Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Recieving external spam with external email not working

Posted on 2004-10-06
5
Medium Priority
?
297 Views
Last Modified: 2010-04-11
I have a interesting problem. I am recieving what seems to be external spam, but due to a dns issue we currently  cannot recieve external mail. What virus or spyware couold do this and how would I locate it.
0
Comment
Question by:smnphoenix
5 Comments
 
LVL 5

Accepted Solution

by:
zerofield earned 2000 total points
ID: 12237496
if you arent receiving external email, or arent supposed to, sniff port 25 of your mailserver.  it's supposed to be very limited activity now anyway according to you.

if an upstream DNS server has cached your IP, and you're still online, it could just be "real" spam from the outside world.  I'd sniff the port briefly to check.  you can also use the exchange system manager to view current email connections and where they're coming from.
0
 
LVL 1

Expert Comment

by:Yaroslav_Buzko
ID: 12238193
I'd also advise to carefully examine the headers of spam messages. What are the IPs of server it comes through? Please post a whole header here if the problem persists.

Chances are that some user at your LAN got some malware sending out spam and pretending to be 'external'.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12238432
Also, realize that not all spammers pay attention to DNS. Some just sweep the 'Net looking for hosts that answer on Port 25 and then try to spam. So unless you've shut down your SMTP daemon, anyone who can connect to port 25 can send you E-Mail. DNS does not HAVE to be involved.
0
 
LVL 6

Expert Comment

by:knoxj81
ID: 12240250
Well to answer you question about what virus could do this, and what you can do about it. I would just run a scan @ www.trendmicro.com and see if anything comes up. If not, you know your barking up the wrong tree.
0
 
LVL 2

Expert Comment

by:Snodlander
ID: 12256457
You may have an open relay on your exchange.
From an outside source see if you can telnet into your router on port 25 - post your results here
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ITIL has an elaborate incident management framework. This article serves as a starter for those who'd like to know more or need to suss out the baseline elements in a typical incident response execution plan on the "need to have" and the "good to ha…
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question