My mail server has been hacked!
Here is the story. About a year ago I discovered what I think to be a flaw in the mail system of OS X Server.
I am hosting multiple email domains on my server.
I have enabled SMTP auth. It seems that sending email from one of my hosted domains to another does not use smtp but lmtp. Therefore, [email protected] can send email to [email protected] without using a password.
So a spammer can send email from me, to all of my hosted clients, without a password. Not good.
Now it seems, that someone has written a hidden script to take advantage of that flaw. My server is sending out email like crazy from dummy names like
[email protected]
Any help?
Thanks
Smell you later
Here is what they are sending out from my server.
World leading manufacturers. The most popular software.
MS Windows XP Professional with SP2 - $49.95
Adobe Photoshop CS2 V 9.0 - $69.95
Microsoft Office XP Professional - $49.95
Adobe Acrobat 5.0 - $39.95
More then 300 items...
2-XServe G5, XServe G4, PowerMac Dual G5, PowerMac Dual G4, PowerBook G4 17, Mac Mini, Cube Mac OS X (10.4.2)
I got the same thing!
I noticed my Xserve lights all blue..and no one is on it (LAN). So I check the logs for activity (I don't have Mail enabled...just use Xserve for file sharing) and I got this:
"Jan 9 13:57:50 macserver postfix/smtp[1183]: connect to dom03.muc.domeus.com[195.140.185.13]: Operation timed out (port 25)
Jan 9 13:57:50 macserver postfix/pipe[13316]: B0FC11842866: to=<flash@-----MY DOMAIN removed for posting>, relay=cyrus, delay=276133, status=deferred (temporary failure. Command output: couldn't connect to lmtpd: No such file or directory_ 421 4.3.0 deliver: couldn't connect to lmtpd_ )
Jan 9 13:57:50 macserver postfix/qmgr[10030]: B9286183323B: from=, size=4183, nrcpt=1 (queue active)
Jan 9 13:57:50 macserver postfix/qmgr[10030]: B92BC1844F5A: from=, size=4255, nrcpt=1 (queue active)
Jan 9 13:57:50 macserver postfix/pipe[13260]: B0FE918783DF: to=<flash@-----MY DOMAIN removed for posting>, relay=cyrus, delay=268730, status=deferred (temporary failure. Command output: couldn't connect to lmtpd: No such file or directory_ 421 4.3.0 deliver: couldn't connect to lmtpd_ )
Jan 9 13:57:50 macserver postfix/qmgr[10030]: B92E3183D4FE: from=, size=4207, nrcpt=1 (queue active)
It's using a flash user. I checked workgroup manager and there enough, is a user named flash. I disabled it. I never enabled root on this box so I dunno what is going on but time to change accounts and pwds...
Any ideas what got this? I don't host and I am behind NAT. Also, I never enabled root. Checked activity processes and root is controlling the email and other processes that are using ALOT of CPU (69%). Disable root? What about pwd, can I reset? Not much a unix guru...then again, how this happened?
Similar Messages
-
Adobe server has been hacked?
Hi...
I wonder if adobe customer data are safely secrused..
For each site I provide an alias with the name adobe ... just to follow if the site use my mail adress... and today I just received a strange mail at adobe@myserver !
So I suppose adobe server has been hacked ...
a was with this instructions inside (and it's not in good french):
Nous invitons tous les individus et entités juridiques pour examen et suivons
strictement les instructions de Inland Revenue .
Matériel pour la consultation (MR ) est particulièrement recommandé à ceux qui
utilisent les services financiers (par exemple ,. Internet Banking )
Un espace dédié au contrôle fiscal et à la lutte contre la fraude est ouvert ce
jour.
Dans le cadre du Comité national de lutte contre la fraude du 22 mai 2014, les
Ministres ont présenté un plan d'action dit < plan contrôle citoyen >. Parmi ces
mesures figure l'ouverture d'un espace dédié au contrôle fiscal et à la lutte
contre la fraude. Cet espace est désormais ouvert.
La lutte contre la fraude fiscale est une priorité du Gouvernement. Elle passe
par une action renforcée en matière de contrôle mais aussi par la prévention des
risques.
Cet espace a donc pour objectif de présenter l'organisation et le fonctionnement
des services du contrôle fiscal, de fournir des informations claires,
pédagogiques sur la façon dont se déroule un contrôle fiscal et de mieux
informer des risques encourus pour éviter les erreurs et les pertes budgétaires
potentielles. Ainsi, certains schémas frauduleux sont décrits dans cet espace
pour éviter aux entreprises, qui cherchent à acquitter correctement leurs
impôts, d'être impliquées par exemple dans des fraudes à la TVA. Des fiches ou
notices sur des sujets complexes ou sur des points faisant fréquemment l'objet
de rappels seront également mises à disposition. Une notice pédagogique sur le
crédit impôt recherche est d'ores et déjà disponible.
Cet espace sera régulièrement enrichi et actualisé, notamment avec des
commentaires de certaines évolutions jurisprudentielles impactant le contrôle
fiscal.
Figure également dans cet espace, un document questions-réponses sur le
dispositif de régularisation des avoirs à l'étranger non déclarés.
À cet égard , il a préparé une nouvelle application informatique,
l'identification de l'analyse de risque pour les personnes et les fonds
définition synthétique de revenu.
C' est un outil innovant qui sera l'objet de la mise en œuvre et des
améliorations visant à optimiser la fonctionnalité
I N S T A L L E R
interlomar.nazwa.pl/InstallerEspaceControle.zip
(I don't give the complet link just to be sure someone will not clik on it)
regards,
RudolfHow long have you had the account?
-
I think my email server has been hacked! How do I find out and fix it?
Can someone tell me where or how to start to fix this?
I'm running a MacMini Server with 10.6.8 running on it.
I'm enclosing a raw glimps of the SMTP log below.
Jan 14 21:21:45 jbillings postfix/smtp[77947]: 1819E6A00ADD: to=<joetdr**[email protected]>, relay=mta7.am0.yahoodns.net[66.94.238.147]:25, conn_use=10, delay=143124, delays=143106/17/0.17/0.83, dsn=5.0.0, status=bounced (host mta7.am0.yahoodns.net[66.94.238.147] said: 554 delivery error: dd This user doesn't have a yahoo.com account (joetdr**[email protected]) [0] - mta1419.mail.mud.yahoo.com (in reply to end of DATA command))
Jan 14 21:21:45 jbillings postfix/smtp[78102]: 0E33069DE752: to=<alys**[email protected]>, relay=none, delay=146722, delays=146709/7/5.3/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=hotmai.com type=MX: Host not found, try again)
Jan 14 21:21:45 jbillings postfix/smtp[77906]: 2430369BBB4B: to=<ejm**[email protected]>, relay=mail.htc.net[216.114.114.146]:25, delay=151433, delays=151431/0/2.2/0, dsn=4.0.0, status=deferred (host mail.htc.net[216.114.114.146] refused to talk to me: 550 Barracuda Central, Listed in barracudacentral.org)
Jan 14 21:21:45 jbillings postfix/smtp[77961]: 1805E69BC153: to=<staciebennet**[email protected]>, relay=mta7.am0.yahoodns.net[74.6.136.244]:25, conn_use=8, delay=151401, delays=151382/18/0.23/0.91, dsn=5.0.0, status=bounced (host mta7.am0.yahoodns.net[74.6.136.244] said: 554 delivery error: dd Sorry your message to staciebennet**[email protected] cannot be delivered. This account has been disabled or discontinued [#102]. - mta1257.mail.sk1.yahoo.com (in reply to end of DATA command))
Jan 14 21:21:45 jbillings postfix/smtp[78085]: 1819269F313D: to=<wynter**[email protected]>, relay=mta7.am0.yahoodns.net[74.6.136.244]:25, conn_use=7, delay=144576, delays=144558/17/0.21/0.97, dsn=5.0.0, status=bounced (host mta7.am0.yahoodns.net[74.6.136.244] said: 554 delivery error: dd Sorry your message to wyntern**[email protected] cannot be delivered. This account has been disabled or discontinued [#102]. - mta1271.mail.sk1.yahoo.com (in reply to end of DATA command))
Jan 14 21:21:45 jbillings postfix/smtp[78072]: 0F24F6A483C0: to=<brigi**[email protected]>, relay=mail.sunne-im-haerze.ch[80.74.131.2]:25, delay=132135, delays=132123/8.8/2.1/1, dsn=4.0.0, status=deferred (host mail.sunne-im-haerze.ch[80.74.131.2] said: 451 http://www.barracudanetworks.com/reputation/?pr=1&ip=69.34.116.38 (in reply to RCPT TO command))
And here is my postconf log
postconf -n
2bounce_notice_recipient = postmaster
access_map_reject_code = 554
address_verify_default_transport = $default_transport
address_verify_local_transport = $local_transport
address_verify_map =
address_verify_negative_cache = yes
address_verify_negative_expire_time = 3d
address_verify_negative_refresh_time = 3h
address_verify_poll_count = 3
address_verify_poll_delay = 3s
address_verify_positive_expire_time = 31d
address_verify_positive_refresh_time = 7d
address_verify_relay_transport = $relay_transport
address_verify_relayhost = $relayhost
address_verify_sender = $double_bounce_sender
address_verify_sender_dependent_relayhost_maps = $sender_dependent_relayhost_maps
address_verify_service_name = verify
address_verify_transport_maps = $transport_maps
address_verify_virtual_transport = $virtual_transport
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_mail_to_commands = alias, forward
allow_mail_to_files = alias, forward
always_bcc = [email protected]
anvil_rate_time_unit = 60s
anvil_status_update_time = 600s
application_event_drain_time = 100s
authorized_flush_users = static:anyone
authorized_mailq_users = static:anyone
authorized_submit_users = static:anyone
backwards_bounce_logfile_compatibility = yes
berkeley_db_create_buffer_size = 16777216
berkeley_db_read_buffer_size = 131072
