QMAIL recordio possible exploit???

[chrisf]

I am not saying there is an exploit, I am asking if this could be?  And if not what is it doing?  I am not familiar wth recordio, however upon google it states it will show passwords and everything - so...

Why is recordio sending data to China? I am in US. Why is
recordio sending data anywhere?
Is this an exploit? PLEASE advise.

Time: Tue Jul 23 19:43:16 2013 -0400
PID: 16319 (Parent PID:16318)
Account: qmaild
Uptime: 206 seconds

Executable:
/usr/bin/recordio

Command Line (often faked in exploits):
/usr/bin/recordio /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true

Network connections by the process (if any):
tcp: (my ip masked) -> 14.222.46.214:4840
tcp: (my ip masked) -> 14.222.46.214:4840

Files open by the process (if any):
Memory maps by the process (if any):
00400000-00404000 r-xp 00000000 08:05 22156468
/usr/bin/recordio
00603000-00604000 rw-p 00003000 08:05 22156468
/usr/bin/recordio
00604000-00605000 rw-p 00000000 00:00 0
7f68c76b6000-7f68c7840000 r-xp 00000000 08:05 23341174
/lib64/libc-2.12.so
7f68c7840000-7f68c7a3f000 ---p 0018a000 08:05 23341174
/lib64/ libc-2.12.so
7f68c7a3f000-7f68c7a43000 r--p 00189000 08:05 23341174
/lib64/ libc-2.12.so
7f68c7a43000-7f68c7a44000 rw-p 0018d000 08:05 23341174
/lib64/ libc-2.12.so
7f68c7a44000-7f68c7a49000 rw-p 00000000 00:00 0
7f68c7a49000-7f68c7a69000 r-xp 00000000 08:05 23338624
/lib64/ ld-2.12.so
7f68c7c5c000-7f68c7c5f000 rw-p 00000000 00:00 0
7f68c7c67000-7f68c7c68000 rw-p 00000000 00:00 0
7f68c7c68000-7f68c7c69000 r--p 0001f000 08:05 23338624
/lib64/ ld-2.12.so
7f68c7c69000-7f68c7c6a000 rw-p 00020000 08:05 23338624
/lib64/ ld-2.12.so
7f68c7c6a000-7f68c7c6b000 rw-p 00000000 00:00 0
7fffefda0000-7fffefdb5000 rw-p 00000000 00:00 0
[stack]
7fffefdcb000-7fffefdcd000 r-xp 00000000 00:00 0
[vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
[vsyscall]

I am just overly concerned - if you know what is going on please let me know?  SHOULD I disable recordio?  Will logs still be wrote for qmailtoaster?

Please advise as soon as possible.

Thank you

[MRatWork]

No action for recordio except to make 'more information' for send/smtp log. You can see related to mail process in 'mail log' of 'log manager'.

This is information for someone try to use my server to send their mail:

Code: [Select]

Jul 24 12:39:16 web301 smtp: 1374683956.695032 17283 > 250-server.web301.potissima.com - Welcome to Qmail?
Jul 24 12:39:16 web301 smtp: 1374683956.695049 17283 > 250-STARTTLS?
Jul 24 12:39:16 web301 smtp: 1374683956.695062 17283 > 250-PIPELINING?
Jul 24 12:39:16 web301 smtp: 1374683956.695075 17283 > 250-8BITMIME?
Jul 24 12:39:16 web301 smtp: 1374683956.695091 17283 > 250-SIZE 20971520?
Jul 24 12:39:16 web301 smtp: 1374683956.695123 17283 > 250 AUTH LOGIN PLAIN CRAM-MD5?
Jul 24 12:39:16 web301 smtp: 1374683956.732430 17283 < MAIL FROM:<part1.05040102.05030301kfusg@adrianschild.ch>?
Jul 24 12:39:16 web301 smtp: 1374683956.732472 17283 < RCPT TO:<part1.05040102.05030301@bigraf.com>?
Jul 24 12:39:16 web301 smtp: 1374683956.732495 17283 < DATA?
Jul 24 12:39:16 web301 smtp: 1374683956.732531 CHKUSER accepted sender: from <part1.05040102.05030301kfusg@adrianschild.ch::> remote <dsldevice.lan:unknown:77.60.194.206> rcpt <> : sender accepted
Jul 24 12:39:16 web301 smtp: 1374683956.869080 CHKUSER rejected relaying: from <part1.05040102.05030301kfusg@adrianschild.ch::> remote <dsldevice.lan:unknown:77.60.194.206> rcpt <part1.05040102.05030301@bigraf.com> : client not allowed to relay
Jul 24 12:39:17 web301 smtp: 1374683957.870028 17283 > 250 ok?
Jul 24 12:39:17 web301 smtp: 1374683957.870108 17283 > 553 5.7.1 sorry, that domain isn't in my list of allowed rcpthosts (chkuser)?
Jul 24 12:39:17 web301 smtp: 1374683957.870131 17283 > 503 RCPT first (#5.5.1)?
Jul 24 12:39:17 web301 smtp: 1374683957.908340 17283 < QUIT?
Jul 24 12:39:17 web301 smtp: 1374683957.908549 tcpserver: end 17283 status 0
Jul 24 12:39:17 web301 smtp: 1374683957.908615 tcpserver: status: 0/100
Jul 24 12:39:17 web301 smtp: 1374683957.908642 17283 < [EOF]
Jul