to mx3.mail.yahoo.com[67.28.113.11]: Connection timed out (port 25)
Jul 14 00:16:15 p15146993 postfix/smtp[5967]: 9A48F2BA653: to=<samsgrl18_2002@yahoo.com>, relay=mx3.mail.yahoo.com[4.79.181.13], delay=33983, status=bounced (host mx3.mail.yahoo.com[4.79.181.13] said: 554 delivery error: dd This user doesn't have a yahoo.com account (samsgrl18_2002@yahoo.com) [0] - mta172.mail.mud.yahoo.com)
Jul 14 00:16:15 p15146993 postfix/cleanup[6460]: 8B6F92B76F7: message-id=<20060713221615.8B6F92B76F7@p15146993.pureserver.info>
Jul 14 00:16:15 p15146993 postfix/qmgr[601]: D435B2D0FB1: from=<wwwrun@p15146993.pureserver.info>, size=2360, nrcpt=1 (queue active)
***************************************************************

*****************************messeges***********************
Jul 14 12:08:00 p15146993 /USR/SBIN/CRON[5536]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:08:37 p15146993 PAM-warn[5323]: function=[pam_sm_authenticate] service=[smtp] terminal=[<unknown>] user=[web4p19] ruser=[<unknown>] rhost=[<unknown>]
Jul 14 12:09:00 p15146993 /USR/SBIN/CRON[5610]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:10:01 p15146993 /USR/SBIN/CRON[5670]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:10:20 p15146993 PAM-warn[5323]: function=[pam_sm_authenticate] service=[smtp] terminal=[<unknown>] user=[web4p101] ruser=[<unknown>] rhost=[<unknown>]
Jul 14 12:11:00 p15146993 /USR/SBIN/CRON[5773]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:12:00 p15146993 /USR/SBIN/CRON[5889]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:12:50 p15146993 PAM-warn[5323]: function=[pam_sm_authenticate] service=[smtp] terminal=[<unknown>] user=[web4p36] ruser=[<unknown>] rhost=[<unknown>]
Jul 14 12:13:00 p15146993 /USR/SBIN/CRON[5958]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:14:01 p15146993 /USR/SBIN/CRON[5981]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:14:35 p15146993 PAM-warn[6018]: function=[pam_sm_authenticate] service=[smtp] terminal=[<unknown>] user=[web4p101] ruser=[<unknown>] rhost=[<unknown>]
Jul 14 12:14:41 p15146993 PAM-warn[6027]: function=[pam_sm_authenticate] service=[smtp] terminal=[<unknown>] user=[web4p84] ruser=[<unknown>] rhost=[<unknown>]
Jul 14 12:14:57 p15146993 PAM-warn[6027]: function=[pam_sm_authenticate] service=[smtp] terminal=[<unknown>] user=[web4p84] ruser=[<unknown>] rhost=[<unknown>]
Jul 14 12:15:00 p15146993 /USR/SBIN/CRON[6078]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:16:00 p15146993 /USR/SBIN/CRON[6141]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:17:00 p15146993 /USR/SBIN/CRON[6190]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:18:01 p15146993 /USR/SBIN/CRON[6247]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:18:16 p15146993 PAM-warn[6016]: function=[pam_sm_authenticate] service=[smtp] terminal=[<unknown>] user=[web4p84] ruser=[<unknown>] rhost=[<unknown>]
Jul 14 12:19:00 p15146993 /USR/SBIN/CRON[6309]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:20:00 p15146993 /USR/SBIN/CRON[6342]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:21:00 p15146993 /USR/SBIN/CRON[6380]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:22:00 p15146993 /USR/SBIN/CRON[6418]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:23:01 p15146993 /USR/SBIN/CRON[6454]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:23:44 p15146993 PAM-warn[3504]: function=[pam_sm_authenticate] service=[smtp] terminal=[<unknown>] user=[web4p101] ruser=[<unknown>] rhost=[<unknown>]
Jul 14 12:24:00 p15146993 /USR/SBIN/CRON[6494]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:24:29 p15146993 PAM-warn[3504]: function=[pam_sm_authenticate] service=[smtp] terminal=[<unknown>] user=[web14p1] ruser=[<unknown>] rhost=[<unknown>]
Jul 14 12:25:01 p15146993 /USR/SBIN/CRON[6546]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:26:00 p15146993 /USR/SBIN/CRON[6606]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:27:00 p15146993 /USR/SBIN/CRON[6682]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:28:01 p15146993 /USR/SBIN/CRON[6767]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:29:00 p15146993 /USR/SBIN/CRON[6810]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:30:00 p15146993 /USR/SBIN/CRON[6886]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:31:00 p15146993 /USR/SBIN/CRON[6987]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:32:00 p15146993 /USR/SBIN/CRON[7054]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:33:01 p15146993 /USR/SBIN/CRON[7130]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:33:59 p15146993 /USR/SBIN/CRON[7218]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:35:01 p15146993 /USR/SBIN/CRON[7274]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:36:00 p15146993 /USR/SBIN/CRON[7324]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:37:00 p15146993 /USR/SBIN/CRON[7390]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:37:36 p15146993 PAM-warn[7339]: function=[pam_sm_authenticate] service=[smtp] terminal=[<unknown>] user=[web4p84] ruser=[<unknown>] rhost=[<unknown>]
Jul 14 12:38:00 p15146993 /USR/SBIN/CRON[7450]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:39:00 p15146993 /USR/SBIN/CRON[7541]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:40:00 p15146993 /USR/SBIN/CRON[7581]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:41:01 p15146993 /USR/SBIN/CRON[7613]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:42:00 p15146993 /USR/SBIN/CRON[7663]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:43:01 p15146993 /USR/SBIN/CRON[7712]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:44:00 p15146993 /USR/SBIN/CRON[7756]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:45:00 p15146993 /USR/SBIN/CRON[7825]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:46:01 p15146993 /USR/SBIN/CRON[7893]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:47:00 p15146993 /USR/SBIN/CRON[7949]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:47:47 p15146993 PAM-warn[7347]: function=[pam_sm_authenticate] service=[smtp] terminal=[<unknown>] user=[web23p2] ruser=[<unknown>] rhost=[<unknown>]
Jul 14 12:48:00 p15146993 /USR/SBIN/CRON[7993]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:49:00 p15146993 /USR/SBIN/CRON[8041]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:49:50 p15146993 PAM-warn[8077]: function=[pam_sm_authenticate] service=[smtp] terminal=[<unknown>] user=[web4p3] ruser=[<unknown>] rhost=[<unknown>]
Jul 14 12:50:01 p15146993 /USR/SBIN/CRON[8098]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:50:13 p15146993 sshd[8108]: Accepted password for root from 87.106.9.121 port 51492 ssh2
Jul 14 12:50:29 p15146993 PAM-warn[8028]: function=[pam_sm_authenticate] service=[smtp] terminal=[<unknown>] user=[web4p54] ruser=[<unknown>] rhost=[<unknown>]
Jul 14 12:51:00 p15146993 /USR/SBIN/CRON[8176]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:51:31 p15146993 sshd[8213]: Accepted password for root from 87.106.9.121 port 51493 ssh2
Jul 14 12:51:38 p15146993 sshd[8521]: Accepted password for root from 87.106.9.121 port 51494 ssh2
Jul 14 12:52:01 p15146993 /USR/SBIN/CRON[8564]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:53:00 p15146993 /USR/SBIN/CRON[8615]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:53:01 p15146993 sshd[8621]: Accepted password for root from 87.106.9.121 port 41848 ssh2
Jul 14 12:54:00 p15146993 /USR/SBIN/CRON[8877]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:55:00 p15146993 /USR/SBIN/CRON[9088]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:55:25 p15146993 PAM-warn[7909]: function=[pam_sm_authenticate] service=[smtp] terminal=[<unknown>] user=[web4p3] ruser=[<unknown>] rhost=[<unknown>]
Jul 14 12:56:00 p15146993 /USR/SBIN/CRON[9230]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:57:00 p15146993 /USR/SBIN/CRON[9354]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:57:59 p15146993 /USR/SBIN/CRON[9462]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 12:59:00 p15146993 /USR/SBIN/CRON[9572]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly)
Jul 14 12:59:00 p15146993 /USR/SBIN/CRON[9573]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:00:00 p15146993 /USR/SBIN/CRON[9679]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:01:00 p15146993 /USR/SBIN/CRON[9794]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:02:00 p15146993 /USR/SBIN/CRON[9904]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:03:00 p15146993 /USR/SBIN/CRON[10018]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:04:00 p15146993 /USR/SBIN/CRON[10098]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:04:38 p15146993 PAM-warn[9227]: function=[pam_sm_authenticate] service=[smtp] terminal=[<unknown>] user=[web14p1] ruser=[<unknown>] rhost=[<unknown>]
Jul 14 13:05:01 p15146993 /USR/SBIN/CRON[10188]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:06:00 p15146993 /USR/SBIN/CRON[10272]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:06:37 p15146993 PAM-warn[9225]: function=[pam_sm_authenticate] service=[smtp] terminal=[<unknown>] user=[web4p63] ruser=[<unknown>] rhost=[<unknown>]
Jul 14 13:07:00 p15146993 /USR/SBIN/CRON[10372]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:08:00 p15146993 /USR/SBIN/CRON[10453]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:08:28 p15146993 PAM-warn[10520]: function=[pam_sm_authenticate] service=[smtp] terminal=[<unknown>] user=[web4p19] ruser=[<unknown>] rhost=[<unknown>]
Jul 14 13:09:01 p15146993 /USR/SBIN/CRON[10600]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:10:01 p15146993 /USR/SBIN/CRON[10754]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:11:00 p15146993 /USR/SBIN/CRON[10864]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:12:00 p15146993 /USR/SBIN/CRON[10963]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:12:04 p15146993 PAM-warn[10886]: function=[pam_sm_authenticate] service=[smtp] terminal=[<unknown>] user=[web4p34] ruser=[<unknown>] rhost=[<unknown>]
Jul 14 13:13:01 p15146993 /USR/SBIN/CRON[11071]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:13:59 p15146993 /USR/SBIN/CRON[11174]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:15:00 p15146993 /USR/SBIN/CRON[11295]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:16:00 p15146993 /USR/SBIN/CRON[11420]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:17:00 p15146993 /USR/SBIN/CRON[11545]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:17:59 p15146993 /USR/SBIN/CRON[11665]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:19:00 p15146993 /USR/SBIN/CRON[11773]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:20:00 p15146993 /USR/SBIN/CRON[11913]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:21:00 p15146993 /USR/SBIN/CRON[12174]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:22:00 p15146993 /USR/SBIN/CRON[12399]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:23:00 p15146993 /USR/SBIN/CRON[12600]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:24:00 p15146993 /USR/SBIN/CRON[12825]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:24:59 p15146993 /USR/SBIN/CRON[12959]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:26:00 p15146993 /USR/SBIN/CRON[13124]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:27:01 p15146993 /USR/SBIN/CRON[13270]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:28:00 p15146993 /USR/SBIN/CRON[13449]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:28:36 p15146993 sshd[13531]: Accepted password for root from 82.100.247.217 port 34295 ssh2
Jul 14 13:28:36 p15146993 sshd[13531]: subsystem request for sftp
Jul 14 13:28:51 p15146993 PAM-warn[10520]: function=[pam_sm_authenticate] service=[smtp] terminal=[<unknown>] user=[web4p2] ruser=[<unknown>] rhost=[<unknown>]
Jul 14 13:29:00 p15146993 PAM-warn[10998]: function=[pam_sm_authenticate] service=[smtp] terminal=[<unknown>] user=[web4p101] ruser=[<unknown>] rhost=[<unknown>]
Jul 14 13:29:01 p15146993 /USR/SBIN/CRON[13661]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Jul 14 13:30:00 p15146993 /USR/SBIN/CRON[13801]: (root) CMD (/root/confixx/confixx_counterscript.pl)
***************************************************************

