Solved

Recieving external spam with external email not working

Posted on 2004-10-06
5
292 Views
Last Modified: 2010-04-11
I have a interesting problem. I am recieving what seems to be external spam, but due to a dns issue we currently  cannot recieve external mail. What virus or spyware couold do this and how would I locate it.
0
Comment
Question by:smnphoenix
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 5

Accepted Solution

by:
zerofield earned 500 total points
ID: 12237496
if you arent receiving external email, or arent supposed to, sniff port 25 of your mailserver.  it's supposed to be very limited activity now anyway according to you.

if an upstream DNS server has cached your IP, and you're still online, it could just be "real" spam from the outside world.  I'd sniff the port briefly to check.  you can also use the exchange system manager to view current email connections and where they're coming from.
0
 
LVL 1

Expert Comment

by:Yaroslav_Buzko
ID: 12238193
I'd also advise to carefully examine the headers of spam messages. What are the IPs of server it comes through? Please post a whole header here if the problem persists.

Chances are that some user at your LAN got some malware sending out spam and pretending to be 'external'.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12238432
Also, realize that not all spammers pay attention to DNS. Some just sweep the 'Net looking for hosts that answer on Port 25 and then try to spam. So unless you've shut down your SMTP daemon, anyone who can connect to port 25 can send you E-Mail. DNS does not HAVE to be involved.
0
 
LVL 6

Expert Comment

by:knoxj81
ID: 12240250
Well to answer you question about what virus could do this, and what you can do about it. I would just run a scan @ www.trendmicro.com and see if anything comes up. If not, you know your barking up the wrong tree.
0
 
LVL 2

Expert Comment

by:Snodlander
ID: 12256457
You may have an open relay on your exchange.
From an outside source see if you can telnet into your router on port 25 - post your results here
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The related questions "How do I recover the passwords for my Q-See DVR" and "How can I reset my Q-See DVR to eliminate a password" are seen several times a week.  Here we discuss the grim reality of the situation.
There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question