Starting today I have some trouble with some error 451 messages from postfix similar to these here. I have Plesk 9.3.0 and I don't find the segfaults in the logs thus I think it's something different.
However, in the process of troubleshooting I found something which I think is odd. Checking the postfix-queue executable in /usr/lib/plesk-9.0 I found this:
I have checked all logs and crontabs and the only thing running at 15:52 was backupmng. So it seems as if backupmng created a new executable postfix-queue??? Can that be? Does that make any sense?
Why would backupmng create a new postfix-queue?
And more important where would it get it from? It's an executable thus backupmng would have to run a compiler to create it...
Or is the server compromised?
Thanks, Gerald
However, in the process of troubleshooting I found something which I think is odd. Checking the postfix-queue executable in /usr/lib/plesk-9.0 I found this:
# ls -la postfix-queue*
-r-xr-x--- 1 mhandlers-user popuser 78278 Mar 18 15:52 postfix-queue
-r-xr-x--- 1 mhandlers-user root 64548 Dec 30 02:52 postfix-queue.backup-2010-03-18-1552
# file postfix-queue*
postfix-queue: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.0, dynamically linked (uses shared libs), for GNU/Linux 2.2.0, not stripped
postfix-queue.backup-2010-03-18-1552: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.0, dynamically linked (uses shared libs), for GNU/Linux 2.2.0, stripped
I have checked all logs and crontabs and the only thing running at 15:52 was backupmng. So it seems as if backupmng created a new executable postfix-queue??? Can that be? Does that make any sense?
Why would backupmng create a new postfix-queue?
And more important where would it get it from? It's an executable thus backupmng would have to run a compiler to create it...
Or is the server compromised?
Thanks, Gerald