My FC3 machine appears to be compromised, please help

Paul Howarth paul at
Thu Apr 6 12:29:52 UTC 2006

Bob Brennan wrote:
> On 4/6/06, Paul Howarth <paul at> wrote:
>> Somebody has probably changed a DNS entry for so that
>> instead of or as well as A/MX records, there's a:
>> record. Sendmail properly rewrites addresses for to
>> during the address
>> canonicalisation stage in this case.
>> Paul.
> All of my DNS entries for all of my domains are managed at
> (literally) and I have checked that everything on their
> DNS server is correct and there are no canonical entries. The refused
> email is being delivered correctly to my own server, so their DNS
> records must be correct.
> However it is within my own server that things are going wrong. I do
> not have an active DNS server but use the "hosts" file instead. The
> hosts file is accurate and unchanged.
> As I said earlier I searched all files in /etc/ for any entries that
> might rewrite anything to or even contain the words
> and found nothing.
> Is there any other information I can give or look for that might help
> narrow this down? Or tests I can do? Or clever magical incantation
> command lines I can try?

Try DNS lookups for your domain on your machine:

$ dig mx
$ dig mx

If you gave the real domain name(s) it might help too as we can see what 
DNS lookups from outside your network are like.


More information about the users mailing list