best_mx_transport =
biff = no
body_checks_size_limit = 51200
bounce_notice_recipient = postmaster
bounce_queue_lifetime = 5d
bounce_service_name = bounce
bounce_size_limit = 50000
bounce_template_file =
canonical_classes = envelope_sender, envelope_recipient, header_sender, header_recipient
check_for_od_forward = yes
cleanup_service_name = cleanup
command_directory = /usr/sbin
command_execution_directory =
command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
command_time_limit = 1000s
config_directory = /etc/postfix
connection_cache_protocol_timeout = 5s
connection_cache_service_name = scache
connection_cache_status_update_time = 600s
connection_cache_ttl_limit = 2s
content_filter = smtp-amavis:[127.0.0.1]:10024
cyrus_sasl_config_path =
daemon_directory = /usr/libexec/postfix
daemon_timeout = 18000s
data_directory = /var/lib/postfix
debug_peer_level = 2
debug_peer_list =
default_database_type = hash
default_delivery_slot_cost = 5
default_delivery_slot_discount = 50
default_delivery_slot_loan = 3
default_destination_concurrency_failed_cohort_limit = 1
default_destination_concurrency_limit = 20
default_destination_concurrency_negative_feedback = 1
default_destination_concurrency_positive_feedback = 1
default_destination_rate_delay = 0s
default_destination_recipient_limit = 50
default_extra_recipient_limit = 1000
default_minimum_delivery_slots = 3
default_privs = nobody
default_process_limit = 100
default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
default_recipient_limit = 20000
default_recipient_refill_delay = 5s
default_recipient_refill_limit = 100
default_transport = smtp
default_verp_delimiters = +=
defer_code = 450
defer_service_name = defer
defer_transports =
delay_logging_resolution_limit = 2
delay_notice_recipient = postmaster
delay_warning_time = 0h
deliver_lock_attempts = 20
deliver_lock_delay = 1s
destination_concurrency_feedback_debug = no
detect_8bit_encoding_header = yes
dont_remove = 0
double_bounce_sender = double-bounce
duplicate_filter_limit = 1000
empty_address_recipient = MAILER-DAEMON
empty_address_relayhost_maps_lookup_key = <>
enable_original_recipient = yes
enable_server_options = yes
error_notice_recipient = postmaster
error_service_name = error
execution_directory_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
export_environment = TZ MAIL_CONFIG LANG
fallback_transport =
fallback_transport_maps =
fast_flush_domains = $relay_domains
fast_flush_purge_time = 7d
fast_flush_refresh_time = 12h
fault_injection_code = 0
flush_service_name = flush
fork_attempts = 5
fork_delay = 1s
forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward
frozen_delivered_to = yes
hash_queue_depth = 1
hash_queue_names = deferred,defer
header_address_token_limit = 10240
header_checks = pcre:/etc/postfix/custom_header_checks
header_size_limit = 102400
hopcount_limit = 50
html_directory = /usr/share/doc/postfix/html
import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C
in_flow_delay = 1s
inet_interfaces = localhost
inet_protocols = ipv4
initial_destination_concurrency = 5
internal_mail_filter_classes =
invalid_hostname_reject_code = 501
ipc_idle = 5s
ipc_timeout = 3600s
ipc_ttl = 1000s
line_length_limit = 2048
lmtp_bind_address =
lmtp_bind_address6 =
lmtp_body_checks =
lmtp_cname_overrides_servername = no
lmtp_connect_timeout = 0s
lmtp_connection_cache_destinations =
lmtp_connection_cache_on_demand = yes
lmtp_connection_cache_time_limit = 2s
lmtp_connection_reuse_time_limit = 300s
lmtp_data_done_timeout = 600s
lmtp_data_init_timeout = 120s
lmtp_data_xfer_timeout = 180s
lmtp_defer_if_no_mx_address_found = no
lmtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
lmtp_destination_concurrency_limit = $default_destination_concurrency_limit
lmtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
lmtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
lmtp_destination_rate_delay = $default_destination_rate_delay
lmtp_destination_recipient_limit = $default_destination_recipient_limit
lmtp_discard_lhlo_keyword_address_maps =
lmtp_discard_lhlo_keywords =
lmtp_enforce_tls = no
lmtp_generic_maps =
lmtp_header_checks =
lmtp_host_lookup = dns
lmtp_initial_destination_concurrency = $initial_destination_concurrency
lmtp_lhlo_name = $myhostname
lmtp_lhlo_timeout = 300s
lmtp_line_length_limit = 990
lmtp_mail_timeout = 300s
lmtp_mime_header_checks =
lmtp_mx_address_limit = 5
lmtp_mx_session_limit = 2
lmtp_nested_header_checks =
lmtp_pix_workaround_delay_time = 10s
lmtp_pix_workaround_maps =
lmtp_pix_workaround_threshold_time = 500s
lmtp_pix_workarounds = disable_esmtp,delay_dotcrlf
lmtp_quit_timeout = 300s
lmtp_quote_rfc821_envelope = yes
lmtp_randomize_addresses = yes
lmtp_rcpt_timeout = 300s
lmtp_rset_timeout = 20s
lmtp_sasl_auth_cache_name =
lmtp_sasl_auth_cache_time = 90d
lmtp_sasl_auth_soft_bounce = yes
lmtp_sasl_mechanism_filter =
lmtp_sasl_path =
lmtp_sasl_security_options = noplaintext, noanonymous
lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options
lmtp_sasl_type = cyrus
lmtp_send_xforward_command = no
lmtp_sender_dependent_authentication = no
lmtp_skip_5xx_greeting = yes
lmtp_starttls_timeout = 300s
lmtp_tcp_port = 24
lmtp_tls_CAfile =
lmtp_tls_CApath =
lmtp_tls_cert_file =
lmtp_tls_dcert_file =
lmtp_tls_dkey_file = $lmtp_tls_dcert_file
lmtp_tls_enforce_peername = yes
lmtp_tls_exclude_ciphers =
lmtp_tls_fingerprint_cert_match =
lmtp_tls_fingerprint_digest = md5
lmtp_tls_key_file = $lmtp_tls_cert_file
lmtp_tls_loglevel = 0
lmtp_tls_mandatory_ciphers = medium
lmtp_tls_mandatory_exclude_ciphers =
lmtp_tls_mandatory_protocols = SSLv3, TLSv1
lmtp_tls_note_starttls_offer = no
lmtp_tls_per_site =
lmtp_tls_policy_maps =
lmtp_tls_scert_verifydepth = 9
lmtp_tls_secure_cert_match = nexthop
lmtp_tls_security_level =
lmtp_tls_session_cache_database =
lmtp_tls_session_cache_timeout = 3600s
lmtp_tls_verify_cert_match = hostname
lmtp_use_tls = no
lmtp_xforward_timeout = 300s
local_command_shell =
local_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
local_destination_concurrency_limit = 2
local_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
local_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
local_destination_rate_delay = $default_destination_rate_delay
local_destination_recipient_limit = 1
local_header_rewrite_clients = permit_inet_interfaces
local_initial_destination_concurrency = $initial_destination_concurrency
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
local_transport = local:$myhostname
luser_relay =
mail_name = Postfix
mail_owner = _postfix
mail_release_date = 20080902
mail_spool_directory = /var/mail
mail_version = 2.5.5
mailbox_command =
mailbox_command_maps =
mailbox_delivery_lock = flock, dotlock
mailbox_size_limit = 0
mailbox_transport = dovecot
mailbox_transport_maps =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps_rbl_domains =
maps_rbl_reject_code = 554
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions =
max_idle = 100s
max_use = 100
maximal_backoff_time = 4000s
maximal_queue_lifetime = 5d
message_reject_characters =
message_size_limit = 209715200
message_strip_characters =
milter_command_timeout = 30s
milter_connect_macros = j {daemon_name} v
milter_connect_timeout = 30s
milter_content_timeout = 300s
milter_data_macros = i
milter_default_action = tempfail
milter_end_of_data_macros = i
milter_end_of_header_macros = i
milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer}
milter_macro_daemon_name = $myhostname
milter_macro_v = $mail_name $mail_version
milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr}
milter_protocol = 2
milter_rcpt_macros = i {rcpt_addr}
milter_unknown_command_macros =
mime_boundary_length_limit = 2048
mime_header_checks = $header_checks
mime_nesting_limit = 100
minimal_backoff_time = 300s
multi_recipient_bounce_reject_code = 550
mydestination = $myhostname, localhost.$mydomain, localhost, jbillings.net, rebuildingtogetherliberty.org, speedofflight.net, billingsconstruction.com, kcscsports.net, rebuildingtogetherclaycounty.org, $mydomain
mydomain = net
mydomain_fallback = localhost
myhostname = www.jbillings.net
mynetworks = 127.0.0.0/8,192.168.2.0/24
mynetworks_style = subnet
myorigin = $myhostname
nested_header_checks = $header_checks
newaliases_path = /usr/bin/newaliases
non_fqdn_reject_code = 504
non_smtpd_milters =
notify_classes = resource, software
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_a uthorized_clients,relay_domains,smtpd_access_maps
permit_mx_backup_networks =
pickup_service_name = pickup
plaintext_reject_code = 450
prepend_delivered_header = command, file, forward
process_id_directory = pid
propagate_unmatched_extensions = canonical, virtual
proxy_interfaces =
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps
proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name
qmgr_clog_warn_time = 300s
qmgr_fudge_factor = 100
qmgr_message_active_limit = 20000
qmgr_message_recipient_limit = 20000
qmgr_message_recipient_minimum = 10
qmqpd_authorized_clients =
qmqpd_client_port_logging = no
qmqpd_error_delay = 1s
qmqpd_timeout = 300s
queue_directory = /private/var/spool/postfix
queue_file_attribute_count_limit = 100
queue_minfree = 0
queue_run_delay = 300s
queue_service_name = qmgr
rbl_reply_maps =
readme_directory = /usr/share/doc/postfix
receive_override_options =
recipient_bcc_maps =
recipient_canonical_classes = envelope_recipient, header_recipient
recipient_delimiter = +
reject_code = 554
