Link to home
Start Free TrialLog in
Avatar of mkouloumoundras
mkouloumoundras

asked on

SPAM PROBLEMS

My mail server keeps getting blacklisted because apparently emails keep hitting spam traps at various DNSBL's. I have inbound spam filtering through Postini and also have Symantec Mail Security 6.0.8.262 running on my exchange box. It started yesterday (12-21) around 2:05 and I found a virus called W32.Mydoom.L@mm which was easily fixed, the Spam ceased and by the next morning (12-22) at 7:30am I was off all of the DNSBL lists. At 10:30, it started again, I have ran the Microsoft Malicious Software Removal Tool on every machine inside the network with no positive findings. Also have ran Symantec full system scans on all the machines within the network and found nothing. I checked my firewall and saw the attached Log, I cant make heads or tails of this. (Router is an Netgear FVS318)
Tue, 2009-12-22 14:05:55 - [Log email failed for 3 times. Give up trying to send.]
Tue, 2009-12-22 14:05:57 - TCP packet - Source: 74.125.149.216 - Destination: 76.231.220.130 - [Access Policy not found, dropping packet Src 42448 Dst 25 from WAN]
Tue, 2009-12-22 14:05:59 - TCP packet - Source: 74.125.149.212 - Destination: 76.231.220.130 - [Access Policy not found, dropping packet Src 34824 Dst 25 from WAN]
Tue, 2009-12-22 14:06:00 - TCP packet - Source: 74.125.149.215 - Destination: 76.231.220.130 - [Access Policy not found, dropping packet Src 50126 Dst 25 from WAN]
Tue, 2009-12-22 14:06:01 - TCP packet - Source: 74.125.149.79 - Destination: 76.231.220.130 - [Access Policy not found, dropping packet Src 36056 Dst 25 from WAN]
Tue, 2009-12-22 14:06:04 - TCP packet - Source: 74.125.149.81 - Destination: 76.231.220.130 - [Access Policy not found, dropping packet Src 51274 Dst 25 from WAN]
Tue, 2009-12-22 14:06:06 - TCP packet - Source: 74.125.149.214 - Destination: 76.231.220.130 - [Access Policy not found, dropping packet Src 54608 Dst 25 from WAN]
Tue, 2009-12-22 14:06:06 - [Unable to free UDP NAT port for 4ce7dc82:3671 from LAN]
Tue, 2009-12-22 14:06:07 - TCP packet - Source: 74.125.149.80 - Destination: 76.231.220.130 - [Access Policy not found, dropping packet Src 48439 Dst 25 from WAN]
Tue, 2009-12-22 14:06:08 - TCP packet - Source: 74.125.149.217 - Destination: 76.231.220.130 - [Access Policy not found, dropping packet Src 45796 Dst 25 from WAN]
Tue, 2009-12-22 14:06:08 - TCP packet - Source: 74.125.149.78 - Destination: 76.231.220.130 - [Access Policy not found, dropping packet Src 40484 Dst 25 from WAN]
Tue, 2009-12-22 14:06:09 - TCP packet - Source: 74.125.149.214 - Destination: 76.231.220.130 - [Access Policy not found, dropping packet Src 54608 Dst 25 from WAN]
Tue, 2009-12-22 14:06:10 - TCP packet - Source: 67.228.62.39 - Destination: 76.231.220.130 - [Zero bytes transferred for connection Src 41156 Dst 113 from WAN]
Tue, 2009-12-22 14:06:10 - TCP packet - Source: 203.150.217.190 - Destination: 76.231.220.130 - [Zero bytes transferred for connection Src 55420 Dst 113 from WAN]
Tue, 2009-12-22 14:06:10 - TCP packet - Source: 65.38.168.196 - Destination: 76.231.220.130 - [Zero bytes transferred for connection Src 41792 Dst 113 from WAN]
Tue, 2009-12-22 14:06:10 - TCP packet - Source: 208.101.48.5 - Destination: 76.231.220.130 - [Zero bytes transferred for connection Src 42055 Dst 113 from WAN]
Tue, 2009-12-22 14:06:10 - TCP packet - Source: 212.68.12.231 - Destination: 76.231.220.130 - [Zero bytes transferred for connection Src 43983 Dst 113 from WAN]
Tue, 2009-12-22 14:06:10 - TCP packet - Source: 66.7.216.69 - Destination: 76.231.220.130 - [Zero bytes transferred for connection Src 57716 Dst 113 from WAN]
Tue, 2009-12-22 14:06:10 - TCP packet - Source: 72.52.209.82 - Destination: 76.231.220.130 - [Zero bytes transferred for connection Src 34451 Dst 113 from WAN]
Tue, 2009-12-22 14:06:10 - [Alert email failed]
Tue, 2009-12-22 14:06:12 - TCP packet - Source: 74.125.149.215 - Destination: 76.231.220.130 - [Access Policy not found, dropping packet Src 50126 Dst 25 from WAN]
Tue, 2009-12-22 14:06:14 - TCP packet - Source: 93.189.34.113 - Destination: 76.231.220.130 - [Access Policy not found, dropping packet Src 51702 Dst 25 from WAN]
