root-owned files in Maildir, possible hack?
I run exim4, courrier-imap, and sqwebmail on my home server. For quite some time now, I've noticed a reoccurring file named "from" in my ${HOME}/Maildir/cur folder, owned and read/write only by root. I also notice, from time to time, root-owned files named "whatever" and "todd" in the same folder, which makes me think my machine might me compromised. They also have out-of-whack modification times.
I've disabled these three services, and the files have not re-appeared. I'm no security guru, but I don't even know where to start. Anyone have a clue as to where I should look first?
details:
Exim version 4.63 #1 built 20-Jan-2007 10:40:39
courier-imap 4.1.1.20060828-5
sqwebmail 0.53.3-5
thanks,
-dave
|