• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 196
  • Last Modified:

SMTP Server Compromised?

I am seeing a lot of suspect traffic passing through our SMTP queue.  The emails appear to be coming from legitimate accounts, but they are going to email addresses the owners of the accounts being used do not know.

I dont really know how to go about determining what is actually the issue here.  Are there any viruses currently in curculation that use the SMTP server set up in Outlook rather than their own?  Could it be that a spammer has somehow gained entry to my mail server?

I have scanned for viruses, trojans, and misc other scumware to no avail.  I have also isolated all smtp traffic on our network to our mail server.

What to do next?
0
forrest321
Asked:
forrest321
  • 2
  • 2
2 Solutions
 
Yan_westCommented:
Is your Antivirus Auto-Sending reply to addresses that would be sending viruses on your network?  Used to do that on my network, I had to disable the fonction that sent a warning to all incomming message containing a virus, even if the person never would receive the infected file.
0
 
LucFCommented:
Hi forrest321,

Also, check if you're not an open relay... this will make it very easy for spammers to use your server as relay.

Greetings,

LucF
0
 
forrest321Author Commented:
We do not allow relay.

I am testing the virus response messages.  I think they are sent from the postmaster account rather than the individuals, but I am not sure yet.
0
 
forrest321Author Commented:
Well, I feel silly.  

All of the users that I have been spotting in these emails in the queue are currently out of the office...  Their vacation message is responding to spam, which explains why no-one knows any of the email addresses.

Thanks for the help.
0
 
LucFCommented:
Forrest through the trees thingy... Glad you got it sorted :)

LucF
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now