Tue, 2009-12-22 14:06:15 - TCP packet - Source: 74.125.149.214 - Destination: 76.231.220.130 - [Access Policy not found, dropping packet Src 54608 Dst 25 from WAN]
Tue, 2009-12-22 14:06:17 - TCP packet - Source: 93.189.34.113 - Destination: 76.231.220.130 - [Access Policy not found, dropping packet Src 51702 Dst 25 from WAN]
Tue, 2009-12-22 14:06:17 - TCP packet - Source: 74.125.149.213 - Destination: 76.231.220.130 - [Access Policy not found, dropping packet Src 44053 Dst 25 from WAN]
Tue, 2009-12-22 14:06:23 - TCP packet - Source: 93.189.34.113 - Destination: 76.231.220.130 - [Access Policy not found, dropping packet Src 51702 Dst 25 from WAN]
Tue, 2009-12-22 14:06:24 - TCP packet - Source: 75.126.120.37 - Destination: 76.231.220.130 - [Zero bytes transferred for connection Src 34427 Dst 113 from WAN]
Tue, 2009-12-22 14:06:24 - [Alert email failed]
Tue, 2009-12-22 14:06:25 - TCP packet - Source: 74.125.149.79 - Destination: 76.231.220.130 - [Access Policy not found, dropping packet Src 36056 Dst 25 from WAN]
Tue, 2009-12-22 14:06:27 - TCP packet - Source: 74.125.149.214 - Destination: 76.231.220.130 - [Access Policy not found, dropping packet Src 54608 Dst 25 from WAN]
Tue, 2009-12-22 14:06:28 - TCP packet - Source: 74.125.149.81 - Destination: 76.231.220.130 - [Access Policy not found, dropping packet Src 51274 Dst 25 from WAN]
Tue, 2009-12-22 14:06:35 - [Unable to free UDP NAT port for 4ce7dc82:3903 from LAN]
Tue, 2009-12-22 14:06:35 - [Unable to free UDP NAT port for 4ce7dc82:3800 from LAN]
Tue, 2009-12-22 14:06:36 - TCP packet - Source: 74.125.149.215 - Destination: 76.231.220.130 - [Access Policy not found, dropping packet Src 50126 Dst 25 from WAN]
Tue, 2009-12-22 14:06:37 - [admin login successful - IP : 192.168.15.104]
Tue, 2009-12-22 14:06:39 - TCP packet - Source: 97.107.133.41 - Destination: 76.231.220.130 - [Zero bytes transferred for connection Src 43970 Dst 113 from WAN]
Tue, 2009-12-22 14:06:39 - TCP packet - Source: 168.95.5.108 - Destination: 76.231.220.130 - [Zero bytes transferred for connection Src 63155 Dst 113 from WAN]
Tue, 2009-12-22 14:06:39 - TCP packet - Source: 99.155.40.184 - Destination: 76.231.220.130 - [Zero bytes transferred for connection Src 12719 Dst 113 from WAN]
Tue, 2009-12-22 14:06:39 - TCP packet - Source: 168.95.6.29 - Destination: 76.231.220.130 - [Zero bytes transferred for connection Src 50641 Dst 113 from WAN]
Tue, 2009-12-22 14:06:39 - TCP packet - Source: 168.95.6.6 - Destination: 76.231.220.130 - [Zero bytes transferred for connection Src 54536 Dst 113 from WAN]
Tue, 2009-12-22 14:06:39 - TCP packet - Source: 93.174.137.137 - Destination: 76.231.220.130 - [Zero bytes transferred for connection Src 49402 Dst 113 from WAN]
Tue, 2009-12-22 14:06:39 - TCP packet - Source: 168.95.5.137 - Destination: 76.231.220.130 - [Zero bytes transferred for connection Src 38257 Dst 113 from WAN]
Tue, 2009-12-22 14:06:39 - TCP packet - Source: 209.59.166.71 - Destination: 76.231.220.130 - [Zero bytes transferred for connection Src 53264 Dst 113 from WAN]
Tue, 2009-12-22 14:06:39 - TCP packet - Source: 213.162.208.116 - Destination: 76.231.220.130 - [Zero bytes transferred for connection Src 56613 Dst 113 from WAN]
Tue, 2009-12-22 14:06:39 - TCP packet - Source: 64.239.2.93 - Destination: 76.231.220.130 - [Zero bytes transferred for connection Src 44993 Dst 113 from WAN]
Tue, 2009-12-22 14:06:39 - TCP packet - Source: 168.95.6.23 - Destination: 76.231.220.130 - [Zero bytes transferred for connection Src 32952 Dst 113 from WAN]
Tue, 2009-12-22 14:06:39 - TCP packet - Source: 168.95.6.17 - Destination: 76.231.220.130 - [Zero bytes transferred for connection Src 49011 Dst 113 from WAN]
Tue, 2009-12-22 14:06:39 - [Alert email failed]
Tue, 2009-12-22 14:06:47 - TCP packet - Source: 74.125.149.212 - Destination: 76.231.220.130 - [Access Policy not found, dropping packet Src 34824 Dst 25 from WAN]
Tue, 2009-12-22 14:06:51 - TCP packet - Source: 74.125.149.214 - Destination: 76.231.220.130 - [Access Policy not found, dropping packet Src 54608 Dst 25 from WAN]
Tue, 2009-12-22 14:06:53 - TCP packet - Source: 72.52.218.94 - Destination: 76.231.220.130 - [Zero bytes transferred for connection Src 38276 Dst 113 from WAN]
Tue, 2009-12-22 14:06:53 - [Log email failed for 3 times. Give up trying to send.]

