MRatWork Forum by Mustafa Ramadhan

Sawo Project - Kloxo-MR Discussions => Kloxo-MR Bugs and Requests => Topic started by: Spacedust on 2014-04-14, 23:06:02

Title: /script/fixmail starts itself ?!
Post by: Spacedust on 2014-04-14, 23:06:02

Why is this happening ?

It's very scary that fix processes are being started without knowledge of admin ...

Title: Re: /script/fixmail starts itself ?!
Post by: MRatWork on 2014-04-15, 03:14:23

What's action before you found fixmail start?.

Title: Re: /script/fixmail starts itself ?!
Post by: Kloxo-DR on 2014-04-15, 08:52:36

Hi,

I tried to track a similar problem by making observation in csf a change of /home/vpopmail/etc/vpopmail.mysql. Then I knew precisely if that got changed and when.

I have a cron to reset the pass at a certain odd time.

When I receive an email from csf for that time, I know that it was by my cron. If not, then there is a problem that a trojaner exists the system, most likely that got through any of weak scripts residing on the server.

Title: Re: /script/fixmail starts itself ?!
Post by: Spacedust on 2014-04-15, 09:35:19

My customer got a message from Afterlogic that his account was full so he was trying to remove some junk mail then something started /script/fixmail-all....

Title: Re: /script/fixmail starts itself ?!
Post by: Kloxo-DR on 2014-04-15, 10:53:33

Hi Spacedust,

I can only shiver on what you are writing and hope that it is all wrong what you are saying!

How can it be that a script from a local directory be able to execute a fix script? That means that there was come code in the email ASCII file under email/inbox that could be executed by qmail spawn script, right?

Grrrr, thats really scary to hear...