ACTIVE SYSTEM ATTACK!
Posted: Mon Feb 05, 2007 2:47 pm
I am getting an email from root every half hour entitled "ACTIVE SYSTEM ATTACK!". Here is a part of the email:
****************************
Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Feb 5 13:00:05 scalix sendmail[15304]: l15I02OS015304: Milter change: header Subject: from scalix 02/05/07:13.00 ACTIVE SYSTEM ATTACK! to [SPAM] scalix 02/05/07:13.00 ACTIVE SYSTEM ATTACK!
Security Violations
=-=-=-=-=-=-=-=-=-=
Feb 5 13:00:04 scalix spamd[1904]: locker: safe_lock: cannot create tmp lockfile /etc/mail/spamassassin/auto_whitelist.lock.scalix.askbta.com.1904 for /etc/mail/spamassassin/auto_whitelist.lock: Permission denied Feb 5 13:00:04 scalix spamd[1904]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /etc/mail/spamassassin/auto_whitelist.lock.scalix.askbta.com.1904 for /etc/mail/spamassassin/auto_whitelist.lock: Permission denied Feb 5 13:00:04 scalix spamd[1904]: spamd: result: Y 6 - BAD_CREDIT,SPF_HELO_PASS,SPF_PASS,URIBL_JP_SURBL,URIBL_OB_SURBL scantime=2.1,size=63780,user=root,uid=502,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=44658,mid=<200702051800.l15I02mZ015301@scalix.askbta.com>,autolearn=no
Feb 5 13:00:05 scalix sendmail[15304]: l15I02OS015304: Milter add: header: X-Spam-Status: Yes, score=6.1 required=5.0 tests=BAD_CREDIT,SPF_HELO_PASS,\n\tSPF_PASS,URIBL_JP_SURBL,URIBL_OB_SURBL autolearn=no version=3.1.7
Feb 5 13:00:05 scalix sendmail[15304]: l15I02OS015304: Milter add: header: X-Spam-Report: \n\t* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record\n\t* -0.0 SPF_PASS SPF: sender matches SPF record\n\t* 0.1 BAD_CREDIT BODY: Eliminate Bad Credit\n\t* 3.4 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist\n\t* [URIs: quickworm.com]\n\t* 2.6 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist\n\t* [URIs: quickworm.com]
Feb 5 13:00:05 scalix sendmail[15304]: l15I02OS015304: Milter change: header Subject: from scalix 02/05/07:13.00 ACTIVE SYSTEM ATTACK! to [SPAM] scalix 02/05/07:13.00 ACTIVE SYSTEM ATTACK!
Feb 5 13:00:48 scalix spamd[1904]: locker: safe_lock: cannot create tmp lockfile /etc/mail/spamassassin/auto_whitelist.lock.scalix.askbta.com.1904 for /etc/mail/spamassassin/auto_whitelist.lock: Permission denied Feb 5 13:00:48 scalix spamd[1904]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /etc/mail/spamassassin/auto_whitelist.lock.scalix.askbta.com.1904 for /etc/mail/spamassassin/auto_whitelist.lock: Permission denied Feb 5 13:00:48 scalix spamd[1904]: bayes: locker: safe_lock: cannot create tmp lockfile /etc/mail/spamassassin/bayes.lock.scalix.askbta.com.1904 for /etc/mail/spamassassin/bayes.lock: Permission denied Feb 5 13:00:48 scalix spamd[1904]: spamd: result: Y 12 - RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK,RCVD_IN_DSBL,RCVD_IN_NJABL_PROXY,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,SPF_HELO_PASS,SPF_PASS,TVD_ENVFROM_APOST scantime=3.3,size=2392,user=hdreckmann,uid=502,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=44672,mid=<01c7494f$83f95cb0$6c822ecf@legalese'ssociability>,autolearn=failed
*****************************
HELP!!!
****************************
Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Feb 5 13:00:05 scalix sendmail[15304]: l15I02OS015304: Milter change: header Subject: from scalix 02/05/07:13.00 ACTIVE SYSTEM ATTACK! to [SPAM] scalix 02/05/07:13.00 ACTIVE SYSTEM ATTACK!
Security Violations
=-=-=-=-=-=-=-=-=-=
Feb 5 13:00:04 scalix spamd[1904]: locker: safe_lock: cannot create tmp lockfile /etc/mail/spamassassin/auto_whitelist.lock.scalix.askbta.com.1904 for /etc/mail/spamassassin/auto_whitelist.lock: Permission denied Feb 5 13:00:04 scalix spamd[1904]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /etc/mail/spamassassin/auto_whitelist.lock.scalix.askbta.com.1904 for /etc/mail/spamassassin/auto_whitelist.lock: Permission denied Feb 5 13:00:04 scalix spamd[1904]: spamd: result: Y 6 - BAD_CREDIT,SPF_HELO_PASS,SPF_PASS,URIBL_JP_SURBL,URIBL_OB_SURBL scantime=2.1,size=63780,user=root,uid=502,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=44658,mid=<200702051800.l15I02mZ015301@scalix.askbta.com>,autolearn=no
Feb 5 13:00:05 scalix sendmail[15304]: l15I02OS015304: Milter add: header: X-Spam-Status: Yes, score=6.1 required=5.0 tests=BAD_CREDIT,SPF_HELO_PASS,\n\tSPF_PASS,URIBL_JP_SURBL,URIBL_OB_SURBL autolearn=no version=3.1.7
Feb 5 13:00:05 scalix sendmail[15304]: l15I02OS015304: Milter add: header: X-Spam-Report: \n\t* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record\n\t* -0.0 SPF_PASS SPF: sender matches SPF record\n\t* 0.1 BAD_CREDIT BODY: Eliminate Bad Credit\n\t* 3.4 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist\n\t* [URIs: quickworm.com]\n\t* 2.6 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist\n\t* [URIs: quickworm.com]
Feb 5 13:00:05 scalix sendmail[15304]: l15I02OS015304: Milter change: header Subject: from scalix 02/05/07:13.00 ACTIVE SYSTEM ATTACK! to [SPAM] scalix 02/05/07:13.00 ACTIVE SYSTEM ATTACK!
Feb 5 13:00:48 scalix spamd[1904]: locker: safe_lock: cannot create tmp lockfile /etc/mail/spamassassin/auto_whitelist.lock.scalix.askbta.com.1904 for /etc/mail/spamassassin/auto_whitelist.lock: Permission denied Feb 5 13:00:48 scalix spamd[1904]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /etc/mail/spamassassin/auto_whitelist.lock.scalix.askbta.com.1904 for /etc/mail/spamassassin/auto_whitelist.lock: Permission denied Feb 5 13:00:48 scalix spamd[1904]: bayes: locker: safe_lock: cannot create tmp lockfile /etc/mail/spamassassin/bayes.lock.scalix.askbta.com.1904 for /etc/mail/spamassassin/bayes.lock: Permission denied Feb 5 13:00:48 scalix spamd[1904]: spamd: result: Y 12 - RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK,RCVD_IN_DSBL,RCVD_IN_NJABL_PROXY,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,SPF_HELO_PASS,SPF_PASS,TVD_ENVFROM_APOST scantime=3.3,size=2392,user=hdreckmann,uid=502,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=44672,mid=<01c7494f$83f95cb0$6c822ecf@legalese'ssociability>,autolearn=failed
*****************************
HELP!!!