Open in new window

Avatar of rharland2009
rharland2009
The incoming connection attempts that your router seems to be dropping on the floor are from the Postini servers (all of the addresses in the 74.125.149.x space). I'm going to assume that your mailserver sits behind your gateway @ 76.231.220.130 (unless somehow you're not gwvalve.com, in which case disregard the rest).
Can you not send OR receive email, or just send?
 
Avatar of mkouloumoundras
mkouloumoundras

ASKER

All I can do Is recieve, right now when I send, most of the time it comes back undeliverable because of the DNS BlackListings. I have had reports from people over the past couple of days saying they have recieved emails stating they recieved a message from "X"@gwvalve.com with a warning not to open the message, to be completely honest, I have no idea where to start looking.
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image
First thing to do is block outbound TCP port 25 for all computers except the mail server.  That should stop most mass mailing viruses.

If you can enable logging on your router, do so, as this should highlight the rogue machine(s), then you can identify the problem and get rid of it.

Malwarebytes may help you find the rogue program (www.malwarebytes.org).
Avatar of rharland2009
rharland2009
Okay, why don't you start with looking at the outgoing mail logs on your Exchange box. There's something that happened between 7:30-10:30 (probably closer to 10:30) that made this happen, yeah? That's where I'd start.

Avatar of mkouloumoundras
mkouloumoundras

ASKER

These are the rules I had already setup, earlier today any thoughts?
RULES.jpg
Avatar of davorin
davorin
Flag of Slovenia image
Internal (server) Ip address at WAN users? Shouldn't be there any?
Avatar of davorin
davorin
Flag of Slovenia image
this could couse you problems you see in log.
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image
You are only allowing SMTP mail from the server to the server with your current SMTP rule. As suggested, please delete the server ip from the wan, it should be set to all.

If you have blocked outbound tcp for local pcs then you may be an authenticated relay or an open relay. Please read my FAQ about this particular problem:

http://www.it-eye.co.uk/faqs/readQuestion.php?qid=4
Avatar of mkouloumoundras
mkouloumoundras

ASKER

I do not have any messages pending delivery, my exchange is running fine, I have some sort of SMTP engine somewhere inside my network sending out SPAM
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image
Okay, that's great news and with the router blocks on place (having removed the smtp server to server inbound problem), check the router logs for internal ips trying to send mail out.
Avatar of mkouloumoundras
mkouloumoundras