relay_clientcerts =
relay_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
relay_destination_concurrency_limit = $default_destination_concurrency_limit
relay_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
relay_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
relay_destination_rate_delay = $default_destination_rate_delay
relay_destination_recipient_limit = $default_destination_recipient_limit
relay_domains = $mydestination
relay_domains_reject_code = 554
relay_initial_destination_concurrency = $initial_destination_concurrency
relay_recipient_maps =
relay_transport = relay
relayhost =
relocated_maps =
remote_header_rewrite_domain =
resolve_null_domain = no
resolve_numeric_domain = no
rewrite_service_name = rewrite
sample_directory = /usr/share/doc/postfix/examples
send_cyrus_sasl_authzid = no
sender_bcc_maps =
sender_canonical_classes = envelope_sender, header_sender
sender_canonical_maps =
sender_dependent_relayhost_maps =
sendmail_path = /usr/sbin/sendmail
service_throttle_time = 60s
setgid_group = _postdrop
showq_service_name = showq
smtp_bind_address6 =
smtp_body_checks =
smtp_cname_overrides_servername = no
smtp_connect_timeout = 30s
smtp_connection_cache_destinations =
smtp_connection_cache_on_demand = yes
smtp_connection_cache_time_limit = 2s
smtp_connection_reuse_time_limit = 300s
smtp_data_done_timeout = 600s
smtp_data_init_timeout = 120s
smtp_data_xfer_timeout = 180s
smtp_defer_if_no_mx_address_found = no
smtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
smtp_destination_concurrency_limit = $default_destination_concurrency_limit
smtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
smtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
smtp_destination_rate_delay = $default_destination_rate_delay
smtp_destination_recipient_limit = $default_destination_recipient_limit
smtp_discard_ehlo_keyword_address_maps =
smtp_discard_ehlo_keywords =
smtp_enforce_tls = no
smtp_fallback_relay = $fallback_relay
smtp_generic_maps =
smtp_header_checks =
smtp_helo_name = $myhostname
smtp_helo_timeout = 300s
smtp_host_lookup = dns
smtp_initial_destination_concurrency = $initial_destination_concurrency
smtp_line_length_limit = 990
smtp_mail_timeout = 300s
smtp_mime_header_checks =
smtp_mx_address_limit = 5
smtp_mx_session_limit = 2
smtp_nested_header_checks =
smtp_pix_workaround_delay_time = 10s
smtp_pix_workaround_maps =
smtp_pix_workaround_threshold_time = 500s
smtp_pix_workarounds = disable_esmtp,delay_dotcrlf
smtp_quit_timeout = 300s
smtp_quote_rfc821_envelope = yes
smtp_rcpt_timeout = 300s
smtp_rset_timeout = 20s
smtp_sasl_auth_cache_name =
smtp_sasl_auth_cache_time = 90d
smtp_sasl_auth_soft_bounce = yes
smtp_sasl_mechanism_filter =
smtp_sasl_password_maps =
smtp_sasl_path =
smtp_sasl_security_options = noplaintext, noanonymous
smtp_sasl_tls_security_options = $smtp_sasl_security_options
smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
smtp_sasl_type = cyrus
smtp_send_xforward_command = no
smtp_sender_dependent_authentication = no
smtp_starttls_timeout = 300s
smtp_tls_CAfile =
smtp_tls_CApath =
smtp_tls_cert_file =
smtp_tls_dcert_file =
smtp_tls_dkey_file = $smtp_tls_dcert_file
smtp_tls_enforce_peername = yes
smtp_tls_exclude_ciphers =
smtp_tls_fingerprint_cert_match =
smtp_tls_fingerprint_digest = md5
smtp_tls_key_file = $smtp_tls_cert_file
smtp_tls_loglevel = 0
smtp_tls_mandatory_ciphers = medium
smtp_tls_mandatory_exclude_ciphers =
smtp_tls_mandatory_protocols = SSLv3, TLSv1
smtp_tls_note_starttls_offer = no
smtp_tls_per_site =
smtp_tls_policy_maps =
smtp_tls_scert_verifydepth = 9
smtp_tls_secure_cert_match = nexthop, dot-nexthop
smtp_tls_security_level =
smtp_tls_session_cache_database =
smtp_tls_session_cache_timeout = 3600s
smtp_tls_verify_cert_match = hostname
smtp_use_tls = no
smtp_xforward_timeout = 300s
smtpd_authorized_verp_clients = $authorized_verp_clients
smtpd_authorized_xclient_hosts =
smtpd_authorized_xforward_hosts =
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_count_limit = 50
smtpd_client_connection_rate_limit = 0
smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks}
smtpd_client_message_rate_limit = 0
smtpd_client_new_tls_session_rate_limit = 0
smtpd_client_port_logging = no
smtpd_client_recipient_rate_limit = 0
smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated reject_rbl_client zen.spamhaus.org permit
smtpd_data_restrictions =
smtpd_delay_open_until_valid_rcpt = yes
smtpd_discard_ehlo_keyword_address_maps =
smtpd_discard_ehlo_keywords =
smtpd_end_of_data_restrictions =
smtpd_enforce_tls = yes
smtpd_error_sleep_time = 1s
smtpd_etrn_restrictions =
smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghi jklmnopqrstuvwxyz{|}~
smtpd_forbidden_commands = CONNECT GET POST
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_helo_hostname reject_non_fqdn_helo_hostname
smtpd_history_flush_threshold = 100
smtpd_junk_command_limit = 100
smtpd_milters =
smtpd_noop_commands =
smtpd_null_access_lookup_key = <>
smtpd_peername_lookup = yes
smtpd_policy_service_max_idle = 300s
smtpd_policy_service_max_ttl = 1000s
smtpd_policy_service_timeout = 100s
smtpd_proxy_ehlo = $myhostname
smtpd_proxy_filter =
smtpd_proxy_timeout = 100s
smtpd_pw_server_security_options = cram-md5
smtpd_recipient_limit = 1000
smtpd_recipient_overshoot_limit = 1000
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination check_policy_service unix:private/policy permit
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = no
smtpd_restriction_classes =
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_exceptions_networks =
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = cyrus
smtpd_sender_login_maps =
smtpd_sender_restrictions =
smtpd_soft_error_limit = 10
smtpd_starttls_timeout = 300s
smtpd_timeout = 300s
smtpd_tls_CAfile = /etc/certificates/server.jbillings.net.0614D66F5D64A8714C5BD87DB26F4D5999C16541 .chain.pem
smtpd_tls_CApath =
smtpd_tls_always_issue_session_ids = yes
smtpd_tls_ask_ccert = no
smtpd_tls_auth_only = no
smtpd_tls_ccert_verifydepth = 9
smtpd_tls_cert_file = /etc/certificates/server.jbillings.net.0614D66F5D64A8714C5BD87DB26F4D5999C16541 .cert.pem
smtpd_tls_dcert_file =
smtpd_tls_dh1024_param_file =
smtpd_tls_dh512_param_file =
smtpd_tls_dkey_file = $smtpd_tls_dcert_file
smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
smtpd_tls_fingerprint_digest = md5
smtpd_tls_key_file = /etc/certificates/server.jbillings.net.0614D66F5D64A8714C5BD87DB26F4D5999C16541 .key.pem
smtpd_tls_loglevel = 0
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_exclude_ciphers =
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_received_header = no
smtpd_tls_req_ccert = no
smtpd_tls_security_level =
smtpd_tls_session_cache_database =
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_wrappermode = no
smtpd_use_pw_server = yes
smtpd_use_tls = yes
stale_lock_time = 500s
stress =
strict_mailbox_ownership = yes
syslog_facility = mail
syslog_name = postfix
tls_daemon_random_bytes = 32
tls_export_cipherlist = ALL:+RC4:@STRENGTH
tls_high_cipherlist = ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH
tls_low_cipherlist = ALL:!EXPORT:+RC4:@STRENGTH
tls_medium_cipherlist = ALL:!EXPORT:!LOW:+RC4:@STRENGTH
tls_null_cipherlist = eNULL:!aNULL
tls_random_bytes = 32
tls_random_exchange_name = ${data_directory}/prng_exch
tls_random_prng_update_period = 3600s
tls_random_reseed_period = 3600s
tls_random_source = dev:/dev/urandom
trace_service_name = trace
transport_maps =
transport_retry_time = 60s
trigger_timeout = 10s
undisclosed_recipients_header = To: undisclosed-recipients:;
unknown_address_reject_code = 450
unknown_client_reject_code = 450
unknown_hostname_reject_code = 450
unknown_local_recipient_reject_code = 550
unknown_relay_recipient_reject_code = 550
unknown_virtual_alias_reject_code = 550
unknown_virtual_mailbox_reject_code = 550
unverified_recipient_reject_code = 450
unverified_sender_reject_code = 450
use_getpwnam_ext = yes
use_od_delivery_path = no
verp_delimiter_filter = -=+
virtual_alias_domains = $virtual_alias_maps
virtual_alias_expansion_limit = 1000
virtual_alias_maps =
virtual_alias_recursion_limit = 1000
virtual_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
virtual_destination_concurrency_limit = $default_destination_concurrency_limit
virtual_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
virtual_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
virtual_destination_rate_delay = $default_destination_rate_delay
virtual_destination_recipient_limit = $default_destination_recipient_limit
virtual_gid_maps =
virtual_initial_destination_concurrency = $initial_destination_concurrency
virtual_mailbox_base =
virtual_mailbox_domains = $virtual_mailbox_maps
virtual_mailbox_limit = 51200000
virtual_mailbox_lock = fcntl, dotlock
virtual_mailbox_maps =
virtual_minimum_uid = 100
virtual_transport = virtual
virtual_uid_maps =
< Emails Edited By Host >Thanks for the reply.
To reply to your question. I forward a copy of all emails to an account "[email protected]" suddenly on this past Thursday I find some 66,000+ emails in the junk folder of that email account and a tremendous amount of actiivity on my server email. So my first thought is that I've been hacked.
All actual email accounts seem to be functioning fine, and I've had everyone change their email passwords.
The unusual amount of activity sent up the red flag.
BTW. I ran the postconf -n again and am including it.
