My FC3 machine appears to be compromised, please help

Bob Brennan rbrennan96 at gmail.com
Thu Apr 6 16:55:06 UTC 2006 

On 4/6/06, Les Mikesell <lesmikesell at gmail.com> wrote:
> On Thu, 2006-04-06 at 10:33, Bob Brennan wrote:
> > >
> > > ;; QUESTION SECTION:
> > > ;thebrennan.net.                        IN      MX
> > >
> > > ;; ANSWER SECTION:
> > > thebrennan.net.  2400    IN      MX      0 mail.mi-server.net.
> > > thebrennan.net.  2400    IN      MX      10 mx1.sitelutions.com.
> > > thebrennan.net.  2400    IN      MX      20 mx2.sitelutions.com.
>
> > Thanks for that Les. The mail.mi-server.net is the same IP as all of
> > my domains, I just use it as a generic pointer in case I chop and/or
> > change other names. Sitelutions is a mail backup service that is
> > hopefully gathering and saving my email as we speak, well worth the
> > $1.50/month because even though my FC3 system is fairly watertight
> > there is no telling how, why, or for how long some lowlife has
> > compromised Demon's nameservers.
>
> But any mail being sent to you right now should be going to:
> ;; QUESTION SECTION:
> ;mail.mi-server.net.            IN      A
>
> ;; ANSWER SECTION:
> mail.mi-server.net.     2385    IN      A       83.104.235.34
>
> as long as it answers, regardless of any CNAME oddities.  Mail
> will always use the MX record.  I think your real issue is
> only that your server doesn't know its own name which you
> can fix as I mentioned in the last message.
>
> --
>  Les Mikesell
>   lesmikesell at gmail.com

Hi Les,

In your previous email you said "You can override that on the inbound
side by providing all the domain names it should accept in the
/etc/mail/local-host-names" which is the way my server has always been
set up. It was only this morning that 2 CNAME entries were added to
the records of the domains I am having trouble with, to
"wc.funnel.revenuedirect.com.akadns.net" which has nothing to do with
me and I did not do it. All the domains that do not have those CNAMES
added have no trouble sending and receiving email, and haven't in
years.

I am of course open to suggestions but am at the moment waiting for
Demon to correct the hacked entries on their nameservers, if that
doesn't work - I'll be back for more help!

Thanks, bob

More information about the fedora-list mailing list