************************warn.log******************************
Jul 14 12:56:57 p15146993 postfix/smtpd[9345]: warning: database /etc/postfix/access.db is older than source file /etc/postfix/access
Jul 14 12:56:57 p15146993 postfix/cleanup[9346]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 12:56:57 p15146993 postfix/cleanup[9346]: warning: database /etc/postfix/sender_canonical.db is older than source file /etc/postfix/sender_canonical
Jul 14 12:56:57 p15146993 postfix/cleanup[9346]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 12:56:57 p15146993 postfix/cleanup[9347]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 12:56:57 p15146993 postfix/cleanup[9347]: warning: database /etc/postfix/sender_canonical.db is older than source file /etc/postfix/sender_canonical
Jul 14 12:56:57 p15146993 postfix/cleanup[9347]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 12:58:36 p15146993 postfix/cleanup[9517]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 12:58:36 p15146993 postfix/cleanup[9517]: warning: database /etc/postfix/sender_canonical.db is older than source file /etc/postfix/sender_canonical
Jul 14 12:58:36 p15146993 postfix/cleanup[9517]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 12:58:36 p15146993 postfix/cleanup[9518]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 12:58:36 p15146993 postfix/cleanup[9518]: warning: database /etc/postfix/sender_canonical.db is older than source file /etc/postfix/sender_canonical
Jul 14 12:58:36 p15146993 postfix/cleanup[9518]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 12:58:37 p15146993 postfix/cleanup[9521]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 12:58:37 p15146993 postfix/cleanup[9521]: warning: database /etc/postfix/sender_canonical.db is older than source file /etc/postfix/sender_canonical
Jul 14 12:58:37 p15146993 postfix/cleanup[9521]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 12:58:38 p15146993 postfix/cleanup[9522]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 12:58:38 p15146993 postfix/cleanup[9522]: warning: database /etc/postfix/sender_canonical.db is older than source file /etc/postfix/sender_canonical
Jul 14 12:58:38 p15146993 postfix/cleanup[9522]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 12:58:42 p15146993 postfix/cleanup[9529]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 12:58:42 p15146993 postfix/cleanup[9529]: warning: database /etc/postfix/sender_canonical.db is older than source file /etc/postfix/sender_canonical
Jul 14 12:58:42 p15146993 postfix/cleanup[9529]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 12:58:42 p15146993 postfix/cleanup[9530]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 12:58:42 p15146993 postfix/cleanup[9530]: warning: database /etc/postfix/sender_canonical.db is older than source file /etc/postfix/sender_canonical
Jul 14 12:58:42 p15146993 postfix/cleanup[9530]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 12:58:42 p15146993 postfix/smtpd[9531]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 12:58:42 p15146993 postfix/smtpd[9531]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 12:58:42 p15146993 postfix/smtpd[9531]: warning: database /etc/postfix/relocated.db is older than source file /etc/postfix/relocated
Jul 14 12:58:42 p15146993 postfix/smtpd[9531]: warning: database /etc/postfix/access.db is older than source file /etc/postfix/access
Jul 14 12:58:43 p15146993 postfix/cleanup[9532]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 12:58:43 p15146993 postfix/cleanup[9532]: warning: database /etc/postfix/sender_canonical.db is older than source file /etc/postfix/sender_canonical
Jul 14 12:58:43 p15146993 postfix/cleanup[9532]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 12:58:44 p15146993 postfix/cleanup[9533]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 12:58:44 p15146993 postfix/cleanup[9533]: warning: database /etc/postfix/sender_canonical.db is older than source file /etc/postfix/sender_canonical
Jul 14 12:58:44 p15146993 postfix/cleanup[9533]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 12:58:44 p15146993 postfix/smtpd[9534]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 12:58:44 p15146993 postfix/smtpd[9534]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 12:58:44 p15146993 postfix/smtpd[9534]: warning: database /etc/postfix/relocated.db is older than source file /etc/postfix/relocated
Jul 14 12:58:44 p15146993 postfix/smtpd[9534]: warning: database /etc/postfix/access.db is older than source file /etc/postfix/access
Jul 14 12:58:46 p15146993 postfix/smtpd[9540]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 12:58:46 p15146993 postfix/smtpd[9540]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 12:58:46 p15146993 postfix/smtpd[9540]: warning: database /etc/postfix/relocated.db is older than source file /etc/postfix/relocated
Jul 14 12:58:46 p15146993 postfix/smtpd[9540]: warning: database /etc/postfix/access.db is older than source file /etc/postfix/access
Jul 14 12:58:46 p15146993 postfix/cleanup[9541]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 12:58:46 p15146993 postfix/cleanup[9541]: warning: database /etc/postfix/sender_canonical.db is older than source file /etc/postfix/sender_canonical
Jul 14 12:58:46 p15146993 postfix/cleanup[9541]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 12:58:50 p15146993 postfix/cleanup[9547]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 12:58:50 p15146993 postfix/cleanup[9547]: warning: database /etc/postfix/sender_canonical.db is older than source file /etc/postfix/sender_canonical
Jul 14 12:58:50 p15146993 postfix/cleanup[9547]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 12:58:50 p15146993 postfix/smtpd[9553]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 12:58:50 p15146993 postfix/smtpd[9553]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 12:58:50 p15146993 postfix/smtpd[9553]: warning: database /etc/postfix/relocated.db is older than source file /etc/postfix/relocated
Jul 14 12:58:50 p15146993 postfix/smtpd[9553]: warning: database /etc/postfix/access.db is older than source file /etc/postfix/access
Jul 14 13:01:44 p15146993 postfix/smtp[5405]: warning: valid_hostname: empty hostname
