Win2k3 domain (4 servers)
Have recently installed GFI mailsweeper software as supicious of mails etc and it has shown returned messages to a user we do not have called "SALES37314939" (see below). This user has sent 2730+ messages in the past 6 days (since we switched the GFI on) -
"To: /O=W T LAMB/OU=FIRST ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=SALES37314939
Subject: IMCEAEX-_O=W+20T+20LAMB_OU=FIRST+20ADMINISTRATIVE+20GROUP_CN=RECIPIENTS_CN=SALES37314939@lambsbricks.com - Email has different SMTP TO: and MIME TO: fields in the email addresses - Mail delivery failed: returning message to sender
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:"
We cannot find any reference to this use in our AD or our exchange or on any server registry. I cannot find it in adsiedit (although there is no search facility so I may have missed it)
We have taken every PC and server off the network and booted them in safe mode - then run mcafee/ ca and norton netsky "fixers" which have yielded 6 occurences on the mail server and nothing else.
My own belief is that there is a rogue smtp service (which is how netsky is supposed to run) somewhere on my network - this is kind of bourne out by the fact that no mails were sent over the weekend.
Any ideas for tracking this down would be appreciated
More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.
The purpose of this guide is to provide information to successfully add specific IIS 7.0 role services for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008.
Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture?
Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message.
In the To field, type your recipient's fax number @efaxsend.com.
You can even send a secure international fax — just include t…