lxwfr
29/03/2015, 15h17
bon @SaTurNin, @Nowwhat, @sich: on a tous dit le strict minimum de sécurité basic.
Si kmchen ne prends pas attention !!!
Si kmchen ne prends pas attention !!!
root@ns1:~# postcat -q C9FB62ACA519
*** ENVELOPE RECORDS active/C9FB62ACA519 ***
message_size: 7073 249 1 0 7073
message_arrival_time: Tue Mar 17 20:39:35 2015
create_time: Tue Mar 17 20:39:36 2015
named_attribute: log_message_origin=local
named_attribute: trace_flags=0
sender:
original_recipient: gensinrode@hotmail.com
recipient: gensinrode@hotmail.com
*** MESSAGE CONTENTS active/C9FB62ACA519 ***
Received: by ns1.webologix.com (Postfix)
id C9FB62ACA519; Tue, 17 Mar 2015 20:39:35 +0100 (CET)
Date: Tue, 17 Mar 2015 20:39:35 +0100 (CET)
From: MAILER-DAEMON@ns1.webologix.com (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: gensinrode@hotmail.com
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="7A3F02AD3ECF.1426621175/ns1.webologix.com"
Content-Transfer-Encoding: 7bit
Message-Id: <20150317193935.C9FB62ACA519@ns1.webologix.com>
This is a MIME-encapsulated message.
--7A3F02AD3ECF.1426621175/ns1.webologix.com
Content-Description: Notification
Content-Type: text/plain; charset=us-ascii
This is the mail system at host ns1.webologix.com.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
: host
mx-biz.mail.am0.yahoodns.net[98.139.171.245] said: 550 relaying denied for
(in reply to RCPT TO command)
: host mx4.hotmail.com[207.46.8.199] said: 550
Requested action not taken: mailbox unavailable (in reply to RCPT TO
command)
--7A3F02AD3ECF.1426621175/ns1.webologix.com
Content-Description: Delivery report
Content-Type: message/delivery-status
Reporting-MTA: dns; ns1.webologix.com
X-Postfix-Queue-ID: 7A3F02AD3ECF
X-Postfix-Sender: rfc822; gensinrode@hotmail.com
Arrival-Date: Fri, 13 Mar 2015 16:59:41 +0100 (CET)
Final-Recipient: rfc822; central.accounts@uicgroup.com
Original-Recipient: rfc822;central.accounts@uicgroup.com
Action: failed
Status: 5.0.0
Remote-MTA: dns; mx-biz.mail.am0.yahoodns.net
Diagnostic-Code: smtp; 550 relaying denied for
Final-Recipient: rfc822; centralpharmacy31@hotmail.com
Original-Recipient: rfc822;centralpharmacy31@hotmail.com
Action: failed
Status: 5.0.0
Remote-MTA: dns; mx4.hotmail.com
Diagnostic-Code: smtp; 550 Requested action not taken: mailbox unavailable
--7A3F02AD3ECF.1426621175/ns1.webologix.com
Content-Description: Undelivered Message
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Return-Path:
Received: from localhost (localhost.localdomain [127.0.0.1])
by ns1.webologix.com (Postfix) with ESMTP id 7A3F02AD3ECF;
Fri, 13 Mar 2015 16:59:41 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at ns1.webologix.com
Received: from ns1.webologix.com ([127.0.0.1])
by localhost (ns1.webologix.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 2LTHLpdXxIIa; Fri, 13 Mar 2015 16:59:39 +0100 (CET)
Received: from User (unknown [204.188.195.31])
(Authenticated sender: webmaster@les-meilleurs-films.net)
by ns1.webologix.com (Postfix) with ESMTPA id 2DB382AC3DB7;
Fri, 13 Mar 2015 07:22:10 +0100 (CET)
Reply-To:
From: "Mr. Oosthuizen"
Subject: Re: Letter of Intent
Date: Thu, 12 Mar 2015 23:25:36 -0700
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20150313155941.7A3F02AD3ECF@ns1.webologix.com>
Attention:
I am Mr. Oosthuizen of I M F Head Office.
Your email appeared among the beneficiaries, who will receive a
part-payment of your contractual sum of 8. 5 Million US Dollars and
has been approved already for months. You are requested to get back to
me for more direction and instruction on how to receive your
fund. However, we received an email from one Mrs. Virgie Brown who
told us that she is your next of kin and that you died in a car
accident last week. She has also submitted her account for us to
transfer the fund to her. We want to hear from you before we can make
the transfer to confirm if you are dead or not.
Please in confirmation that you are still alive, you are advised to
reconfirm the below listed information to enable us facilitate an
immediate payment for you.
1 Your f ull names
2 Your present contact a ddress.
3 Your t elephone & Fax numbers.
4 Your O ccupations/age/sex.
5 Your Private E mail Address.
Once again, I apologize to you on behalf of I M F (International
Monetary Funds) for failure to pay your funds in time, which according
to records in the system had been long overdue.
Thanks,
Mr. Oosthuizen.