Jul 14 13:01:44 p15146993 postfix/smtp[5405]: warning: malformed domain name in resource data of MX record for yahoo.net:
Jul 14 13:01:48 p15146993 postfix/smtp[640]: warning: no MX host for southport.net has a valid A record
Jul 14 13:01:50 p15146993 postfix/smtp[653]: warning: no MX host for inventorscouncilofcanton.org has a valid A record
Jul 14 13:01:52 p15146993 postfix/smtp[8787]: warning: no MX host for tecweb.com has a valid A record
Jul 14 13:01:56 p15146993 postfix/smtp[9154]: warning: numeric domain name in resource data of MX record for guitarra.biz: 64.202.167.73
Jul 14 13:01:59 p15146993 postfix/smtp[573]: warning: valid_hostname: empty hostname
Jul 14 13:01:59 p15146993 postfix/smtp[573]: warning: malformed domain name in resource data of MX record for yahooo.com:
Jul 14 13:02:03 p15146993 postfix/smtp[9909]: warning: valid_hostname: empty hostname
Jul 14 13:02:03 p15146993 postfix/smtp[9909]: warning: malformed domain name in resource data of MX record for yahooo.com:
Jul 14 13:02:03 p15146993 postfix/smtp[640]: warning: no MX host for thelighthousepro.com has a valid A record
Jul 14 13:02:05 p15146993 postfix/smtp[640]: warning: no MX host for gciglobal.com has a valid A record
Jul 14 13:02:11 p15146993 postfix/smtp[9935]: warning: no MX host for e3mil.com has a valid A record
Jul 14 13:02:12 p15146993 postfix/smtp[5405]: warning: no MX host for prodigy.com has a valid A record
Jul 14 13:02:54 p15146993 postfix/smtp[9910]: warning: valid_hostname: empty hostname
Jul 14 13:02:54 p15146993 postfix/smtp[9910]: warning: malformed domain name in resource data of MX record for olyahoo.com:
Jul 14 13:04:58 p15146993 postfix/smtp[8060]: warning: no MX host for prodigy.com has a valid A record
Jul 14 13:04:59 p15146993 postfix/smtp[8145]: warning: no MX host for shadow.net has a valid A record
Jul 14 13:05:17 p15146993 postfix/smtp[8604]: warning: valid_hostname: empty hostname
Jul 14 13:05:17 p15146993 postfix/smtp[8604]: warning: malformed domain name in resource data of MX record for altavista.co.uk:
Jul 14 13:05:51 p15146993 postfix/smtp[7751]: warning: no MX host for nthost.com has a valid A record
Jul 14 13:06:38 p15146993 postfix/smtp[5405]: warning: no MX host for idsweb.com has a valid A record
Jul 14 13:08:11 p15146993 postfix/smtp[9323]: warning: no MX host for dac.net has a valid A record
Jul 14 13:08:23 p15146993 postfix/smtp[9908]: warning: no MX host for prescotian.co.uk has a valid A record
Jul 14 13:08:25 p15146993 postfix/smtp[9906]: warning: valid_hostname: empty hostname
Jul 14 13:08:25 p15146993 postfix/smtp[9906]: warning: malformed domain name in resource data of MX record for angelfire.com:
Jul 14 13:08:26 p15146993 postfix/smtpd[10520]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 13:08:26 p15146993 postfix/smtpd[10520]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 13:08:26 p15146993 postfix/smtpd[10520]: warning: database /etc/postfix/relocated.db is older than source file /etc/postfix/relocated
Jul 14 13:08:27 p15146993 postfix/smtpd[10520]: warning: database /etc/postfix/access.db is older than source file /etc/postfix/access
Jul 14 13:08:44 p15146993 postfix/smtp[9913]: warning: valid_hostname: empty hostname
Jul 14 13:08:44 p15146993 postfix/smtp[9913]: warning: malformed domain name in resource data of MX record for hotmil.com:
Jul 14 13:08:45 p15146993 postfix/smtp[9913]: warning: no MX host for sbox.org has a valid A record
Jul 14 13:09:02 p15146993 postfix/smtp[7751]: warning: no MX host for mindsprin.com has a valid A record
Jul 14 13:09:24 p15146993 postfix/smtp[9909]: warning: no MX host for altavista.com has a valid A record
Jul 14 13:09:57 p15146993 postfix/smtp[9289]: warning: no MX host for southport.net has a valid A record
Jul 14 13:11:15 p15146993 postfix/smtpd[10886]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 13:11:15 p15146993 postfix/smtpd[10886]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 13:11:15 p15146993 postfix/smtpd[10886]: warning: database /etc/postfix/relocated.db is older than source file /etc/postfix/relocated
Jul 14 13:11:15 p15146993 postfix/smtpd[10886]: warning: database /etc/postfix/access.db is older than source file /etc/postfix/access
Jul 14 13:11:20 p15146993 postfix/smtp[8559]: warning: no MX host for ssbn645.com has a valid A record
Jul 14 13:11:30 p15146993 postfix/smtp[635]: warning: no MX host for yap.net has a valid A record
Jul 14 13:11:37 p15146993 postfix/smtp[650]: warning: no MX host for urosolutions.com has a valid A record
Jul 14 13:11:58 p15146993 postfix/smtp[9913]: warning: valid_hostname: empty hostname
Jul 14 13:11:58 p15146993 postfix/smtp[9913]: warning: malformed domain name in resource data of MX record for ahoo.com:
Jul 14 13:12:21 p15146993 postfix/cleanup[10997]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 13:12:21 p15146993 postfix/cleanup[10997]: warning: database /etc/postfix/sender_canonical.db is older than source file /etc/postfix/sender_canonical
Jul 14 13:12:21 p15146993 postfix/cleanup[10997]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 13:12:21 p15146993 postfix/smtpd[10998]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 13:12:21 p15146993 postfix/smtpd[10998]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 13:12:21 p15146993 postfix/smtpd[10998]: warning: database /etc/postfix/relocated.db is older than source file /etc/postfix/relocated
Jul 14 13:12:21 p15146993 postfix/smtpd[10998]: warning: database /etc/postfix/access.db is older than source file /etc/postfix/access
Jul 14 13:12:23 p15146993 postfix/smtp[8559]: warning: no MX host for net-serve.com has a valid A record
Jul 14 13:12:25 p15146993 postfix/cleanup[11005]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 13:12:25 p15146993 postfix/cleanup[11005]: warning: database /etc/postfix/sender_canonical.db is older than source file /etc/postfix/sender_canonical
Jul 14 13:12:25 p15146993 postfix/cleanup[11005]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 13:12:25 p15146993 postfix/smtp[8559]: warning: valid_hostname: empty hostname
Jul 14 13:12:25 p15146993 postfix/smtp[8559]: warning: malformed domain name in resource data of MX record for sbcyahoo.com:
