Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

SMTP Server Compromised?

Posted on 2004-08-04
5
Medium Priority
?
195 Views
Last Modified: 2010-04-11
I am seeing a lot of suspect traffic passing through our SMTP queue.  The emails appear to be coming from legitimate accounts, but they are going to email addresses the owners of the accounts being used do not know.

I dont really know how to go about determining what is actually the issue here.  Are there any viruses currently in curculation that use the SMTP server set up in Outlook rather than their own?  Could it be that a spammer has somehow gained entry to my mail server?

I have scanned for viruses, trojans, and misc other scumware to no avail.  I have also isolated all smtp traffic on our network to our mail server.

What to do next?
0
Comment
Question by:forrest321
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 15

Accepted Solution

by:
Yan_west earned 200 total points
ID: 11720822
Is your Antivirus Auto-Sending reply to addresses that would be sending viruses on your network?  Used to do that on my network, I had to disable the fonction that sent a warning to all incomming message containing a virus, even if the person never would receive the infected file.
0
 
LVL 32

Assisted Solution

by:LucF
LucF earned 200 total points
ID: 11720855
Hi forrest321,

Also, check if you're not an open relay... this will make it very easy for spammers to use your server as relay.

Greetings,

LucF
0
 
LVL 2

Author Comment

by:forrest321
ID: 11720901
We do not allow relay.

I am testing the virus response messages.  I think they are sent from the postmaster account rather than the individuals, but I am not sure yet.
0
 
LVL 2

Author Comment

by:forrest321
ID: 11720982
Well, I feel silly.  

All of the users that I have been spotting in these emails in the queue are currently out of the office...  Their vacation message is responding to spam, which explains why no-one knows any of the email addresses.

Thanks for the help.
0
 
LVL 32

Expert Comment

by:LucF
ID: 11721021
Forrest through the trees thingy... Glad you got it sorted :)

LucF
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question