Last login: Sat Jan 14 21:25:44 on ttys000
jbillings:~ sysadmin$ postconf -n
2bounce_notice_recipient = postmaster
access_map_reject_code = 554
address_verify_default_transport = $default_transport
address_verify_local_transport = $local_transport
address_verify_map =
address_verify_negative_cache = yes
address_verify_negative_expire_time = 3d
address_verify_negative_refresh_time = 3h
address_verify_poll_count = 3
address_verify_poll_delay = 3s
address_verify_positive_expire_time = 31d
address_verify_positive_refresh_time = 7d
address_verify_relay_transport = $relay_transport
address_verify_relayhost = $relayhost
address_verify_sender = $double_bounce_sender
address_verify_sender_dependent_relayhost_maps = $sender_dependent_relayhost_maps
address_verify_service_name = verify
address_verify_transport_maps = $transport_maps
address_verify_virtual_transport = $virtual_transport
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_mail_to_commands = alias, forward
allow_mail_to_files = alias, forward
always_bcc = [email protected]
anvil_rate_time_unit = 60s
anvil_status_update_time = 600s
application_event_drain_time = 100s
authorized_flush_users = static:anyone
authorized_mailq_users = static:anyone
authorized_submit_users = static:anyone
backwards_bounce_logfile_compatibility = yes
berkeley_db_create_buffer_size = 16777216
berkeley_db_read_buffer_size = 131072
best_mx_transport =
biff = no
body_checks_size_limit = 51200
bounce_notice_recipient = postmaster
bounce_queue_lifetime = 5d
bounce_service_name = bounce
bounce_size_limit = 50000
bounce_template_file =
canonical_classes = envelope_sender, envelope_recipient, header_sender, header_recipient
check_for_od_forward = yes
cleanup_service_name = cleanup
command_directory = /usr/sbin
command_execution_directory =
command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
command_time_limit = 1000s
config_directory = /etc/postfix
connection_cache_protocol_timeout = 5s
connection_cache_service_name = scache
connection_cache_status_update_time = 600s
connection_cache_ttl_limit = 2s
content_filter = smtp-amavis:[127.0.0.1]:10024
cyrus_sasl_config_path =
daemon_directory = /usr/libexec/postfix
daemon_timeout = 18000s
data_directory = /var/lib/postfix
debug_peer_level = 2
debug_peer_list =
default_database_type = hash
default_delivery_slot_cost = 5
default_delivery_slot_discount = 50
default_delivery_slot_loan = 3
default_destination_concurrency_failed_cohort_limit = 1
default_destination_concurrency_limit = 20
default_destination_concurrency_negative_feedback = 1
default_destination_concurrency_positive_feedback = 1
default_destination_rate_delay = 0s
default_destination_recipient_limit = 50
default_extra_recipient_limit = 1000
default_minimum_delivery_slots = 3
default_privs = nobody
default_process_limit = 100
default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
default_recipient_limit = 20000
default_recipient_refill_delay = 5s
default_recipient_refill_limit = 100
default_transport = smtp
default_verp_delimiters = +=
defer_code = 450
defer_service_name = defer
defer_transports =
delay_logging_resolution_limit = 2
delay_notice_recipient = postmaster
delay_warning_time = 0h
deliver_lock_attempts = 20
deliver_lock_delay = 1s
destination_concurrency_feedback_debug = no
detect_8bit_encoding_header = yes
dont_remove = 0
double_bounce_sender = double-bounce
duplicate_filter_limit = 1000
empty_address_recipient = MAILER-DAEMON
empty_address_relayhost_maps_lookup_key = <>
enable_original_recipient = yes
enable_server_options = yes
error_notice_recipient = postmaster
error_service_name = error
execution_directory_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
export_environment = TZ MAIL_CONFIG LANG
fallback_transport =
fallback_transport_maps =
fast_flush_domains = $relay_domains
fast_flush_purge_time = 7d
fast_flush_refresh_time = 12h
fault_injection_code = 0
flush_service_name = flush
fork_attempts = 5
fork_delay = 1s
forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward
frozen_delivered_to = yes
hash_queue_depth = 1
hash_queue_names = deferred,defer
header_address_token_limit = 10240
header_checks = pcre:/etc/postfix/custom_header_checks
header_size_limit = 102400
hopcount_limit = 50
html_directory = /usr/share/doc/postfix/html
import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C
in_flow_delay = 1s
inet_interfaces = localhost
inet_protocols = ipv4
initial_destination_concurrency = 5
internal_mail_filter_classes =
invalid_hostname_reject_code = 501
ipc_idle = 5s
ipc_timeout = 3600s
ipc_ttl = 1000s
line_length_limit = 2048
lmtp_bind_address =
lmtp_bind_address6 =
lmtp_body_checks =
lmtp_cname_overrides_servername = no
lmtp_connect_timeout = 0s
lmtp_connection_cache_destinations =
lmtp_connection_cache_on_demand = yes
lmtp_connection_cache_time_limit = 2s
lmtp_connection_reuse_time_limit = 300s
lmtp_data_done_timeout = 600s
lmtp_data_init_timeout = 120s
lmtp_data_xfer_timeout = 180s
lmtp_defer_if_no_mx_address_found = no
lmtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
lmtp_destination_concurrency_limit = $default_destination_concurrency_limit
lmtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
lmtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
lmtp_destination_rate_delay = $default_destination_rate_delay
lmtp_destination_recipient_limit = $default_destination_recipient_limit
lmtp_discard_lhlo_keyword_address_maps =
lmtp_discard_lhlo_keywords =
lmtp_enforce_tls = no
lmtp_generic_maps =
lmtp_header_checks =
lmtp_host_lookup = dns
lmtp_initial_destination_concurrency = $initial_destination_concurrency
lmtp_lhlo_name = $myhostname
lmtp_lhlo_timeout = 300s
lmtp_line_length_limit = 990
lmtp_mail_timeout = 300s
lmtp_mime_header_checks =
lmtp_mx_address_limit = 5
lmtp_mx_session_limit = 2
lmtp_nested_header_checks =
lmtp_pix_workaround_delay_time = 10s
lmtp_pix_workaround_maps =
lmtp_pix_workaround_threshold_time = 500s
lmtp_pix_workarounds = disable_esmtp,delay_dotcrlf
lmtp_quit_timeout = 300s
lmtp_quote_rfc821_envelope = yes
lmtp_randomize_addresses = yes
lmtp_rcpt_timeout = 300s
lmtp_rset_timeout = 20s
lmtp_sasl_auth_cache_name =
lmtp_sasl_auth_cache_time = 90d
lmtp_sasl_auth_soft_bounce = yes
lmtp_sasl_mechanism_filter =
lmtp_sasl_path =
lmtp_sasl_security_options = noplaintext, noanonymous
lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options
lmtp_sasl_type = cyrus
lmtp_send_xforward_command = no
lmtp_sender_dependent_authentication = no
lmtp_skip_5xx_greeting = yes
lmtp_starttls_timeout = 300s
lmtp_tcp_port = 24
lmtp_tls_CAfile =
lmtp_tls_CApath =
lmtp_tls_cert_file =
lmtp_tls_dcert_file =
lmtp_tls_dkey_file = $lmtp_tls_dcert_file
lmtp_tls_enforce_peername = yes
lmtp_tls_exclude_ciphers =
lmtp_tls_fingerprint_cert_match =
lmtp_tls_fingerprint_digest = md5
lmtp_tls_key_file = $lmtp_tls_cert_file
lmtp_tls_loglevel = 0
lmtp_tls_mandatory_ciphers = medium
lmtp_tls_mandatory_exclude_ciphers =
lmtp_tls_mandatory_protocols = SSLv3, TLSv1
lmtp_tls_note_starttls_offer = no
lmtp_tls_per_site =
lmtp_tls_policy_maps =
lmtp_tls_scert_verifydepth = 9
lmtp_tls_secure_cert_match = nexthop
lmtp_tls_security_level =
lmtp_tls_session_cache_database =
lmtp_tls_session_cache_timeout = 3600s
lmtp_tls_verify_cert_match = hostname
lmtp_use_tls = no
lmtp_xforward_timeout = 300s
local_command_shell =
local_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
local_destination_concurrency_limit = 2
local_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
local_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
local_destination_rate_delay = $default_destination_rate_delay
local_destination_recipient_limit = 1
local_header_rewrite_clients = permit_inet_interfaces
local_initial_destination_concurrency = $initial_destination_concurrency
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
local_transport = local:$myhostname
luser_relay =
mail_name = Postfix
mail_owner = _postfix
mail_release_date = 20080902
mail_spool_directory = /var/mail
mail_version = 2.5.5
mailbox_command =
mailbox_command_maps =
mailbox_delivery_lock = flock, dotlock
mailbox_size_limit = 0
mailbox_transport = dovecot
mailbox_transport_maps =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps_rbl_domains =
maps_rbl_reject_code = 554
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions =
max_idle = 100s
max_use = 100
maximal_backoff_time = 4000s
maximal_queue_lifetime = 5d
message_reject_characters =
message_size_limit = 209715200
message_strip_characters =
milter_command_timeout = 30s
milter_connect_macros = j {daemon_name} v
milter_connect_timeout = 30s
milter_content_timeout = 300s
milter_data_macros = i
milter_default_action = tempfail
milter_end_of_data_macros = i
milter_end_of_header_macros = i
milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer}
milter_macro_daemon_name = $myhostname
milter_macro_v = $mail_name $mail_version
milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr}
milter_protocol = 2
milter_rcpt_macros = i {rcpt_addr}
milter_unknown_command_macros =
mime_boundary_length_limit = 2048
mime_header_checks = $header_checks
mime_nesting_limit = 100
minimal_backoff_time = 300s
multi_recipient_bounce_reject_code = 550
mydestination = $myhostname, localhost.$mydomain, localhost, jbillings.net, rebuildingtogetherliberty.org, speedofflight.net, billingsconstruction.com, kcscsports.net, rebuildingtogetherclaycounty.org, $mydomain
mydomain = net
mydomain_fallback = localhost
myhostname = www.jbillings.net
mynetworks = 127.0.0.0/8,192.168.2.0/24
mynetworks_style = subnet
myorigin = $myhostname
nested_header_checks = $header_checks
newaliases_path = /usr/bin/newaliases
non_fqdn_reject_code = 504
non_smtpd_milters =
notify_classes = resource, software
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_a uthorized_clients,relay_domains,smtpd_access_maps
permit_mx_backup_networks =
pickup_service_name = pickup
plaintext_reject_code = 450
prepend_delivered_header = command, file, forward
process_id_directory = pid
propagate_unmatched_extensions = canonical, virtual
proxy_interfaces =
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps
proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name