Jul 14 13:12:30 p15146993 postfix/smtpd[11013]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 13:12:30 p15146993 postfix/smtpd[11013]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 13:12:30 p15146993 postfix/smtpd[11013]: warning: database /etc/postfix/relocated.db is older than source file /etc/postfix/relocated
Jul 14 13:12:30 p15146993 postfix/smtpd[11013]: warning: database /etc/postfix/access.db is older than source file /etc/postfix/access
Jul 14 13:12:33 p15146993 postfix/smtp[8581]: warning: no MX host for auburn.net has a valid A record
Jul 14 13:14:32 p15146993 postfix/smtp[9323]: warning: no MX host for hty.com has a valid A record
Jul 14 13:14:48 p15146993 postfix/smtp[650]: warning: no MX host for nscs.com has a valid A record
Jul 14 13:15:01 p15146993 postfix/smtp[8787]: warning: no MX host for wizard.com has a valid A record
Jul 14 13:15:34 p15146993 postfix/smtp[7985]: warning: no MX host for holistictherapy.com has a valid A record
Jul 14 13:15:36 p15146993 postfix/smtp[7985]: warning: no MX host for itter.net has a valid A record
Jul 14 13:15:40 p15146993 postfix/smtp[9906]: warning: valid_hostname: empty hostname
Jul 14 13:15:40 p15146993 postfix/smtp[9906]: warning: malformed domain name in resource data of MX record for ytahoo.com:
Jul 14 13:15:52 p15146993 postfix/smtpd[11401]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 13:15:52 p15146993 postfix/smtpd[11401]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 13:15:52 p15146993 postfix/smtpd[11401]: warning: database /etc/postfix/relocated.db is older than source file /etc/postfix/relocated
Jul 14 13:15:53 p15146993 postfix/smtpd[11401]: warning: database /etc/postfix/access.db is older than source file /etc/postfix/access
Jul 14 13:15:53 p15146993 postfix/cleanup[11402]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 13:15:53 p15146993 postfix/cleanup[11402]: warning: database /etc/postfix/sender_canonical.db is older than source file /etc/postfix/sender_canonical
Jul 14 13:15:53 p15146993 postfix/cleanup[11402]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 13:16:03 p15146993 postfix/smtp[9913]: warning: numeric domain name in resource data of MX record for haoo.com: 10.0.0.2
Jul 14 13:16:04 p15146993 postfix/cleanup[11436]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 13:16:04 p15146993 postfix/cleanup[11436]: warning: database /etc/postfix/sender_canonical.db is older than source file /etc/postfix/sender_canonical
Jul 14 13:16:04 p15146993 postfix/cleanup[11436]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 13:16:04 p15146993 postfix/smtpd[11437]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 13:16:04 p15146993 postfix/smtpd[11437]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 13:16:04 p15146993 postfix/smtpd[11437]: warning: database /etc/postfix/relocated.db is older than source file /etc/postfix/relocated
Jul 14 13:16:04 p15146993 postfix/smtpd[11437]: warning: database /etc/postfix/access.db is older than source file /etc/postfix/access
Jul 14 13:16:10 p15146993 postfix/smtp[657]: warning: valid_hostname: empty hostname
Jul 14 13:16:10 p15146993 postfix/smtp[657]: warning: malformed domain name in resource data of MX record for yahool.com:
Jul 14 13:16:21 p15146993 postfix/smtpd[11467]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 13:16:21 p15146993 postfix/smtpd[11467]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 13:16:21 p15146993 postfix/smtpd[11467]: warning: database /etc/postfix/relocated.db is older than source file /etc/postfix/relocated
Jul 14 13:16:21 p15146993 postfix/smtpd[11467]: warning: database /etc/postfix/access.db is older than source file /etc/postfix/access
Jul 14 13:16:23 p15146993 postfix/smtpd[11474]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 13:16:23 p15146993 postfix/smtpd[11474]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 13:16:23 p15146993 postfix/smtpd[11474]: warning: database /etc/postfix/relocated.db is older than source file /etc/postfix/relocated
Jul 14 13:16:23 p15146993 postfix/smtpd[11474]: warning: database /etc/postfix/access.db is older than source file /etc/postfix/access
Jul 14 13:16:30 p15146993 postfix/smtp[7985]: warning: no MX host for comsys.net has a valid A record
Jul 14 13:16:32 p15146993 postfix/smtpd[11488]: warning: database /etc/postfix/canonical.db is older than source file /etc/postfix/canonical
Jul 14 13:16:32 p15146993 postfix/smtpd[11488]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Jul 14 13:16:32 p15146993 postfix/smtpd[11488]: warning: database /etc/postfix/relocated.db is older than source file /etc/postfix/relocated
Jul 14 13:16:32 p15146993 postfix/smtpd[11488]: warning: database /etc/postfix/access.db is older than source file /etc/postfix/access
Jul 14 13:16:58 p15146993 postfix/smtp[10749]: warning: no MX host for asinow.com has a valid A record
Jul 14 13:17:53 p15146993 postfix/smtp[7163]: warning: numeric domain name in resource data of MX record for quitsmokeless.biz: 64.202.167.73
Jul 14 13:17:57 p15146993 postfix/smtp[9908]: warning: valid_hostname: empty hostname
Jul 14 13:17:57 p15146993 postfix/smtp[9908]: warning: malformed domain name in resource data of MX record for yahoo.net:
Jul 14 13:17:58 p15146993 postfix/smtp[8604]: warning: no MX host for inweb.net has a valid A record
Jul 14 13:18:18 p15146993 postfix/cleanup[9530]: warning: ACA762B433E: queue file size limit exceeded
Jul 14 13:18:18 p15146993 postfix/cleanup[9530]: warning: ACA762B433E: skipping further client input
Jul 14 13:18:42 p15146993 postfix/smtp[569]: warning: no MX host for soark.net has a valid A record
Jul 14 13:19:36 p15146993 postfix/smtp[634]: warning: no MX host for leveille.net has a valid A record
Jul 14 13:19:36 p15146993 postfix/smtp[634]: warning: valid_hostname: empty hostname
Jul 14 13:19:36 p15146993 postfix/smtp[634]: warning: malformed domain name in resource data of MX record for altavista.co.uk:
Jul 14 13:20:01 p15146993 postfix/smtp[7985]: warning: valid_hostname: empty hostname
Jul 14 13:20:01 p15146993 postfix/smtp[7985]: warning: malformed domain name in resource data of MX record for yhoo.com:
Jul 14 13:20:35 p15146993 postfix/smtp[8580]: warning: no MX host for obox.net has a valid A record
