Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

SMTP Server Compromised?

Posted on 2004-08-04
5
191 Views
Last Modified: 2010-04-11
I am seeing a lot of suspect traffic passing through our SMTP queue.  The emails appear to be coming from legitimate accounts, but they are going to email addresses the owners of the accounts being used do not know.

I dont really know how to go about determining what is actually the issue here.  Are there any viruses currently in curculation that use the SMTP server set up in Outlook rather than their own?  Could it be that a spammer has somehow gained entry to my mail server?

I have scanned for viruses, trojans, and misc other scumware to no avail.  I have also isolated all smtp traffic on our network to our mail server.

What to do next?
0
Comment
Question by:forrest321
  • 2
  • 2
5 Comments
 
LVL 15

Accepted Solution

by:
Yan_west earned 50 total points
ID: 11720822
Is your Antivirus Auto-Sending reply to addresses that would be sending viruses on your network?  Used to do that on my network, I had to disable the fonction that sent a warning to all incomming message containing a virus, even if the person never would receive the infected file.
0
 
LVL 32

Assisted Solution

by:LucF
LucF earned 50 total points
ID: 11720855
Hi forrest321,

Also, check if you're not an open relay... this will make it very easy for spammers to use your server as relay.

Greetings,

LucF
0
 
LVL 2

Author Comment

by:forrest321
ID: 11720901
We do not allow relay.

I am testing the virus response messages.  I think they are sent from the postmaster account rather than the individuals, but I am not sure yet.
0
 
LVL 2

Author Comment

by:forrest321
ID: 11720982
Well, I feel silly.  

All of the users that I have been spotting in these emails in the queue are currently out of the office...  Their vacation message is responding to spam, which explains why no-one knows any of the email addresses.

Thanks for the help.
0
 
LVL 32

Expert Comment

by:LucF
ID: 11721021
Forrest through the trees thingy... Glad you got it sorted :)

LucF
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
exchange, activesync 2 44
Your Connection is Not Private When Accessing Gmail 4 39
SCSM reports export 1 13
SAP HANA vulnerability threat report. 2 22
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
The related questions "How do I recover the passwords for my Q-See DVR" and "How can I reset my Q-See DVR to eliminate a password" are seen several times a week.  Here we discuss the grim reality of the situation.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question