OTRS sent email from unkown address
Moderator: crythias
OTRS sent email from unkown address
Dear all,
My first post here on Forum, so I hope learning a few things with you guys.
I have a CentOS box with OTRS on it and is being working non stop since last year.
I noticed on our exchange on-premisse that is working now only as relay as we got into Cloud, that ORTS tried to send an email from an unknown address ( rachidaboutalib@tigha-haderdima.net) Well don't know what it is and I'm expecting some help here on the Forum.
I have installed a few extra packages last month and maybe it was the reason?
I'm attaching a few images so you can see what I'm talking about. I have searched here on Forum and haven't found any similar.
Cheers
Orlando
My first post here on Forum, so I hope learning a few things with you guys.
I have a CentOS box with OTRS on it and is being working non stop since last year.
I noticed on our exchange on-premisse that is working now only as relay as we got into Cloud, that ORTS tried to send an email from an unknown address ( rachidaboutalib@tigha-haderdima.net) Well don't know what it is and I'm expecting some help here on the Forum.
I have installed a few extra packages last month and maybe it was the reason?
I'm attaching a few images so you can see what I'm talking about. I have searched here on Forum and haven't found any similar.
Cheers
Orlando
You do not have the required permissions to view the files attached to this post.
Re: OTRS sent email from unkown address
No one to help?
-
- Znuny guru
- Posts: 5018
- Joined: 13 Mar 2011, 09:54
- Znuny Version: 6.0.x
- Real Name: Renée Bäcker
- Company: Perl-Services.de
- Contact:
Re: OTRS sent email from unkown address
Search Kernel/Config/Files/ZZZAAuto.pm and Kernel/Config/Files/ZZZAuto.pm for that mail address...
Perl / Znuny development: http://perl-services.de
Free Znuny add ons from the community: http://opar.perl-services.de
Commercial add ons: http://feature-addons.de
Free Znuny add ons from the community: http://opar.perl-services.de
Commercial add ons: http://feature-addons.de
Re: OTRS sent email from unkown address
Thanks mate. I will get back to this post.
Re: OTRS sent email from unkown address
Hello reneeb.
Haven't found that email address on those files...
Any idea where to look further?
Is happening quite often now..
Cheers
Haven't found that email address on those files...
Any idea where to look further?
Is happening quite often now..
Cheers
Re: OTRS sent email from unkown address
I have checked on our mail server for logs and found that OTRS is trying to communicate IP 77.232.73.0
Did a tracert to that IP and end up on cs3-trk1-2000m.hhde.ip.servage.net [77.232.64.6].
The Geolocation for that IP is Germany. Find out that is a Hosting site.
https://ipinfo.io/AS29671
Any idea why is OTRS trying to communicate with that IP?
Cheers
Did a tracert to that IP and end up on cs3-trk1-2000m.hhde.ip.servage.net [77.232.64.6].
The Geolocation for that IP is Germany. Find out that is a Hosting site.
https://ipinfo.io/AS29671
Any idea why is OTRS trying to communicate with that IP?
Cheers
You do not have the required permissions to view the files attached to this post.
Re: OTRS sent email from unkown address
As OTRS is not connecting this IP per default nor uses this mail address you should:
- are any non official packages installed?
- where are these packages from?
- which OTRS version and Patch level do you use?
- is there anything else running on the box?
I suggest to hire an OTRS expert or a security expert to analyse the situation
- are any non official packages installed?
- where are these packages from?
- which OTRS version and Patch level do you use?
- is there anything else running on the box?
I suggest to hire an OTRS expert or a security expert to analyse the situation
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
Re: OTRS sent email from unkown address
Hi jojo.
The packages I have installed are attached as image.
I have installed those packages directly from OTRS.
I'm using OTRS 5.0.16 Patch don't know.
The box is running on CentOS with nothing else on it.
I have no budget to hire either experts
I'm on my own now...
I would appreciate any help.
Cheers
The packages I have installed are attached as image.
I have installed those packages directly from OTRS.
I'm using OTRS 5.0.16 Patch don't know.
The box is running on CentOS with nothing else on it.
I have no budget to hire either experts
I'm on my own now...
I would appreciate any help.
Cheers
You do not have the required permissions to view the files attached to this post.
Re: OTRS sent email from unkown address
from this side it seems everything is ok.
You should also check the contents of the ticket, Autoreplies etc. Also what kind of connections are made to the mentioned IP address?
5.0.16 has several security issues, you always should update to the last patch level.
If you think your system is compromised set up a new one and ensure a safe operation (or invest the money for people having the knowledge to operate servers in a secure way)
You should also check the contents of the ticket, Autoreplies etc. Also what kind of connections are made to the mentioned IP address?
5.0.16 has several security issues, you always should update to the last patch level.
If you think your system is compromised set up a new one and ensure a safe operation (or invest the money for people having the knowledge to operate servers in a secure way)
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
Re: OTRS sent email from unkown address
Hi jojo.
I have removed all packages and updated the CentOS.
Let's see if I continue to receive those alerts from our mail server.
If I receive then I will update OTRS to the latest version and patch.
Need instructions for that as I never did a version update.
Any videos or step by step instructions for an update?
Cheers.
I have removed all packages and updated the CentOS.
Let's see if I continue to receive those alerts from our mail server.
If I receive then I will update OTRS to the latest version and patch.
Need instructions for that as I never did a version update.
Any videos or step by step instructions for an update?
Cheers.
Re: OTRS sent email from unkown address
OTRS 8 SILVER (Prod)
OTRS 8 auf Debian 11 (Test)
Znuny 7.x latest version testing auf Debian 11
-- Ich beantworte keine Forums-Fragen PN - No PN please
I won't answer to unfriendly users any more. A greeting and regards are just polite.
OTRS 8 auf Debian 11 (Test)
Znuny 7.x latest version testing auf Debian 11
-- Ich beantworte keine Forums-Fragen PN - No PN please
I won't answer to unfriendly users any more. A greeting and regards are just polite.