--7A3F02AD3ECF.1426621175/ns1.webologix.com--
*** HEADER EXTRACTED active/C9FB62ACA519 ***
*** MESSAGE FILE END active/C9FB62ACA519 ***
Received: from User (unknown [204.188.195.31])
(Authenticated sender: webmaster@les-meilleurs-films.net)
by ns1.webologix.com (Postfix) with ESMTPA id 2DB382AC3DB7;
Fri, 13 Mar 2015 07:22:10 +0100 (CET)
Reply-To:
En faisant un rsync --delete du site j'obtiens ces messages suspect sans que les fichiers indiqués existent:
rsync: mkstemp "/var/www/les-meilleurs-films.net/web/..buildpath.7PDT6Z" failed: Permission denied (13)
rsync: mkstemp "/var/www/les-meilleurs-films.net/web/..directory.YH2ULF" failed: Permission denied (13)
rsync: mkstemp "/var/www/les-meilleurs-films.net/web/.CHANGELOG.php.0hZWql" failed: Permission denied (13)
rsync: mkstemp "/var/www/les-meilleurs-films.net/web/.COPYRIGHT.php.BzQ050" failed: Permission denied (13)
rsync: mkstemp "/var/www/les-meilleurs-films.net/web/.INSTALL.php.9C74KG" failed: Permission denied (13)
rsync: mkstemp "/var/www/les-meilleurs-films.net/web/.LICENSE.php.gZO9pm" failed: Permission denied (13)
rsync: mkstemp "/var/www/les-meilleurs-films.net/web/.chmod777.y08e51" failed: Permission denied (13)
rsync: mkstemp "/var/www/les-meilleurs-films.net/web/.configuration.php-dist.k8KkKH" failed: Permission denied (13)
rsync: mkstemp "/var/www/les-meilleurs-films.net/web/.configuration.php.ks392200.jBNqpn" failed: Permission denied (13)
rsync: mkstemp "/var/www/les-meilleurs-films.net/web/.error.log.5gix42" failed: Permission denied (13)
rsync: mkstemp "/var/www/les-meilleurs-films.net/web/.globals.php.gT5DJI" failed: Permission denied (13)
rsync: mkstemp "/var/www/les-meilleurs-films.net/web/.images.jpeg.S6kLoo" failed: Permission denied (13)
rsync: mkstemp "/var/www/les-meilleurs-films.net/web/.index.php.emTS33" failed: Permission denied (13)
J'ai un serveur qui est piraté de façon récurrente. Jusqu'à présent j'ai toujours retrouvé des fichiers php
cat master.cf # # POSTFIX master.cf ks392200.kimsufi.com - Dec 2014 # Modified by KMC - Jan 2015 # # kmc_rc*: smtp = client == mail receiving - IPV4 #87.98.160.188:smtp inet n - - - - smtpd # -o myhostname=ns1.webologix.com # -o smtp_helo_name=ns1.webologix.com # -o syslog_name=ns1.webologix.com # -o smtpd_tls_cert_file=/root/startssl/test-domaine.fr/ssl.crt # -o smtpd_tls_key_file=/root/startssl/test-domaine.fr/ssl-decrypted.key # -o smtpd_tls_CApath=/etc/ssl/certs #kmc_acf smtp inet n - - - - smtpd pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap # kmc_rc – smtp*: server == mail sending – ipv4 #webologix_com unix - - n - - smtp # -o smtp_bind_address6=0:0:0:0:0:ffff:5762:a0bc # -o smtp_bind_address=87.98.160.188 # -o smtp_helo_name=ns1.webologix.com # -o syslog_name=webologix.com-transport # -o smtp_tls_CAfile=/root/startssl/sub.class1.server.sha2.ca.pem # -o smtp_tls_security_level=may smtp unix - - - - - smtp -o smtp_bind_address6=0:0:0:0:0:ffff:5762:a0bc -o smtp_bind_address=87.98.160.188 -o smtp_helo_name=ns1.webologix.com relay unix - - - - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} # ispconfig 3 submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject smtps inet n - - - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes #kmc_ac - Dkim signature 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks cat main.cf # # POSTFIX main.cf ks392200.kimsufi.com - Dec 2014 # Modified by KMC - Jan 2015 # smtpd_banner # myhostname # inet_interfaces # opendkim smtpd_banner = $myhostname ESMTP $mail_name biff = no append_dot_mydomain = no readme_directory = /usr/share/doc/postfix # TLS parameters smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache myhostname = ns1.webologix.com alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases myorigin = /etc/mailname mydestination = localhost, localhost.localdomain relayhost = mynetworks = 127.0.0.0/8 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + #kmc_ac- Pour limiter les interfaces où on accepte les connexions: #inet_interfaces = all inet_interfaces = 127.0.0.1, 87.98.160.188 html_directory = /usr/share/doc/postfix/html virtual_alias_domains = virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 inet_protocols = all smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf smtpd_tls_security_level = may transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = dovecot header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks owner_request_special = no smtp_tls_security_level = may smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings # kmc_ac opendkim milter_default_action = accept milter_protocol = 2 smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891