Solved

Recieving external spam with external email not working

Posted on 2004-10-06
5
294 Views
Last Modified: 2010-04-11
I have a interesting problem. I am recieving what seems to be external spam, but due to a dns issue we currently  cannot recieve external mail. What virus or spyware couold do this and how would I locate it.
0
Comment
Question by:smnphoenix
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 5

Accepted Solution

by:
zerofield earned 500 total points
ID: 12237496
if you arent receiving external email, or arent supposed to, sniff port 25 of your mailserver.  it's supposed to be very limited activity now anyway according to you.

if an upstream DNS server has cached your IP, and you're still online, it could just be "real" spam from the outside world.  I'd sniff the port briefly to check.  you can also use the exchange system manager to view current email connections and where they're coming from.
0
 
LVL 1

Expert Comment

by:Yaroslav_Buzko
ID: 12238193
I'd also advise to carefully examine the headers of spam messages. What are the IPs of server it comes through? Please post a whole header here if the problem persists.

Chances are that some user at your LAN got some malware sending out spam and pretending to be 'external'.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12238432
Also, realize that not all spammers pay attention to DNS. Some just sweep the 'Net looking for hosts that answer on Port 25 and then try to spam. So unless you've shut down your SMTP daemon, anyone who can connect to port 25 can send you E-Mail. DNS does not HAVE to be involved.
0
 
LVL 6

Expert Comment

by:knoxj81
ID: 12240250
Well to answer you question about what virus could do this, and what you can do about it. I would just run a scan @ www.trendmicro.com and see if anything comes up. If not, you know your barking up the wrong tree.
0
 
LVL 2

Expert Comment

by:Snodlander
ID: 12256457
You may have an open relay on your exchange.
From an outside source see if you can telnet into your router on port 25 - post your results here
0

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
A look at what happened in the Verizon cloud breach.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses
Course of the Month4 days, 1 hour left to enroll

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question