Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Recieving external spam with external email not working

Posted on 2004-10-06
5
Medium Priority
?
295 Views
Last Modified: 2010-04-11
I have a interesting problem. I am recieving what seems to be external spam, but due to a dns issue we currently  cannot recieve external mail. What virus or spyware couold do this and how would I locate it.
0
Comment
Question by:smnphoenix
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 5

Accepted Solution

by:
zerofield earned 2000 total points
ID: 12237496
if you arent receiving external email, or arent supposed to, sniff port 25 of your mailserver.  it's supposed to be very limited activity now anyway according to you.

if an upstream DNS server has cached your IP, and you're still online, it could just be "real" spam from the outside world.  I'd sniff the port briefly to check.  you can also use the exchange system manager to view current email connections and where they're coming from.
0
 
LVL 1

Expert Comment

by:Yaroslav_Buzko
ID: 12238193
I'd also advise to carefully examine the headers of spam messages. What are the IPs of server it comes through? Please post a whole header here if the problem persists.

Chances are that some user at your LAN got some malware sending out spam and pretending to be 'external'.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12238432
Also, realize that not all spammers pay attention to DNS. Some just sweep the 'Net looking for hosts that answer on Port 25 and then try to spam. So unless you've shut down your SMTP daemon, anyone who can connect to port 25 can send you E-Mail. DNS does not HAVE to be involved.
0
 
LVL 6

Expert Comment

by:knoxj81
ID: 12240250
Well to answer you question about what virus could do this, and what you can do about it. I would just run a scan @ www.trendmicro.com and see if anything comes up. If not, you know your barking up the wrong tree.
0
 
LVL 2

Expert Comment

by:Snodlander
ID: 12256457
You may have an open relay on your exchange.
From an outside source see if you can telnet into your router on port 25 - post your results here
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question