iplexx
07-23-2001, 10:24 AM
Hi,
it seems someone wants to misuse majordomo on my server.
Q: is there any known leak w/ majordomo on Raq3 & raq4?
The "attacker" is sending emails to majordomo-owner@invalidsubdomain.mydomain.com which is resulting in the error mail below, but the orginal mail is not included :(
Emails to majordomo@validsubdomain.mydomain.com are received by an administrative account, so I don't think there's a misuse possible!?
Subject: Postmaster notify: see transcript for details
Auto-Submitted: auto-generated (postmaster-notification)
----- The following addresses had permanent fatal errors -----
Majordomo-Owner@raqxyz.mydomain.com
(reason: 550 Host unknown)
----- Transcript of session follows -----
550 5.1.2 Majordomo-Owner@raqxyz.mydomain.com... Host unknown (Name server: raqxyz.mydomain.com: host not found)
Content-Type: message/delivery-status
Reporting-MTA: dns; host.mydomain.com
Arrival-Date: Sat, 21 Jul 2001 15:04:01 +0200
Final-Recipient: RFC822; Majordomo-Owner@raqxyz.mydomain.com
Action: failed
Status: 5.1.2
Remote-MTA: DNS; raqxyz.mydomain.com
Diagnostic-Code: SMTP; 550 Host unknown
Last-Attempt-Date: Sat, 21 Jul 2001 15:04:01 +0200
From: Mail Delivery Subsystem <MAILER-DAEMON>
To: raqxyz.mydomain.com
MIME-Version: 1.0
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
----- The following addresses had permanent fatal errors -----
Majordomo-Owner@raqxyz.mydomain.com
(reason: 550 Host unknown)
----- Transcript of session follows -----
550 5.1.2 Majordomo-Owner@raqxyz.mydomain.com... Host unknown (Name server: raqxyz.mydomain.com: host not found)
Reporting-MTA: dns; host.mydomain.com
Arrival-Date: Sat, 21 Jul 2001 15:04:01 +0200
Final-Recipient: RFC822; Majordomo-Owner@raqxyz.mydomain.com
Action: failed
Status: 5.1.2
Remote-MTA: DNS; raqxyz.mydomain.com
Diagnostic-Code: SMTP; 550 Host unknown
Last-Attempt-Date: Sat, 21 Jul 2001 15:04:01 +0200
To: Majordomo-Owner@raqxyz.mydomain.com
From: Majordomo@raqxyz.mydomain.com
Subject: MAJORDOMO ABORT (mj_majordomo)
MAJORDOMO ABORT (mj_majordomo)!!
While running with an effective uid of 8 and an effective gid of 2 2 12, Majordomo
ran into the following problems:
Unable to create log file in /usr/local/majordomo/raqxyz.mydomain.com, check permissions.
Unable to write to list directory $listdir, check permissions on /usr/local/majordomo/raqxyz.mydomain.com/lists
it seems someone wants to misuse majordomo on my server.
Q: is there any known leak w/ majordomo on Raq3 & raq4?
The "attacker" is sending emails to majordomo-owner@invalidsubdomain.mydomain.com which is resulting in the error mail below, but the orginal mail is not included :(
Emails to majordomo@validsubdomain.mydomain.com are received by an administrative account, so I don't think there's a misuse possible!?
Subject: Postmaster notify: see transcript for details
Auto-Submitted: auto-generated (postmaster-notification)
----- The following addresses had permanent fatal errors -----
Majordomo-Owner@raqxyz.mydomain.com
(reason: 550 Host unknown)
----- Transcript of session follows -----
550 5.1.2 Majordomo-Owner@raqxyz.mydomain.com... Host unknown (Name server: raqxyz.mydomain.com: host not found)
Content-Type: message/delivery-status
Reporting-MTA: dns; host.mydomain.com
Arrival-Date: Sat, 21 Jul 2001 15:04:01 +0200
Final-Recipient: RFC822; Majordomo-Owner@raqxyz.mydomain.com
Action: failed
Status: 5.1.2
Remote-MTA: DNS; raqxyz.mydomain.com
Diagnostic-Code: SMTP; 550 Host unknown
Last-Attempt-Date: Sat, 21 Jul 2001 15:04:01 +0200
From: Mail Delivery Subsystem <MAILER-DAEMON>
To: raqxyz.mydomain.com
MIME-Version: 1.0
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
----- The following addresses had permanent fatal errors -----
Majordomo-Owner@raqxyz.mydomain.com
(reason: 550 Host unknown)
----- Transcript of session follows -----
550 5.1.2 Majordomo-Owner@raqxyz.mydomain.com... Host unknown (Name server: raqxyz.mydomain.com: host not found)
Reporting-MTA: dns; host.mydomain.com
Arrival-Date: Sat, 21 Jul 2001 15:04:01 +0200
Final-Recipient: RFC822; Majordomo-Owner@raqxyz.mydomain.com
Action: failed
Status: 5.1.2
Remote-MTA: DNS; raqxyz.mydomain.com
Diagnostic-Code: SMTP; 550 Host unknown
Last-Attempt-Date: Sat, 21 Jul 2001 15:04:01 +0200
To: Majordomo-Owner@raqxyz.mydomain.com
From: Majordomo@raqxyz.mydomain.com
Subject: MAJORDOMO ABORT (mj_majordomo)
MAJORDOMO ABORT (mj_majordomo)!!
While running with an effective uid of 8 and an effective gid of 2 2 12, Majordomo
ran into the following problems:
Unable to create log file in /usr/local/majordomo/raqxyz.mydomain.com, check permissions.
Unable to write to list directory $listdir, check permissions on /usr/local/majordomo/raqxyz.mydomain.com/lists