Jul 14 13:20:39 p15146993 postfix/smtp[8581]: warning: numeric domain name in resource data of MX record for netwala.com: 10.0.0.2
Jul 14 13:20:58 p15146993 postfix/smtp[7942]: warning: no MX host for exite.com has a valid A record
Jul 14 13:20:59 p15146993 postfix/smtp[7942]: warning: valid_hostname: empty hostname
Jul 14 13:20:59 p15146993 postfix/smtp[7942]: warning: malformed domain name in resource data of MX record for altavista.fr:
Jul 14 13:20:59 p15146993 postfix/smtp[7942]: warning: valid_hostname: empty hostname
Jul 14 13:20:59 p15146993 postfix/smtp[7942]: warning: malformed domain name in resource data of MX record for yahoo.ch:
Jul 14 13:20:59 p15146993 postfix/smtp[7942]: warning: no MX host for suero.com has a valid A record
Jul 14 13:21:01 p15146993 postfix/smtp[7942]: warning: numeric domain name in resource data of MX record for tyrell.net: 209.153.112.254
Jul 14 13:21:02 p15146993 postfix/smtp[8090]: warning: no MX host for floatingplanet.com has a valid A record
Jul 14 13:21:13 p15146993 postfix/smtp[640]: warning: no MX host for access2k1.net has a valid A record
Jul 14 13:22:19 p15146993 postfix/smtp[581]: warning: no MX host for nthost.com has a valid A record
Jul 14 13:22:50 p15146993 postfix/smtp[569]: warning: no MX host for dac.net has a valid A record
Jul 14 13:22:51 p15146993 postfix/smtp[569]: warning: valid_hostname: empty hostname
Jul 14 13:22:51 p15146993 postfix/smtp[569]: warning: malformed domain name in resource data of MX record for angelfire.com:
Jul 14 13:22:55 p15146993 postfix/smtp[9905]: warning: no MX host for sbox.org has a valid A record
Jul 14 13:22:56 p15146993 postfix/smtp[9905]: warning: no MX host for mindsprin.com has a valid A record
Jul 14 13:23:16 p15146993 postfix/smtp[7985]: warning: valid_hostname: empty hostname
Jul 14 13:23:16 p15146993 postfix/smtp[7985]: warning: malformed domain name in resource data of MX record for sbcyahoo.com:
Jul 14 13:23:21 p15146993 postfix/smtp[9909]: warning: no MX host for nscs.com has a valid A record
Jul 14 13:23:22 p15146993 postfix/smtp[10749]: warning: no MX host for wizard.com has a valid A record
Jul 14 13:23:22 p15146993 postfix/smtp[9909]: warning: no MX host for holistictherapy.com has a valid A record
Jul 14 13:25:01 p15146993 postfix/smtp[662]: warning: no MX host for rifenberg.com has a valid A record
Jul 14 13:25:01 p15146993 postfix/smtp[9909]: warning: no MX host for smail.org has a valid A record
Jul 14 13:25:01 p15146993 postfix/smtp[573]: warning: no MX host for demulder.net has a valid A record
Jul 14 13:25:05 p15146993 postfix/smtp[9154]: warning: no MX host for smail.org has a valid A record
Jul 14 13:25:06 p15146993 postfix/smtp[9909]: warning: no MX host for oal.com has a valid A record
Jul 14 13:25:09 p15146993 postfix/smtp[6732]: warning: no MX host for emu-birds.com has a valid A record
Jul 14 13:25:14 p15146993 postfix/smtp[12999]: warning: no MX host for access2k1.net has a valid A record
Jul 14 13:25:20 p15146993 postfix/smtp[8090]: warning: no MX host for mial.com has a valid A record
Jul 14 13:25:20 p15146993 postfix/smtp[9915]: warning: no MX host for jaxnet.com has a valid A record
Jul 14 13:25:25 p15146993 postfix/smtp[9303]: warning: valid_hostname: empty hostname
Jul 14 13:25:25 p15146993 postfix/smtp[9303]: warning: malformed domain name in resource data of MX record for yuahoo.com:
Jul 14 13:25:26 p15146993 postfix/smtp[9303]: warning: no MX host for mail.bip.net has a valid A record
Jul 14 13:25:28 p15146993 postfix/smtp[9915]: warning: no MX host for demulder.net has a valid A record
Jul 14 13:25:28 p15146993 postfix/smtp[9915]: warning: no MX host for mediaone.net has a valid A record
Jul 14 13:25:34 p15146993 postfix/smtp[9323]: warning: valid_hostname: empty hostname
Jul 14 13:25:34 p15146993 postfix/smtp[9323]: warning: malformed domain name in resource data of MX record for ahoo.com:
Jul 14 13:25:38 p15146993 postfix/smtp[9323]: warning: no MX host for huricane.net has a valid A record
Jul 14 13:25:42 p15146993 postfix/smtp[635]: warning: valid_hostname: empty hostname
Jul 14 13:25:42 p15146993 postfix/smtp[635]: warning: malformed domain name in resource data of MX record for yahool.com:
Jul 14 13:25:42 p15146993 postfix/smtp[635]: warning: no MX host for adalink.net has a valid A record
Jul 14 13:25:50 p15146993 postfix/smtp[13104]: warning: no MX host for interpath.com has a valid A record
Jul 14 13:25:52 p15146993 postfix/smtp[13104]: warning: numeric domain name in resource data of MX record for inhe.net: 61.55.136.18
Jul 14 13:26:31 p15146993 postfix/smtp[10749]: warning: valid_hostname: empty hostname
Jul 14 13:26:31 p15146993 postfix/smtp[10749]: warning: malformed domain name in resource data of MX record for yhoo.com:
Jul 14 13:28:22 p15146993 postfix/smtp[7942]: warning: no MX host for mediaone.net has a valid A record
Jul 14 13:28:24 p15146993 postfix/smtp[9906]: warning: no MX host for ymail.org has a valid A record
Jul 14 13:28:25 p15146993 postfix/smtp[9905]: warning: no MX host for bet-football.com has a valid A record
Jul 14 13:28:30 p15146993 postfix/smtp[6732]: warning: valid_hostname: empty hostname
Jul 14 13:28:30 p15146993 postfix/smtp[6732]: warning: malformed domain name in resource data of MX record for yaoo.com:
Jul 14 13:28:31 p15146993 postfix/smtp[6732]: warning: numeric domain name in resource data of MX record for maytech.com: 63.73.3.20
Jul 14 13:28:52 p15146993 postfix/smtp[8554]: warning: no MX host for aeroiac.com has a valid A record
Jul 14 13:28:55 p15146993 postfix/smtp[10263]: warning: no MX host for dtgnet.com has a valid A record
Jul 14 13:28:56 p15146993 postfix/smtp[10263]: warning: no MX host for oal.com has a valid A record
Jul 14 13:28:56 p15146993 postfix/smtp[10263]: warning: no MX host for directweb.com has a valid A record
Jul 14 13:29:23 p15146993 postfix/smtp[9905]: warning: valid_hostname: empty hostname
Jul 14 13:29:23 p15146993 postfix/smtp[9905]: warning: malformed domain name in resource data of MX record for yayhoo.com:
Jul 14 13:29:24 p15146993 postfix/smtp[9905]: warning: no MX host for airlinetraining.net has a valid A record
*****************************************************************