qmgr_clog_warn_time = 300s
qmgr_fudge_factor = 100
qmgr_message_active_limit = 20000
qmgr_message_recipient_limit = 20000
qmgr_message_recipient_minimum = 10
qmqpd_authorized_clients =
qmqpd_client_port_logging = no
qmqpd_error_delay = 1s
qmqpd_timeout = 300s
queue_directory = /private/var/spool/postfix
queue_file_attribute_count_limit = 100
queue_minfree = 0
queue_run_delay = 300s
queue_service_name = qmgr
rbl_reply_maps =
readme_directory = /usr/share/doc/postfix
receive_override_options =
recipient_bcc_maps =
recipient_canonical_classes = envelope_recipient, header_recipient
recipient_delimiter = +
reject_code = 554
relay_clientcerts =
relay_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
relay_destination_concurrency_limit = $default_destination_concurrency_limit
relay_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
relay_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
relay_destination_rate_delay = $default_destination_rate_delay
relay_destination_recipient_limit = $default_destination_recipient_limit
relay_domains = $mydestination
relay_domains_reject_code = 554
relay_initial_destination_concurrency = $initial_destination_concurrency
relay_recipient_maps =
relay_transport = relay
relayhost =
relocated_maps =
remote_header_rewrite_domain =
resolve_null_domain = no
resolve_numeric_domain = no
rewrite_service_name = rewrite
sample_directory = /usr/share/doc/postfix/examples
send_cyrus_sasl_authzid = no
sender_bcc_maps =
sender_canonical_classes = envelope_sender, header_sender
sender_canonical_maps =
sender_dependent_relayhost_maps =
sendmail_path = /usr/sbin/sendmail
service_throttle_time = 60s
setgid_group = _postdrop
showq_service_name = showq
smtp_bind_address6 =
smtp_body_checks =
smtp_cname_overrides_servername = no
smtp_connect_timeout = 30s
smtp_connection_cache_destinations =
smtp_connection_cache_on_demand = yes
smtp_connection_cache_time_limit = 2s
smtp_connection_reuse_time_limit = 300s
smtp_data_done_timeout = 600s
smtp_data_init_timeout = 120s
smtp_data_xfer_timeout = 180s
smtp_defer_if_no_mx_address_found = no
smtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
smtp_destination_concurrency_limit = $default_destination_concurrency_limit
smtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
smtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
smtp_destination_rate_delay = $default_destination_rate_delay
smtp_destination_recipient_limit = $default_destination_recipient_limit
smtp_discard_ehlo_keyword_address_maps =
smtp_discard_ehlo_keywords =
smtp_enforce_tls = no
smtp_fallback_relay = $fallback_relay
smtp_generic_maps =
smtp_header_checks =
smtp_helo_name = $myhostname
smtp_helo_timeout = 300s
smtp_host_lookup = dns
smtp_initial_destination_concurrency = $initial_destination_concurrency
smtp_line_length_limit = 990
smtp_mail_timeout = 300s
smtp_mime_header_checks =
smtp_mx_address_limit = 5
smtp_mx_session_limit = 2
smtp_nested_header_checks =
smtp_pix_workaround_delay_time = 10s
smtp_pix_workaround_maps =
smtp_pix_workaround_threshold_time = 500s
smtp_pix_workarounds = disable_esmtp,delay_dotcrlf
smtp_quit_timeout = 300s
smtp_quote_rfc821_envelope = yes
smtp_rcpt_timeout = 300s
smtp_rset_timeout = 20s
smtp_sasl_auth_cache_name =
smtp_sasl_auth_cache_time = 90d
smtp_sasl_auth_soft_bounce = yes
smtp_sasl_mechanism_filter =
smtp_sasl_password_maps =
smtp_sasl_path =
smtp_sasl_security_options = noplaintext, noanonymous
smtp_sasl_tls_security_options = $smtp_sasl_security_options
smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
smtp_sasl_type = cyrus
smtp_send_xforward_command = no
smtp_sender_dependent_authentication = no
smtp_starttls_timeout = 300s
smtp_tls_CAfile =
smtp_tls_CApath =
smtp_tls_cert_file =
smtp_tls_dcert_file =
smtp_tls_dkey_file = $smtp_tls_dcert_file
smtp_tls_enforce_peername = yes
smtp_tls_exclude_ciphers =
smtp_tls_fingerprint_cert_match =
smtp_tls_fingerprint_digest = md5
smtp_tls_key_file = $smtp_tls_cert_file
smtp_tls_loglevel = 0
smtp_tls_mandatory_ciphers = medium
smtp_tls_mandatory_exclude_ciphers =
smtp_tls_mandatory_protocols = SSLv3, TLSv1
smtp_tls_note_starttls_offer = no
smtp_tls_per_site =
smtp_tls_policy_maps =
smtp_tls_scert_verifydepth = 9
smtp_tls_secure_cert_match = nexthop, dot-nexthop
smtp_tls_security_level =
smtp_tls_session_cache_database =
smtp_tls_session_cache_timeout = 3600s
smtp_tls_verify_cert_match = hostname
smtp_use_tls = no
smtp_xforward_timeout = 300s
smtpd_authorized_verp_clients = $authorized_verp_clients
smtpd_authorized_xclient_hosts =
smtpd_authorized_xforward_hosts =
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_count_limit = 50
smtpd_client_connection_rate_limit = 0
smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks}
smtpd_client_message_rate_limit = 0
smtpd_client_new_tls_session_rate_limit = 0
smtpd_client_port_logging = no
smtpd_client_recipient_rate_limit = 0
smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated reject_rbl_client zen.spamhaus.org permit
smtpd_data_restrictions =
smtpd_delay_open_until_valid_rcpt = yes
smtpd_discard_ehlo_keyword_address_maps =
smtpd_discard_ehlo_keywords =
smtpd_end_of_data_restrictions =
smtpd_enforce_tls = yes
smtpd_error_sleep_time = 1s
smtpd_etrn_restrictions =
smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghi jklmnopqrstuvwxyz{|}~
smtpd_forbidden_commands = CONNECT GET POST
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_helo_hostname reject_non_fqdn_helo_hostname
smtpd_history_flush_threshold = 100
smtpd_junk_command_limit = 100
smtpd_milters =
smtpd_noop_commands =
smtpd_null_access_lookup_key = <>
smtpd_peername_lookup = yes
smtpd_policy_service_max_idle = 300s
smtpd_policy_service_max_ttl = 1000s
smtpd_policy_service_timeout = 100s
smtpd_proxy_ehlo = $myhostname
smtpd_proxy_filter =
smtpd_proxy_timeout = 100s
smtpd_pw_server_security_options = cram-md5
smtpd_recipient_limit = 1000
smtpd_recipient_overshoot_limit = 1000
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination check_policy_service unix:private/policy permit
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = no
smtpd_restriction_classes =
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_exceptions_networks =
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = cyrus
smtpd_sender_login_maps =
smtpd_sender_restrictions =
smtpd_soft_error_limit = 10
smtpd_starttls_timeout = 300s
smtpd_timeout = 300s
smtpd_tls_CAfile = /etc/certificates/server.jbillings.net.0614D66F5D64A8714C5BD87DB26F4D5999C16541 .chain.pem
smtpd_tls_CApath =
smtpd_tls_always_issue_session_ids = yes
smtpd_tls_ask_ccert = no
smtpd_tls_auth_only = no
smtpd_tls_ccert_verifydepth = 9
smtpd_tls_cert_file = /etc/certificates/server.jbillings.net.0614D66F5D64A8714C5BD87DB26F4D5999C16541 .cert.pem
smtpd_tls_dcert_file =
smtpd_tls_dh1024_param_file =
smtpd_tls_dh512_param_file =
smtpd_tls_dkey_file = $smtpd_tls_dcert_file
smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
smtpd_tls_fingerprint_digest = md5
smtpd_tls_key_file = /etc/certificates/server.jbillings.net.0614D66F5D64A8714C5BD87DB26F4D5999C16541 .key.pem
smtpd_tls_loglevel = 0
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_exclude_ciphers =
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_received_header = no
smtpd_tls_req_ccert = no
smtpd_tls_security_level =
smtpd_tls_session_cache_database =
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_wrappermode = no
smtpd_use_pw_server = yes
smtpd_use_tls = yes
stale_lock_time = 500s
stress =
strict_mailbox_ownership = yes
syslog_facility = mail
syslog_name = postfix
tls_daemon_random_bytes = 32
tls_export_cipherlist = ALL:+RC4:@STRENGTH
tls_high_cipherlist = ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH
tls_low_cipherlist = ALL:!EXPORT:+RC4:@STRENGTH
tls_medium_cipherlist = ALL:!EXPORT:!LOW:+RC4:@STRENGTH
tls_null_cipherlist = eNULL:!aNULL
tls_random_bytes = 32
tls_random_exchange_name = ${data_directory}/prng_exch
tls_random_prng_update_period = 3600s
tls_random_reseed_period = 3600s
tls_random_source = dev:/dev/urandom
trace_service_name = trace
transport_maps =
transport_retry_time = 60s
trigger_timeout = 10s
undisclosed_recipients_header = To: undisclosed-recipients:;
unknown_address_reject_code = 450
unknown_client_reject_code = 450
unknown_hostname_reject_code = 450
unknown_local_recipient_reject_code = 550
unknown_relay_recipient_reject_code = 550
unknown_virtual_alias_reject_code = 550
unknown_virtual_mailbox_reject_code = 550
unverified_recipient_reject_code = 450
unverified_sender_reject_code = 450
use_getpwnam_ext = yes
use_od_delivery_path = no
verp_delimiter_filter = -=+
virtual_alias_domains = $virtual_alias_maps
virtual_alias_expansion_limit = 1000
virtual_alias_maps =
virtual_alias_recursion_limit = 1000
virtual_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
virtual_destination_concurrency_limit = $default_destination_concurrency_limit
virtual_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
virtual_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
virtual_destination_rate_delay = $default_destination_rate_delay
virtual_destination_recipient_limit = $default_destination_recipient_limit
virtual_gid_maps =
virtual_initial_destination_concurrency = $initial_destination_concurrency
virtual_mailbox_base =
virtual_mailbox_domains = $virtual_mailbox_maps
virtual_mailbox_limit = 51200000
virtual_mailbox_lock = fcntl, dotlock
virtual_mailbox_maps =
virtual_minimum_uid = 100
virtual_transport = virtual
virtual_uid_maps =
jbillings:~ sysadmin$ -
My apple id has been hacked. hacker has changed all information in the apple id so I can not change the password. Account information from the apple id created is still in my mail. How do I regain apple id. Thanks
Contact Apple support: Apple ID: Contacting Apple for help with Apple ID account security
-
My iPad has been hacked I cannot get into hotmail through mail also I get the apple message ,incorrect password even though this is correct what can I do
From your description it sounds like your Hotmail account was compromised. Does anyone else know the password and could they have changed it?
