Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Recieving external spam with external email not working

Posted on 2004-10-06
5
Medium Priority
?
296 Views
Last Modified: 2010-04-11
I have a interesting problem. I am recieving what seems to be external spam, but due to a dns issue we currently  cannot recieve external mail. What virus or spyware couold do this and how would I locate it.
0
Comment
Question by:smnphoenix
5 Comments
 
LVL 5

Accepted Solution

by:
zerofield earned 2000 total points
ID: 12237496
if you arent receiving external email, or arent supposed to, sniff port 25 of your mailserver.  it's supposed to be very limited activity now anyway according to you.

if an upstream DNS server has cached your IP, and you're still online, it could just be "real" spam from the outside world.  I'd sniff the port briefly to check.  you can also use the exchange system manager to view current email connections and where they're coming from.
0
 
LVL 1

Expert Comment

by:Yaroslav_Buzko
ID: 12238193
I'd also advise to carefully examine the headers of spam messages. What are the IPs of server it comes through? Please post a whole header here if the problem persists.

Chances are that some user at your LAN got some malware sending out spam and pretending to be 'external'.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12238432
Also, realize that not all spammers pay attention to DNS. Some just sweep the 'Net looking for hosts that answer on Port 25 and then try to spam. So unless you've shut down your SMTP daemon, anyone who can connect to port 25 can send you E-Mail. DNS does not HAVE to be involved.
0
 
LVL 6

Expert Comment

by:knoxj81
ID: 12240250
Well to answer you question about what virus could do this, and what you can do about it. I would just run a scan @ www.trendmicro.com and see if anything comes up. If not, you know your barking up the wrong tree.
0
 
LVL 2

Expert Comment

by:Snodlander
ID: 12256457
You may have an open relay on your exchange.
From an outside source see if you can telnet into your router on port 25 - post your results here
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question