Bitte ich brauche eure Hilfe 1 und 1 haben leider keine ahnung.

Gruss
Akhtar

[wgot]

Hallo,

habe einen Hacker und spammer auf meinen Confrixx 2.0

mal sehen :P

Wenn das Confixx ein 2.0 ist, wie alt ist dann der Rest? Regelmäßige Updates durchgeführt?

Linux 8.0 server.

So weit sind wir noch nicht, Linux 2.6.17.4 ist aktuell. :lol:

Aber ich hab schon verstanden was Du meinst, Suse 8.0. Update auf 9.x oder 10.x dringend empfohlen weil es für 8.x schon lange keine Updates zur automatischen Installation mehr gibt.

Diese sendet und empfängt keine emails mehr.
Jul 14 00:16:15 p15146993 postfix/qmgr[601]: D435B2D0FB1: from=<wwwrun@p15146993.pureserver.info>, size=2360, nrcpt=1 (queue active)

Doch, leider schon, sogar in der Zukunft. :roll:

Was kann ich machen tun?

Für's erste dafür sorgen daß er wirklich keine Mails mehr versendet:

Code: Select all

rcpostfix stop

Bei ernsthaften Verdacht auf Hackereinbruch (von dem ich nicht ausgehe) die ganze Kiste abschalten:

Code: Select all

shutdown -h now

Der Spam wird von wwwrun verschickt, was hast Du an PHP-Skriptpaketen (php*, *nuke, *gallery usw) installiert? Wann zuletzt geupdated?

Jul 14 12:50:13 p15146993 sshd[8108]: Accepted password for root from 87.106.9.121 port 51492 ssh2

Diese Zeilen suchen, und überlegen ob Du zu den angegebenen Zeiten Dich als root angemeldet hast. Aber vorher mit date die Serveruhr abfragen, die scheint vorzugehen und die Einlogzeiten umrechnen.

... is older than source file ...

läßt sich einfach beheben:

Code: Select all

cd /etc/postfix
postmap canonical
postmap virtual
postmap access
postmap relocated
rcpostfix restart

Offensichtlich wird fleißig gespamt, ziemlich sicher über ein PHP-Script. Nach Hacker sehen die Logs nicht aus.

Bitte ich brauche eure Hilfe $provider haben leider keine ahnung.

Ich glaube nicht daß die keine Ahnung haben, die sind eher der Meinung es ist Dein Server und Dein Problem.

Reine Neugierde: wie hast Du dieses Forum gefunden?

Gruß, Wolfgang

[dilbar]

Hallo noch mal,

danke für die antwort habe einiges schon durch geführt.
Leider habei ch keine PHPS in der letzten zeit hoch geladen aber ich habe vor jetzt den Antivir zu intallieren.

Der server ist sehr sehr alt und der Admin hat vergessen Ihn upzudaten!!!!

Weis jemand wie mal antivir Installiert und anwendet?

Gruss
Dilbar

Danke noch mal für eure Hilfe

Ach ja diese webseite habe ich vom Google aus gefunden musste nur root server angeben.

[wgot]

Hallo,

spar Dir die Mühe mit Antivir, Du mußt feststellen wie der Spammer den Spam versendet und das Loch beseitigen.

Ob der Server alt ist is egal, die Software muß aktuell sein.

Zeig mal die Apachelogs, da kann man sehen ob der Spam über PHP versandt wird.

Gruß, Wolfgang

[caput]

(ot) Mir schwillt grade extrem die Halsschlagader an, wenn ich sehe das die Kiste immernoch läuft, nachdem _15 Stunden_ zuvor festgestellt wurde, dass das Ding als Spamschleuder läuft. Ansonsten..