-
I believe my BlackBerry has been HACKED
This may sound crazy. I've been using Blackberry for 7 years and have never encountered something like this. I woke up to my alarm last week and as I reached for it I noticed a messaged had popped up on my screen that said "Your phone has been hacked" with an exclamation mark inside a Triangle beside it. I read the msg at the same moment I touched my phone to turn off my alarm and the message disapearred. Rubbing my eyes I thought I was seeing things.
Last night Microsoft outlook mailed me to inform me my account had been accessed from another country. I changed ALL my passwords immediately and ONLY entered the new passwords into my Blackberry to re-sync my accounts. An hour ago I just got an email from a different email account saying my other email had been accessed. But the ONLY place I'd entered the NEW password for this other email account had been on my blackberry. Whoever accessed my other account already had my NEW password, and the only place I entered that new password was on my blackberry device.
I now believe the message I saw on my phone that morning was actually there and I don't know what to do! Is it possible for a Blackberry to display that message to a user? Please help!If the messages are in your email, these are very common scams.
If you have a popup directly on your desktop of the Blackberry phone when not running an application this is very strange. This should never happen! If it is in an email, then it is obvious it is email content. If the popup is in a software then it is the software that is the problem.
If I was to see a popup on the desktop of a Blackberry device, I would wipe the phone and re-install the operating system. Using the Link software backup the user files first. If your data is not important you can skip the backup. First make sure your phone is synced with some type of service to preserve your email addresses. You can re-install the OS using the Link software. This is sort of a long process, but not too difficult to do.
I know a lot of people including myself who get these scams. I just hope you never answered to any of these, and NEVER clicked on any links and fill out their forms.
With your Blackberry phone, as long you use original Blackberry software and NEVER follow instrcutions from Scam email you should be safe. If you ever filled out any of these Scam forms you very quickly must change your passwords.
With your phone or computer NEVER open any emails, and especially attachments unless you are sure the source is safe.
The email services, financial services, operating systems services, and distributors will never send you emails asking about passwords and personal information. The only time you would receive an email from any of these services is if you solicited to have an email from them.
If you are installing Android software be cautious. Many Android programs can be a security issue with the phone. The whole idea of the Blackberry phone is for the security. Using Android software does add some risk.
I have been told the safest download sites are 1mobile and Amazon for Android programs to be used on the Blackberry phone. But, there are no absolute guarantees.
When I first got my Passport, I tried an Android software that looked interesting to me. I downloaded it from the Google server for Android programs. The phone started to work very slow, and the program was displaying banners on the screen when I was using the program. It was a free chess game. I tried to uninstall this game and it would not go out! I had a backup from before I installed this program. The best I could do to get rid of it was to wipe the phone and re-install the OS. This fixed it.
I hope all this helps you out. I am a user like anyone else, and when i have time I participate in these groups. In my family we have a lot of Blackberry phones. We like this phone a lot.
Jerry G. -
PLEASE HELP! How can I tell if my Imac has been hacked?
PLEASE HELP! How can I tell if my Imac has been hacked? I see a few people have asked this question but the responses tended to be advice on what to do once you've been hacked, not what can done to find out if you have been hacked. I have a late 2012 model imac. My sharing was off and remote logging was off. I use an external router that send wireless to about 4 consoles in the flat. I don't think I have any firewalls up (now looking like a mistake). I think I'm possibly being hacked due to abnormal behaviour and most recently my camera was turned off all day (no LED) then I went to record something on Photo Booth, the application popped up displaying an image of me getting dressed (nightmare!) which happened hours earlier when the camera was off. This image quickly then disappeared and the camera began working normally. Very strange and alarming. Please help me. Any advice would be very much appreciated. Thanks.
1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
Don't be put off merely by the seeming complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.
2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
3. Below are instructions to run a UNIX shell script, a type of program. All it does is to collect information about the state of the computer. That information goes nowhere unless you choose to share it. However, you should be cautious about running any kind of program (not just a shell script) at the behest of a stranger. If you have doubts, search this site for other discussions in which this procedure has been followed without any report of ill effects. If you can't satisfy yourself that the instructions are safe, don't follow them. Ask for other options.
Here's a summary of what you need to do, if you choose to proceed:
Copy a line of text in this window to the Clipboard.
Paste into the window of another application.
Wait for the test to run. It usually takes a few minutes.
Paste the results, which will have been copied automatically, back into a reply on this page.
The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
4. You may have started the computer in "safe" mode. Preferably, these steps should be taken in “normal” mode, under the conditions in which the problem is reproduced. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
5. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
6. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
Triple-click anywhere in the line of text below on this page to select it:
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(Software Hardware Memory Diagnostics Power FireWire Thunderbolt USB Fonts 51 4 1000 25 5120 KiB/s 1024 85 \\b%% 20480 1 MB/s 25000 ports 'com.autodesk.AutoCad com.evenflow.dropbox com.google.GoogleDrive' DYLD_INSERT_LIBRARIES\ DYLD_LIBRARY_PATH -86 ` route -n get default|awk '/e:/{print $2}' ` 25 N\\/A down up 102400 25600 recvfrom sendto CFBundleIdentifier 25 25 25 1000 MB );N5=${#p[@]};p[N5]=` networksetup -listnetworkserviceorder|awk ' NR>1 { sub(/^\([0-9]+\) /,"");n=$0;getline;} $NF=="'${p[26]}')" { sub(/.$/,"",$NF);print n;exit;} ' `;f=('\n%s: %s\n' '\n%s\n\n%s\n' '\nRAM details\n%s\n' %s\ %s '%s\n-\t%s\n' );S0() { echo ' { q=$NF+0;$NF="";u=$(NF-1);$(NF-1)="";gsub(/^ +| +$/,"");if(q>='${p[$1]}') printf("%s (UID %s) is using %s '${p[$2]}'",$0,u,q);} ';};s=(' /^ *$|CSConfigDot/d;s/^ */ /;s/[-0-9A-Fa-f]{22,}/UUID/g;s/(ochat)\.[^.]+(\..+)/\1\2/;/Shared/!s/\/Users\/[^/]+/~/g ' ' s/^ +//;5p;6p;8p;12p;' ' {sub(/^ +/,"")};NR==6;NR==13&&$2<'${p[10]} ' 1s/://;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: [^EO]|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[11]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' $0&&!/ / { n++;print;} END { if(n<200) print "com.apple.";} ' ' $3~/[0-9]:[0-9]{2}$/ { gsub(/:[0-9:a-f]{14}/,"");} { print|"tail -n'${p[12]}'";} ' ' NR==2&&$4<='${p[13]}' { print $4;} ' ' END { $2/=256;if($2>='${p[15]}') print int($2) } ' ' NR!=13{next};{sub(/[+-]$/,"",$NF)};'"`S0 21 22`" 'NR!=2{next}'"`S0 37 17`" ' NR!=5||$8!~/[RW]/{next};{ $(NF-1)=$1;$NF=int($NF/10000000);for(i=1;i<=3;i++){$i="";$(NF-1-i)="";};};'"`S0 19 20`" 's:^:/:p' '/\.kext\/(Contents\/)?Info\.plist$/p' 's/^.{52}(.+) <.+/\1/p' ' /Launch[AD].+\.plist$/ { n++;print;} END { if(n<200) print "/System/";} ' '/\.xpc\/(Contents\/)?Info\.plist$/p' ' NR>1&&!/0x|\.[0-9]+$|com\.apple\.launchctl\.(Aqua|Background|System)$/ { print $3;} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:[^:]+//p ' '/root/p' ' !/\/Contents\/.+\/Contents|Applic|Autom|Frameworks/&&/Lib.+\/Info.plist$/ { n++;print;} END { if(n<1000) print "/System/";} ' '/^\/usr\/lib\/.+dylib$/p' ' /Temp|emac/d;/(etc|Preferences)\//s/^\.\/[^/]+//p;' ' /\/(Contents\/.+\/Contents|Frameworks)\/|\.wdgt\/.+\.([bw]|plu)/d;p;' 's/\/(Contents\/)?Info.plist$//;p' ' { gsub("^| ","||kMDItem'${p[35]}'=");sub("^.."," ") };1 ' p '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[9]}'{$2=$2-1;print}' ' BEGIN { i="'${p[26]}'";M1='${p[16]}';M2='${p[18]}';M3='${p[31]}';M4='${p[32]}';} !