Solved

SMTP Server Compromised?

Posted on 2004-08-04
5
188 Views
Last Modified: 2010-04-11
I am seeing a lot of suspect traffic passing through our SMTP queue.  The emails appear to be coming from legitimate accounts, but they are going to email addresses the owners of the accounts being used do not know.

I dont really know how to go about determining what is actually the issue here.  Are there any viruses currently in curculation that use the SMTP server set up in Outlook rather than their own?  Could it be that a spammer has somehow gained entry to my mail server?

I have scanned for viruses, trojans, and misc other scumware to no avail.  I have also isolated all smtp traffic on our network to our mail server.

What to do next?
0
Comment
Question by:forrest321
  • 2
  • 2
5 Comments
 
LVL 15

Accepted Solution

by:
Yan_west earned 50 total points
ID: 11720822
Is your Antivirus Auto-Sending reply to addresses that would be sending viruses on your network?  Used to do that on my network, I had to disable the fonction that sent a warning to all incomming message containing a virus, even if the person never would receive the infected file.
0
 
LVL 32

Assisted Solution

by:Luc Franken
Luc Franken earned 50 total points
ID: 11720855
Hi forrest321,

Also, check if you're not an open relay... this will make it very easy for spammers to use your server as relay.

Greetings,

LucF
0
 
LVL 2

Author Comment

by:forrest321
ID: 11720901
We do not allow relay.

I am testing the virus response messages.  I think they are sent from the postmaster account rather than the individuals, but I am not sure yet.
0
 
LVL 2

Author Comment

by:forrest321
ID: 11720982
Well, I feel silly.  

All of the users that I have been spotting in these emails in the queue are currently out of the office...  Their vacation message is responding to spam, which explains why no-one knows any of the email addresses.

Thanks for the help.
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 11721021
Forrest through the trees thingy... Glad you got it sorted :)

LucF
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now