On Wed, Apr 28, 2010 at 11:49:59AM +1000, Puthick Hok wrote:
> Apr 27 22:06:51 server_name postfix/smtpd: 355FBC62F8:
> Apr 27 22:06:51 server_name postfix/cleanup: 355FBC62F8:
> Apr 27 22:06:51 server_name postfix/qmgr: 355FBC62F8:
> from=<spamer@...>, size=13220, nrcpt=1 (queue active)
> Apr 27 12:07:07 server_name postfix/smtp: 355FBC62F8:
> to=<recipient@...>, relay=127.0.0.1[127.0.0.1],
> delay=17, status=sent (250 2.6.0 Ok, id=13795-02, from MTA: 250
> Ok: queued as AD7B8C5CF6)
> Apr 27 22:07:07 server_name postfix/qmgr: 355FBC62F8:
> If you look at 'smtp' records, the time is recorded there is
> without the timezone being applied.
This is a common sign of running smtp(8) in an incomplete chroot
environment. What it appears to be missing is the etc/localtime or
other such file to tell your system libraries what the timezone
Postfix source is shipped to not run chrooted by default. Your
distributor changed this default. Read their documentation as was
provided with the Postfix package.
> I would like to make sure that this is not a sign of the server
> being compromised.
That should never be your first thought as an administrator. I've
dealt with three actual compromises, and even then, it wasn't my
first thought; I checked out other possibilities first. I've seen
hundreds of things that I didn't understand, and when I get curious
about it, THAT is what I think: "I don't understand this." Try to
protect your sanity by not jumping to this conclusion so easily.
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header