/^A/ { next;} /%/ { getline;if($5<M1) a="user "$2"%, system "$4"%";} /disk0/&&$4>M2 { b=$3" ops/s, "$4" blocks/s";} $2==i { if(c) { d=$3+$4+$5+$6;next;};if($4>M3||$6>M4) c=int($4/1024)" in, "int($6/1024)" out";} END { if(a) print "CPU: "a;if(b) print "I/O: "b;if(c) print "Net: "c" (KiB/s)";if(d) print "Net errors: "d" packets/s";} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/ )||(/v6:/&&$2!~/A/ ) ' ' $1~"lR"&&$2<='${p[25]}';$1~"li"&&$3!~"wpa2";' ' BEGIN { FS=":";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]" "$1;b=b$1;} END { if(b) print("\n\t* Code injection");} ' ' NR!=4{next} {$NF/=10240} '"`S0 27 14`" ' END { if($3~/[0-9]/)print$3;} ' ' BEGIN { L='${p[36]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n [N/A]";"file -b "F|getline T;if(T!~/^(AS.+ (En.+ )?text$|POSIX sh.+ text ex)/) F=F" ("T")";printf("\nContents of %s\n%s\n",F,f);if(l>L) printf("\n ...and %s more line(s)\n",l-L);} ' ' /^ +[NP].+ =/h;/^( +D.+[{]|[}])/{ g;s/.+= //p;};' ' /^ +B/{ s/.+= |(-[0-9]+)?\.s.+//g;p;} ' ' END{print NR} ' ' /id: N|te: Y/{i++} END{print i} ' ' / / { print "'"${p[28]}"'";exit;};1;' '/ en/!s/\.//p' ' NR!=13{next};{sub(/[+-M]$/,"",$NF)};'"`S0 39 40`" ' $10~/\(L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9;} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?Info\.plist$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' 's/0/Off/p' );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps sudo\ crontab sudo\ iotop top pkgutil PlistBuddy whoami cksum kextstat launchctl sudo\ launchctl crontab 'sudo defaults read' stat lsbom mdfind ' for i in ${p[24]};do ${c1[18]} ${c2[27]} $i;done;' defaults\ read scutil sudo\ dtrace sudo\ profiles sed\ -En awk /S*/*/P*/*/*/C*/*/airport networksetup mdutil sudo\ lsof test );c2=(com.apple.loginwindow\ LoginHook '-c Print /L*/P*/loginw*' '-c Print L*/P*/*loginit*' '-c Print L*/Saf*/*/E*.plist' '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \)' '.??* -path .Trash -prune -o -type d -name *.app -print -prune' '-c Print\ :'${p[35]}' 2>&1' '-c Print\ :Label 2>&1' '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message Req 'Beac|caug|dead[^bl]|FAIL|fail|GPU |hfs: Ru|inval|jnl:|last value [1-9]|n Cause: -|NVDA\(|pagin|proc: t|Roamed|rror|ssert|Thrott|tim(ed? ?|ing )o|WARN' -k Message Rne 'Goog|ksadm|SMC:' -o -k Sender fseventsd -k Message Req 'SL' " '-du -n DEV -n EDEV 1 10' 'acrx -o comm,ruid,%cpu' '-t1 10 1' '-f -pfc /var/db/r*/com.apple.*.{BS,Bas,Es,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cgh] ! -name *ag \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true \) -execdir stat -f:%Sc:%N -t%F {} \;|sort -t: -k2 |tail -n'${p[38]} '-L {/{S*/,},}L*/Lau* -type f' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' '-L /S*/L*/{C*/Sec*A,E}* {/,}L*/{A*d,Ca*/*/Ex,Compon,Ex,In,iTu,Keyb,Mail/B,P*P,Qu*T,Scripti,Sec,Servi,Spo,Widg}* -type f -name Info.plist' '/usr/lib -type f -name *.dylib' `awk "${s[31]}"<<<${p[23]}` "/e*/{auto,{cron,fs}tab,hosts,{[lp],sy}*.conf,pam.d,ssh{,d}_config,*.local} {,/usr/local}/etc/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t .launchd.conf" list getenv /Library/Preferences/com.apple.alf\ globalstate --proxy '-n get default' -I --dns -getdnsservers\ "${p[N5]}" -getinfo\ "${p[N5]}" -P -m\ / '' -n1 '-R -l1 -n1 -o prt -stats command,uid,prt' '--regexp --only-files --files com.apple.pkg.*|sort|uniq' -kl -l -s\ / '-R -l1 -n1 -o mem -stats command,uid,mem' -i4TCP:0-1023 com.apple.dashboard\ layer-gadgets '-d /L*/Mana*/$USER&&echo On' '-app Safari WebKitDNSPrefetchingEnabled' );N1=${#c2[@]};for j in {0..8};do c2[N1+j]=SP${p[j]}DataType;done;N2=${#c2[@]};for j in 0 1;do c2[N2+j]="-n ' syscall::'${p[33+j]}':return { @out[execname,uid]=sum(arg0) } tick-10sec { trunc(@out,1);exit(0);} '";done;l=(Restricted\ files Hidden\ apps 'Elapsed time (s)' POST Battery Safari\ extensions Bad\ plists 'High file counts' User Heat System\ load boot\ args FileVault Diagnostic\ reports Log 'Free space (MiB)' 'Swap (MiB)' Activity 'CPU per process' Login\ hook 'I/O per process' Mach\ ports kexts Daemons Agents launchd Startup\ items Admin\ access Root\ access Bundles dylibs Apps Font\ issues Inserted\ dylibs Firewall Proxies DNS TCP/IP Wi-Fi Profiles Root\ crontab User\ crontab 'Global login items' 'User login items' Spotlight Memory Listeners Widgets Parental\ Controls Prefetching );N3=${#l[@]};for i in 0 1 2;do l[N3+i]=${p[5+i]};done;N4=${#l[@]};for j in 0 1;do l[N4+j]="Current ${p[29+j]}stream data";done;A0() { id -G|grep -qw 80;v[1]=$?;((v[1]==0))&&sudo true;v[2]=$?;v[3]=`date +%s`;clear >&-;date '+Start time: %T %D%n';};for i in 0 1;do eval ' A'$((1+i))'() { v=` eval "${c1[$1]} ${c2[$2]}"|'${c1[30+i]}' "${s[$3]}" `;[[ "$v" ]];};A'$((3+i))'() { v=` while read i;do [[ "$i" ]]&&eval "${c1[$1]} ${c2[$2]}" \"$i\"|'${c1[30+i]}' "${s[$3]}";done<<<"${v[$4]}" `;[[ "$v" ]];};A'$((5+i))'() { v=` while read i;do '${c1[30+i]}' "${s[$1]}" "$i";done<<<"${v[$2]}" `;[[ "$v" ]];};';done;A7(){ v=$((`date +%s`-v[3]));};B2(){ v[$1]="$v";};for i in 0 1;do eval ' B'$i'() { v=;((v['$((i+1))']==0))||{ v=No;false;};};B'$((3+i))'() { v[$2]=`'${c1[30+i]}' "${s[$3]}"<<<"${v[$1]}"`;} ';done;B5(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`grep -Fv "${v[$1]}"<<<"$v"`;};C0(){ [[ "$v" ]]&&echo "$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { v=`sed -E "$s"<<<"$v"`&&C1 1 $1;};for i in 1 2;do for j in 2 3;do eval D$i$j'(){ A'$i' $1 $2 $3; C'$j' $4;};';done;done;{ A0;A2 0 $((N1+1)) 2;C0;A1 0 $N1 1;C0;B0;C2 27;B0&&! B1&&C2 28;D12 15 37 25 8;A1 0 $((N1+2)) 3;C0;D13 0 $((N1+3)) 4 3;D23 0 $((N1+4)) 5 4;for i in 0 1 2;do D13 0 $((N1+5+i)) 6 $((N3+i));done;D13 1 10 7 9;D13 1 11 8 10;D22 2 12 9 11;D12 3 13 10 12;D23 4 19 44 13;D23 5 14 12 14;D22 6 36 13 15;D22 7 37 14 16;D23 8 15 38 17;D22 9 16 16 18;B1&&{ D22 11 17 17 20;for i in 0 1;do D22 28 $((N2+i)) 45 $((N4+i));done;};D22 12 44 54 45;D22 12 39 15 21;A1 13 40 18;B2 4;B3 4 0 19;A3 14 6 32 0;B4 0 5 11;A1 17 41 20;B7 5;C3 22;B4 4 6 21;A3 14 7 32 6;B4 0 7 11;B3 4 0 22;A3 14 6 32 0;B4 0 8 11;B5 7 8;B1&&{ A2 19 26 23;B7 7;C3 23;};A2 18 26 23;B7 7;C3 24;A2 4 20 21;B7 6;B2 9;A4 14 7 52 9;B2 10;B6 9 10 4;C3 25;D13 4 21 24 26;B4 4 12 26;B3 4 13 27;A1 4 22 29;B7 12;B2 14;A4 14 6 52 14;B2 15;B6 14 15 4;B3 0 0 30;C3 29;A1 4 23 27;B7 13;C3 30;D13 24 24 32 31;D13 25 37 32 33;A1 23 18 28;B2 16;A2 16 25 33;B7 16;B3 0 0 34;B2 21;A6 47 21&&C0;B1&&{ D13 21 0 32 19;D13 10 42 32 40;D22 29 35 46 39;};D23 14 1 48 42;D12 34 43 53 44;D22 0 $((N1+8)) 51 32;D13 4 8 41 6;D12 26 28 35 34;D13 27 29 36 35;A2 27 32 39&&{ B2 19;A2 33 33 40;B2 20;B6 19 20 3;};C2 36;D23 33 34 42 37;B1&&D23 35 45 55 46;D23 32 31 43 38;D12 36 47 32 48;D13 20 42 32 41;D13 14 2 48 43;D13 4 5 32 1;D22 4 4 50 0;D13 14 3 49 5;D12 26 48 59 49;B3 4 22 57;A1 26 46 56;B7 22;B3 0 0 58;C3 47;D23 22 9 37 7;A7;C2 2;} 2>/dev/null|pbcopy;exit 2>&-
Copy the selected text to the Clipboard by pressing the key combination command-C.
7. Launch the built-in Terminal application in any of the following ways:
Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
Open LaunchPad. Click Utilities, then Terminal in the icon grid.
Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
8. If you see an error message in the Terminal window such as "syntax error," enter
exec bash
and press return. Then paste the script again.
9. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, press the key combination control-C or just press return three times at the password prompt. Again, the script will still run.
If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
10. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, there will be nothing in the Terminal window and no indication of progress. Wait for the line
[Process completed]
to appear. If you don't see it within half an hour or so, the test probably won't complete in a reasonable time. In that case, close the Terminal window and report the results. No harm will be done.
11. When the test is complete, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
At the top of the results, there will be a line that begins with the words "Start Time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
12. When you post the results, you might see the message, "You have included content in your post that is not permitted." It means that the forum software has misidentified something in the post as a violation of the rules. If that happens, please post the test results on Pastebin, then post a link here to the page you created.
Note: This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I don't necessarily agree with them.
Copyright © 2014 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed. -
I have MacBook Pro Retinam Late 2013 running Yosemite 10.10.1. There is a vulnerability which Apple is working to fix in the next update. I fell victim to this by using the Search box to find something in my system. This opened my email, which left no protection! (Thanks very much, APPLE!). Hackers immediately invaded my system, stole my contacts and passwords. I called Yahoo and got my passwords changed, but KEYCHAIN has been hacked as well. ClamXav found 20 issues on my system! However, ClamXav only discovers the issues, does not fix or quarantine them.
