lsof -i port entry and how to remove it

Support for security such as Firewalls and securing linux
Post Reply
cefnllys
Posts: 1
Joined: 2015/07/26 15:32:56

lsof -i port entry and how to remove it

Post by cefnllys » 2015/07/26 15:57:19

After running lsof -i on my Centos 6.6 server I spotted the following line:

smtpd 38886 postfix 25u IPv4 11990271 0t0 TCP hosting.mydomain.com: smtp->server4.soproseuprazer.com:51973 (ESTABLISHED)

Is this malware? and how do I get rid of it?
Top
User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:
Contact avij

Re: lsof -i port entry and how to remove it

Post by avij » 2015/07/26 16:24:49

server4.soproseuprazer.com is busy sending email to your server. This does not look malware to me.
Top
aks
Posts: 3073
Joined: 2014/09/20 11:22:14

Re: lsof -i port entry and how to remove it

Post by aks » 2015/07/27 18:13:35

How to stop it - stop sending them email!
You can query who their mail server is by using the command: dig @8.8.8.8 IN MX soproseuprazer.com (which'll query Google's DNS server).
You can find out information about the company by using whois (although that is not guaranteed).
Top
Post Reply

Return to “CentOS 6 - Security Support”