Warum sollte ich nach einem erfolgreichen Angriff mein Systems neu aufsetzen lassen?
http://www.rootforum.org/faq/14_183_de.html

Vorgehensweise bei gecracktem Server
http://www.rootforum.org/faq/14_104_de.html

Und bitte gleichzeitig einen fähigen Admin beauftragen, der dieses Ding bändigt.. :x [/flame] Close please..

[dilbar]

Hallo Nochmal.

*********************error.log*****************
[Fri Jul 14 15:55:25 2006] [error] [client 80.132.246.115] File does not exist: /home/www/web14/html/favicon.ico
[Fri Jul 14 15:55:25 2006] [error] [client 194.32.215.11] File does not exist: /home/www/web11/html/main/lage/images/nav_information_over.gif
[Fri Jul 14 15:55:48 2006] [error] [client 62.242.98.183] File does not exist: /home/www/web14/html/Microsoft/1024-768/Schwedisch/index.htm
[Fri Jul 14 15:55:49 2006] [error] [client 62.242.98.183] File does not exist: /home/www/web14/html/UntitledFrame-1
[Fri Jul 14 15:55:49 2006] [error] [client 62.242.98.183] File does not exist: /home/www/web14/html/UntitledFrame-2
[Fri Jul 14 15:55:50 2006] [error] [client 141.41.29.142] File does not exist: /home/www/web14/html/favicon.ico
[Fri Jul 14 15:55:54 2006] [error] [client 141.41.29.142] File does not exist: /home/www/web14/html/favicon.ico
[Fri Jul 14 15:55:54 2006] [error] [client 141.41.29.142] File does not exist: /home/www/web14/html/favicon.ico
[Fri Jul 14 15:56:01 2006] [error] [client 141.41.29.142] File does not exist: /home/www/web14/html/favicon.ico
[Fri Jul 14 15:56:06 2006] [error] [client 217.85.199.210] File does not exist: /home/www/web10/html/favicon.ico
[Fri Jul 14 15:56:25 2006] [error] [client 141.41.29.142] File does not exist: /home/www/web14/html/favicon.ico
[Fri Jul 14 15:57:05 2006] [error] [client 217.85.199.210] File does not exist: /home/www/web10/html/de/images_main/nav_season_over.gif
[Fri Jul 14 15:57:13 2006] [error] [client 85.16.38.195] File does not exist: /home/www/web10/html/favicon.ico
[Fri Jul 14 15:57:18 2006] [error] [client 217.252.51.118] Directory index forbidden by rule: /home/www/web4/html/Vier-Jahreszeiten/travemuende/
[Fri Jul 14 15:57:37 2006] [error] [client 81.62.30.61] File does not exist: /home/www/web14/html/UntitledFrame-1
[Fri Jul 14 15:57:37 2006] [error] [client 81.62.30.61] File does not exist: /home/www/web14/html/UntitledFrame-2
[Fri Jul 14 15:57:39 2006] [error] [client 81.62.30.61] File does not exist: /home/www/web14/html/favicon.ico
[Fri Jul 14 15:57:41 2006] [error] [client 194.32.215.11] File does not exist: /home/www/web11/html/main/lage/images/nav_information_over.gif
[Fri Jul 14 15:57:41 2006] [error] [client 85.16.38.195] File does not exist: /home/www/web10/html/de/zimmer/images/head_hotel_over.gif
[Fri Jul 14 15:57:45 2006] [error] [client 81.62.30.61] File does not exist: /home/www/web14/html/favicon.ico
[Fri Jul 14 15:57:45 2006] [error] [client 81.62.30.61] File does not exist: /home/www/web14/html/favicon.ico
[Fri Jul 14 15:58:12 2006] [error] [client 217.83.86.74] File does not exist: /home/www/web11/html/main/lage/images/nav_information_over.gif
[Fri Jul 14 15:58:29 2006] [error] [client 217.83.86.74] File does not exist: /home/www/web11/html/main/lage/images/nav_information_over.gif
[Fri Jul 14 15:58:40 2006] [error] [client 81.116.65.252] Directory index forbidden by rule: /home/www/web14/html/demiurg/Contentlisten/Pics/
******************************************************************

gruss
Aurang

[dilbar]

Hallo Caput,

Du bist ja nett. Leider kann ich den Server mit 40 Kunden nicht absschalten da die webseiten so nicht mehr erreichbar wären.
Ich muss so eine lösung finden das dins sicher zu machen.

Gruss
Dilbar

Bitte nur beitrege die mir helfen und nicht noch mehr zur verzweifelung führen!

[flo]

Du bist ja nett. Leider kann ich den Server mit 40 Kunden nicht absschalten da die webseiten so nicht mehr erreichbar wären.

Doch. Kannst Du und mußt Du - Du betreibst den Server und Du bist dafür verantwortlich, es sei denn einer Deiner Kunden wartet sein Zeug selber und hat damit die Probleme verursacht. Aber es wäre Deine Aufgabe gewesen, so etwas zu verhindern.[/quote]

Ich muss so eine lösung finden das dins sicher zu machen.

Fahr den Maildienst runter - komplett! Dann als Zwischenlösung kannst Du ja mal per chkrootkit oder rkhunter nach einem Rootkit suchen, wenn dann nicht drauf sein wollte, kann es durchaus sein, daß das nur Schlampigkeit bei der Softwarewartung war und nach Entfernen des Scriptes das Problem behoben ist.

Trotzdem solltest Du auf ein aktuelles Release wechseln und Dir auch Gedanken um die Sicherheit des Rechners machen.

flo.

[rootsvr]

<flame on>
Das sind die besten:
Keine Ahnung vom Server, nach ner schnellen Lösung schreien, Forenregeln nicht lesen, im falschen Bereich posten, spammende Kiste weiterlaufen lassen, Verantwortlichkeit auf (ehemaligen) Admin abschieben wollen, zahlende Kunden haben und keinen Plan von Sicherheit im Netz, statt der access.log die error.log posten (da sieht man nicht woher gespammt wurde) .. .. hab ich was vergessen?
<flame off>

Abschalten, schuldigen finden, Komplettupdate (alle Boards, Blog, Mambos usw. OS Upgrade) machen und für die Zukunft nen vernünftigen Admin beschäftigen. Kann man solche Leute eigentlich anzeigen? ich meine der spammt ja die Welt zu.. wäre Lustig wenn dire grünen vor der Tür stehen, dann merkt er Computersicherheit ist kein 'ach mir egal'

[flo]

im falschen Bereich posten .. .. hab ich was vergessen?

Nein - aber ich ;-)

flo.

[elch_mg]

Nein - aber ich ;-)

was denn? Richtung "Unerwünschtes" verschieben?


musste jetzt sein.. ist ja nicht auszuhalten.

[flo]

nein, in die "Sicherheitsrelevanten Themen" - Confixx ist ja unschuldig und hat auch nicht allzuviel damit zu tun.

EDIT: Es tut sich was ... :-)

Code: Select all

telnet p15146993.pureserver.info 25
Trying 217.160.177.20...
telnet: connect to address 217.160.177.20: Connection refused
telnet: Unable to connect to remote host

flo.