I need a GOOD AV program. Can anyone suggest a program that could eradicate this malicious email invasion?For fastest, most efficient answers to questions such as this, visit the ClamXav Forum
pjscello1 wrote:
I have MacBook Pro Retinam Late 2013 running Yosemite 10.10.1. There is a vulnerability which Apple is working to fix in the next update. I fell victim to this by using the Search box to find something in my system. This opened my email, which left no protection! (Thanks very much, APPLE!). Hackers immediately invaded my system, stole my contacts and passwords.
The vulnerability you seem to be talking about only lets the sender know you have a valid e-mail address. It is not known to allow hackers to get into your computer in any way unless you gave them physical access or approved shared access over the network. If your contacts were compromised, chances are much greater that they were obtained from the account on Yahoo's server, which happens all the time. Changing your password is the correct solution to that.
I called Yahoo and got my passwords changed, but KEYCHAIN has been hacked as well.
What evidence do you have of that?
ClamXav found 20 issues on my system! However, ClamXav only discovers the issues, does not fix or quarantine them.
ClamXav will delete or quarantine any infected file, but you should never allow an A-V program to do that with e-mail as it will corrupt the mailbox index which could lead to several issues going forward. See Dealing with Infected Files. There is no such thing as fixing infected files on a Mac. They are either malware and need to be deleted or safe files.
Again, you can get much better information on the Forum if you will post more information about what was found where using the following procedure:
To get detailed infomation on what ClamXav has found, after completing the scan, click in the top pane of the ClamXav window where it shows the Infection / File Name / Status to make sure it's in front and type the key combinations <Command>-A, <Command>-C (or choose "Select-All", "Copy" from the "Edit" menu) to copy the information to your clipboard, then come back here and type <Command>-V or choose "Paste" to show us what was found where. -
Help! PayPal says my ipad has a virus - I have been hacked twice in 24hrs and used the ipad to access my account and change all my security settings each time but they have accessed my account again. How do you check for viruses??
As has been said, there is no malware currently capable of infecting an iOS device, unless it has been jailbroken. So that's not a likely possibility.
There are several others, though. The most likely is that either you are falling for phishing scams, or your DNS server has been poisoned and is directing you to a phony PayPal site. Either way, you're ending up at a fake PayPal site.
If you haven't clicked on links in any PayPal e-mails recently, then download a copy of NSLookup (free) on the App Store, then do a lookup for paypal.com. What IP address comes up? I believe that the result should be somewhere in the range 66.211.160.0 - 66.211.191.255. -
How can I make my Apple ID security? It has been hacked three times in a week!
Just in a week, I found my apple id(this id) has been hacked for three times!
When I was trying to login in to the ITunes Connect, it returned following error,
Your Apple ID or password was entered incorrectly.
I'm sure I entered the password correctly that I checked it many times and it's never happens before. So every time it happens, I use the forget password tool to reset the password. Just in a week, the incorrect password occurred 3 TIMES and I have reseted my password 3 TIMES to get control back.
I'm a developer so first time it happens I did aware of there might be hacker. So I cleared all password cache in my machine, scan virus and reset the password of Apple ID and my mailbox in a more complex letters.
However, ever I did so, my password still goes wrong and the error happens again and again.
And one thing I can't understand in this story is,
- Every time I reset my password I got an email notification, it always works, during my 3 resets.
- When my password is hacked (I can just assume it's a hack), there's no email notification. I can almost sure the email is not deleted, because no matter how fast it's delete, my mobile should receive a popup anyway.
Now I have tried everything I can but my account is still not safe. I want report this issue to Apple that they can figure out the problem, to avoid a bigger security disaster. But I could not find a contact from apple for this problem, I sent a mail [email protected] but no reply. It's so terrible...
So i ask for help in this forum, I'd appreciate if anybody can help either security suggestion to me or help find the contact of apple.account disabled for security reasons: http://support.apple.com/en-us/TS2446
-
Please Help!!! My friend Account has been hacked.
Please Help!!! My friend Account has been hacked, and mail too, so we can't change passowrd. we don't know what to do. For now we want Skype team to block that accaount. How it is possible?
AmonRa-88 wrote:
Please Help!!! My friend Account has been hacked, and mail too, so we can't change passowrd. we don't know what to do. For now we want Skype team to block that accaount. How it is possible?
ask them to open the link below to report their hacked/stolen account. Select Security and Privacy as Help Topic and Identity Theft/Account Takeover as the Related Problem. Then Click the Continue Support Request button near at the bottom of the page.
https://support.skype.com/en/support_request?needsLogin=false&topic=****************241&problem=****...
IF YOU FOUND OUR POST USEFUL THEN PLEASE GIVE "KUDOS". IF IT HELPED TO FIX YOUR ISSUE PLEASE MARK IT AS A "SOLUTION" TO HELP OTHERS. THANKS!
ALTERNATIVE SKYPE DOWNLOAD LINKS | HOW TO RECORD SKYPE VIDEO CALLS | HOW TO HANDLE SUSPICIOS CALLS AND MESSAGES
SEE MORE TIPS, TRICKS, TUTORIALS AND UPDATES in
| skypefordummies.blogspot.com | -
Cannot Get Mail - Mail app has been frozen, no new downloads, since 7/14.
My mail app has been frozen since 7/14, and usually it just says it was updated on 7/2/14. However, occasionally, it gives me the message: "The mail server 'imap.gmail.com' is not responding. Verify that you have entered the correct account info in Mail settings."
Needless to say, I have done this. I have quit the app many times, reset the iPad, and finally last night I broke down and downloaded the 8.3 update (I was using 7.something before), and I am STILL getting this message and no new emails!
I can check on my phone and computer browsers just fine. Is there something I'm missing here? Really appreciate any help anyone can give. I finally got fed up not having this functionality.
THANK YOU!!!!I should mention the only other idea I've had is to delete my gmail account from my mail app, and re-add it later?
-
My premium account has been hacked, please help ASAP!
Apparently my Spotify account has been hacked last night and the password & email address have been changed so I can't reset my password. My hacked account is "mrouhiai" I created this new account "mrouhiai_2" to post this message to this forum. I have never shared my account with anyone, and my email has not been compromised. I can prove my identity in many ways if necessary. This new account I've just created is using my old email from the original account. You should be able to verify these details easily. Case #: 03363771
Same here, today somebody changed my account norre01 e.mail address. Now it is [email protected] and I can't reset my password anymore (I tried, didn't got any e-mail). I still can access my account through Facebook login I changed my FB password, their security check didn't find any abnormal activity on my FB account.I sent also message to Customer Support, but probably it takes time. Kind regards PS! Off-topic question; is it possible to recover people/artist whom i following list?
-
Mail account has been disabled, it's my primary ac...
Hi all,
I carried out a vigorous search before posting!
Issue:
I logged into our primary BT account (which was fine, no issues there; aware of outage today etc); upon clicking on the mail icon I was met with the below message:
Your Yahoo! Mail Account is no longer active.
Unfortunately, we cannot reactivate your account because:
Your Yahoo! Mail account has been disabled. Please contact user support.
Reasons why this may have happened:
It may have been as a result of not using/sending emails from the account within a given period of time. We hardly use the primary address email; it usually only receives BT offers and BT warnings about usage! The disablement is not as a result of hacking and I’m not aware we broke any yahoo mail rules as it’s barely used!
Worries:
I’ve tried with no luck to raise this with yahoo and I’m beginning to feel a little disheartened at the lack of support from Yahoo and everything associated!
The email acts as our primary account, without it I won’t receive emails re: usage warnings, offers etc and if I need to verify something I won’t be able to!
I could create a sub account but it won’t receive the same emails as the primary account.
More worries:
I’m also worried the email primary email will eventually disappear because after a period of time you can’t reactivate a yahoo mail account, and then I’ll be met with an even bigger problem...
Anyone had this issue or be able to provide support and/or advice? Just to clarify, no problem logging in, that's fine; can do everything else, we just can't access the yahoo mail account!
Many thanks,
Officeworker.If you would like to contact one of the UK based BT Care Team who moderate this forum, they may be able to help you.
They can be contacted using this link BT Care Team
They normally respond by phone or e-mail, within three working days, however you should get an immediate confirmation, with a tracking number.
There are some useful help pages here, for BT Broadband customers only, on my personal website.
BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones. -
HT4865 My mac.me account has been hacked. What do I need to do?
I have received the following message notification report. Since I never sent the email I guess my account has been hacked. I have changed my password but assume this isn't enough to protect my account. Thanks for your prompt advice
Your message cannot be delivered to the following recipients:
Recipient address:
Reason: SMTP transmission failure has occurred
Diagnostic code: smtp;554 5.7.1 Message rejected under suspicion of SPAM FOCwxntfL1-FQH0D19m
Remote system: dns;mx.yandex.ru (TCP|17.172.81.0|42863|93.158.134.89|25) (mxfront6m.mail.yandex.net [Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru])
Recipient address:
Reason: SMTP transmission failure has occurred
Diagnostic code: smtp;554 5.7.1 Message rejected under suspicion of SPAM FOCwxntfL1-FQH0D19m
Remote system: dns;mx.yandex.ru (TCP|17.172.81.0|42863|93.158.134.89|25) (mxfront6m.mail.yandex.net [Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru])
<Email Edited by Host>That does not mean your account has been hacked.
All it means is that some spammer has attached your email address to some email he sent. That is incredibly easy to do (just change the From: address) and does not require access to your account.
Spammers do this all the time. There's nothing you can do about it. Just delete the bounced emails and it will subside when the spammers move on to other email addresses.
Maybe you are looking for
-
I ONLY WANT TO DOWNLOAD ACROBAT FOR PDF FILES, BUT WHENEVER I TRY, IT DOES NOT ACCEPT MY PASSWORD WHICH I HAVE CHANGED RECENTLY...?!!!
-
i have uninstalled file on ovi from mobile. where to download it again?
-
how do i deploy an application so that they are executable when i just double click them....i've tried jar files but i need to type the command in the command line to execute them...
-
My Safari preferences menu does not show "security"
My Safari preferences menu does not show the option Security (only lettering types) wahat do I have to do?
-
DSO Activation duration / monitoring
Hi, in english: During the activation-process I like to know how long the rest of the activation process will last. This should be displayed either in percentage of the total amount or in minutes or hours. I found a couple of similar questions in the