mails sent from pc
a customer says he's been informed from several of his contacts that "strange mails" are being sent from his pc
here's what he gets :
what is this, and how to resolve it?
needless to say that no AV scan, nor mbam, nor roguekiller did find something
system is running windows7 - 64 bit - SSD drive
mail client = Outlook
here's what he gets :
what is this, and how to resolve it?
needless to say that no AV scan, nor mbam, nor roguekiller did find something
system is running windows7 - 64 bit - SSD drive
mail client = Outlook
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
is the above valid for a standalone pc also?
this one is not connected to a domain
this one is not connected to a domain
This is not AD domain related, we are talking about smtp domains, yahoo.com per example.
ASKER
i supposed that much, but wanted to be sure i get it right
just change the users email password
also if you have a security question with the user change that also
if they were spoofed that all we do to resolve any further activity
also if you have a security question with the user change that also
if they were spoofed that all we do to resolve any further activity
Can you help with FULL MAIL HEADERS of message you posted as screenshot?
Since we cannot trace where it came from we can blame mickey mouse, superman or aliens, without a chance to tell which one is real threat.
Since we cannot trace where it came from we can blame mickey mouse, superman or aliens, without a chance to tell which one is real threat.
ASKER
this was in the mail attachment, as details.txt :
Reporting-MTA: dns; mx22.gtsmail.hu
X-Postfix-Queue-ID: B73AA1227
X-Postfix-Sender: rfc822; usert@telenet.be
Arrival-Date: Wed, 23 Sep 2015 15:32:17 +0200 (CEST)
Final-Recipient: rfc822;user@mmm.be
Original-Recipient: rfc822;usert@mmm.be
Action: failed
Status: 5.7.1
Remote-MTA: dns; mxcluster1.one.com
Diagnostic-Code: smtp; 550 5.7.1 Spam (84b8def4-61f7-11e5-9e29-b
====================
this was the mail body i got :
---
Van: Mail Delivery System [mailto:MAILER-DAEMON@mx2.
Verzonden: woensdag 23 september 2015 15:32
Aan:user@telenet.be
Onderwerp: Undelivered Mail Returned to Sender
This is the mail system at host mx22.gtsmail.hu.
I'm sorry to have to inform you that your message could not be delivered to
one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can delete your own
text from the attached returned message.
The mail system
<usersselot@mmm.be>: host mxcluster1.one.com[91.198.
said:
550 5.7.1 Spam (84b8def4-61f7-11e5-9e29-b
of
DATA command)
i hope it's what you need -it's all i got
Reporting-MTA: dns; mx22.gtsmail.hu
X-Postfix-Queue-ID: B73AA1227
X-Postfix-Sender: rfc822; usert@telenet.be
Arrival-Date: Wed, 23 Sep 2015 15:32:17 +0200 (CEST)
Final-Recipient: rfc822;user@mmm.be
Original-Recipient: rfc822;usert@mmm.be
Action: failed
Status: 5.7.1
Remote-MTA: dns; mxcluster1.one.com
Diagnostic-Code: smtp; 550 5.7.1 Spam (84b8def4-61f7-11e5-9e29-b
====================
this was the mail body i got :
---
Van: Mail Delivery System [mailto:MAILER-DAEMON@mx2.
Verzonden: woensdag 23 september 2015 15:32
Aan:user@telenet.be
Onderwerp: Undelivered Mail Returned to Sender
This is the mail system at host mx22.gtsmail.hu.
I'm sorry to have to inform you that your message could not be delivered to
one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can delete your own
text from the attached returned message.
The mail system
<usersselot@mmm.be>: host mxcluster1.one.com[91.198.
said:
550 5.7.1 Spam (84b8def4-61f7-11e5-9e29-b
of
DATA command)
i hope it's what you need -it's all i got
ASKER
thomas - i can't quite follow what you said - plse explain
mx22.gtsmail.hu sends the message
Please ask postmaster@gtsmail.hu to stop accepting spam mail and burden your users with backscatter (one full mail headers and related mail logs will make it sound more impressive)
There is almost nothing you can do in your mail server to ease user's life.
Please ask postmaster@gtsmail.hu to stop accepting spam mail and burden your users with backscatter (one full mail headers and related mail logs will make it sound more impressive)
There is almost nothing you can do in your mail server to ease user's life.
ASKER
so i assume i have to live with it?
You have to contact source of mails
It looks like internet provider, at least if somebody reads postmaster mailbox they will understand what you are talking about.
It looks like internet provider, at least if somebody reads postmaster mailbox they will understand what you are talking about.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
>> then change the password << you mean the router password - or what ?
No the users email password
ASKER
ok will do
ASKER
i hope it's resolved this way
ASKER
explain what is NDR ?
i'm just barely acquanted with windows...
and can you give an example of an SPF record for the above ? and how to implement it ?
i read the wikipedia abit, but don't really understand it