[wgot]

Hallo,

Leider kann ich den Server mit 40 Kunden nicht absschalten

leider muß ich den Bus mit defekten Bremsen weiterfahren, sind 40 Fahrgäste drin. Möchtest Du drinsitzen oder auf der gleichen Straße fahren?

Falls der Server gehackt wurde sind auch die Daten der Kunden in Gefahr, die freuen sich ganz bestimmt wenn ihre selbstgeschriebenen Scripts demnächst als Freeware zum Download bereitstehen oder ihre vertraulichen Daten aus der Datenbank irgendwo öffentlich zu lesen sind.

Aus den Infos und Logs die Du bisher gegeben hast kann ich keinen Hackereinbruch erkennen, allerdings eine sehr große Wahrscheinlichkeit daß ein solcher nicht mehr lange auf sich warten läßt. Woran glaubst Du zu erkennen daß ein Hack vorliegt?

Ich muss so eine lösung finden das dins sicher zu machen.

Daten sichern, plattmachen, über Providermenü Neuinstallation auslösen, frisch einrichten, bei mindestens drei Jahre alter Software die vermutlich nie an einem Update auch nur gerochen hat die einzige Lösung.

Da Kunden auf dem Server sind ist die Wahrscheinlichkeit sehr groß, daß irgendeiner von den Kunden ein PHP-Paket im Einsatz hat und nicht sorgfältig genug geupdated. Dieses muß man finden (Datenschutz und Verträge beachten) und mit dem Kunden en ernstes Wörtchen reden. Sonst macht nicht einmal die Neuinstallation viel Sinn, weil's danach weitergeht.

Gruß, Wolfgang

[-ec-]

Linux 8.0 server.

Wo kriegt man den?

Was kann ich machen tun?

Deutsch lernen? machen tun... ist ja gruselig :P
Also, mach den Server platt, installier was gescheites (besser: LASS es installieren..). Und eventuell solltest du mal nen paar Buecher bezueglich der Sicherheit lesen. Auch wenn das Ding nicht gehackt wurde, wird mir bei sowas ganz anders:

Bitte ich brauche eure Hilfe 1 und 1 haben leider keine ahnung.

Wer da wohl keine Ahnung hat, solche Konzerne haben in der Regel total unfaehige Admins, vllt. solltest du dich da mal bewerben, die freuen sich bestimmt wenn sie endlich mal faehige Leute kriegen. :twisted:

aber ich habe vor jetzt den Antivir zu intallieren.

jap, wenn jmd. meinen server kompromittieren wuerde, wuerde ich auch nen virenscanner isntallieren, dann haut er bestimmt ab(falls die kiste ueberhaupt kompromittiert wurde, aber du behauptest das ja..)...

Der server ist sehr sehr alt und der Admin hat vergessen Ihn upzudaten!!!!

Hast du nen managed Server bestellt, oder nen normalen rootserer? Falls du wirklich dafuer bezahlst dass da einer aufpasst, wuerde ich den typen verklagen.. Obwohl, Linux 8, ich wusste nicht das es das gibt, vllt. haben die typen ja doch was drauf


MfG -ec-

[sledge0303]

Lasst mal, ich habe seit gestern einen viel besseren Kunden als den anfragenden OP.

Er wunderte sich über hohen Traffic, übermäßigen load...und und und...

Komplettes Webroot Verzeichnis hatte die rekursive Berechtigung 777 (machte sich gut für Leute die Pornofilmchen darüber geshared hatten), offenes Relay und zu guter letzt suexec hatte die "Gruppenrechte" nobody:nogroup
Aber eine grosse Klappe weil Strato geschrieben hatte, er sei für die Wartung verantwortlich ... ](*,)

Naja, so hatte Papi abends wenigstens was zu gucken gehabt :oops:

[debianneuling]

Ob der Server alt ist is egal

Naja, wenn da noch ein SUSE 8.0 drauf läuft würd ich persönlich ja schonmal die Hardware austauschen. Also neuen (administrierten)Server bestellen, von dem aus die wichtigen Dateien soweit kompatibel per SCP holen und DNS umstellen. Fertig.

[semaphore]

@dilbar

In der Newsgroup news.admin.net-abuse.sightings ist dein Server schon bekannt [-X

Gruß,

Sem

[lord_pinhead]

Ich glaub ich schalt das Sicherheitsforum einfach auf mein TV um, das is viel unterhaltsamer als alles was im TV läuft :D

@Sledge
Ja sowas is immer witzig, vor allem wenn man dann noch genug Traffic frei hat um die Filme selbst zu ziehen *G* Manchmal schon unglaublich was manche Leute produzieren ;)

[khark]

BTW: Die Kiste läuft wieder.

[flo]

@Sledge
Ja sowas is immer witzig, vor allem wenn man dann noch genug Traffic frei hat um die Filme selbst zu ziehen *G* Manchmal schon unglaublich was manche Leute produzieren ;)

Seid Ihr eklig ;-)

[semaphore]

@dilbar

Bitte schau nochmal nach dem Server. Gestern lief immernoch SPAM über deinen Server:

http://psbl.surriel.com/evidence?ip=217 ... k+evidence

Gruß,

Sem

[danu]

...noch keine Abmahnung vom ISP ?

[daemotron]

Erstaunlich, dass der Server erst auf 2 MAPS-Listen geblockt wird...
http://www.dnsstuff.com/tools/ip4r.ch?ip=217.160.177.20

[EDIT] 2006-07-16 23:08 - Die Kiste läuft immer noch! Postfix spricht mit mir über Telnet, und der Apache (1.3.26, Patchlevel unbekannt) serviert immer noch ungeniert einen Haufen PHP-Kontaktformulare. Welches davon sich jetzt zum Versenden von Spam missbrauchen lässt, hab ich jetzt allerdings nicht mehr probiert...

[semaphore]

Erstaunlich, dass der Server erst auf 2 MAPS-Listen geblockt wird...
http://www.dnsstuff.com/tools/ip4r.ch?ip=217.160.177.20

Jo, SPAMCOP reicht aber schon :roll:

Gruß,

Sem

[sledge0303]

@Sledge
Ja sowas is immer witzig, vor allem wenn man dann noch genug Traffic frei hat um die Filme selbst zu ziehen *G* Manchmal schon unglaublich was manche Leute produzieren ;)

Etwa 7-8 TB Traffic hat das Teil zwischen 17.06.-10.07. produziert!
Frei hat er lediglich 2, nächste Woche müsste die Rechnung eintrudeln... :D
Keine Sorge, ich hab mir über SSH ein kleines Filmchen zum "testen" rübergeschoben, knappe 300MB only.
Trafficbegrenzung war natürlich auf 0 (unbegrenzt)
Naja, jetzt weiss er WARUM man Gruppenrechte statt 777 setzen muss, wieso ein OpenRelay vermieden werden sollte und es hätten ja auch etwas illegalere Filmchen geshared werden können...
Wenn man nicht hören will vorher muss man anschließend den Geldbeutel weeeiiitttt öffnen.
Naja, solche Leute bringen das Geld für kleinere Firmen wie meine ein ;)