ASKER

Here is the latest from the log.
Tue, 2009-12-22 16:16:59 - TCP packet - Source: 192.168.15.108 - Destination: 201.144.109.33 - [Service access request successful Src 3986 Dst 25 from LAN]
Tue, 2009-12-22 16:16:59 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 49903 Dst 53 from LAN]
Tue, 2009-12-22 16:16:59 - TCP packet - Source: 192.168.15.108 - Destination: 208.65.144.2 - [Service access request successful Src 3987 Dst 25 from LAN]
Tue, 2009-12-22 16:16:59 - TCP packet - Source: 192.168.15.108 - Destination: 200.125.133.11 - [Service access request successful Src 3988 Dst 25 from LAN]
Tue, 2009-12-22 16:16:59 - TCP packet - Source: 192.168.15.108 - Destination: 196.13.158.33 - [Service access request successful Src 3989 Dst 25 from LAN]
Tue, 2009-12-22 16:16:59 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 5759 Dst 53 from LAN]
Tue, 2009-12-22 16:17:00 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 17455 Dst 53 from LAN]
Tue, 2009-12-22 16:17:00 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 5406 Dst 53 from LAN]
Tue, 2009-12-22 16:17:00 - TCP packet - Source: 192.168.15.108 - Destination: 212.101.97.136 - [Service access request successful Src 3990 Dst 25 from LAN]
Tue, 2009-12-22 16:17:00 - TCP packet - Source: 192.168.15.108 - Destination: 209.85.222.7 - [Service access request successful Src 3992 Dst 25 from LAN]
Tue, 2009-12-22 16:17:00 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 22542 Dst 53 from LAN]
Tue, 2009-12-22 16:17:00 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 8265 Dst 53 from LAN]
Tue, 2009-12-22 16:17:00 - TCP packet - Source: 192.168.15.108 - Destination: 64.18.4.13 - [Service access request successful Src 3991 Dst 25 from LAN]
Tue, 2009-12-22 16:17:00 - TCP packet - Source: 192.168.15.108 - Destination: 170.190.30.111 - [Service access request successful Src 3993 Dst 25 from LAN]
Tue, 2009-12-22 16:17:00 - TCP packet - Source: 192.168.15.108 - Destination: 170.190.30.111 - [Service access request successful Src 3994 Dst 25 from LAN]
Tue, 2009-12-22 16:17:00 - TCP packet - Source: 192.168.15.108 - Destination: 170.190.30.111 - [Service access request successful Src 3995 Dst 25 from LAN]
Tue, 2009-12-22 16:17:00 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 5499 Dst 53 from LAN]
Tue, 2009-12-22 16:17:00 - TCP packet - Source: 192.168.15.108 - Destination: 218.223.39.138 - [Service access request successful Src 3996 Dst 25 from LAN]
Tue, 2009-12-22 16:17:00 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 43497 Dst 53 from LAN]
Tue, 2009-12-22 16:17:00 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 28921 Dst 53 from LAN]
Tue, 2009-12-22 16:17:01 - TCP packet - Source: 192.168.15.108 - Destination: 170.190.30.110 - [Service access request successful Src 3997 Dst 25 from LAN]
Tue, 2009-12-22 16:17:01 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 56627 Dst 53 from LAN]
Tue, 2009-12-22 16:17:01 - TCP packet - Source: 192.168.15.108 - Destination: 204.10.64.149 - [Service access request successful Src 3998 Dst 25 from LAN]
Tue, 2009-12-22 16:17:01 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 51298 Dst 53 from LAN]
Tue, 2009-12-22 16:17:01 - TCP packet - Source: 192.168.15.108 - Destination: 117.53.114.15 - [Service access request successful Src 4000 Dst 25 from LAN]
Tue, 2009-12-22 16:17:01 - TCP packet - Source: 192.168.15.108 - Destination: 117.53.114.15 - [Service access request successful Src 4001 Dst 25 from LAN]
Tue, 2009-12-22 16:17:01 - TCP packet - Source: 192.168.15.108 - Destination: 117.53.114.15 - [Service access request successful Src 3999 Dst 25 from LAN]
Tue, 2009-12-22 16:17:01 - TCP packet - Source: 192.168.15.108 - Destination: 117.53.114.15 - [Service access request successful Src 4002 Dst 25 from LAN]
Tue, 2009-12-22 16:17:01 - TCP packet - Source: 192.168.15.108 - Destination: 117.53.114.15 - [Service access request successful Src 4003 Dst 25 from LAN]
Tue, 2009-12-22 16:17:01 - TCP packet - Source: 192.168.15.108 - Destination: 72.14.221.27 - [Service access request successful Src 4004 Dst 25 from LAN]
Tue, 2009-12-22 16:17:01 - TCP packet - Source: 192.168.15.108 - Destination: 204.10.64.149 - [Service access request successful Src 4005 Dst 25 from LAN]
Tue, 2009-12-22 16:17:01 - TCP packet - Source: 192.168.15.108 - Destination: 204.10.64.149 - [Service access request successful Src 4006 Dst 25 from LAN]
Tue, 2009-12-22 16:17:01 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 39405 Dst 53 from LAN]
Tue, 2009-12-22 16:17:01 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 16625 Dst 53 from LAN]
Tue, 2009-12-22 16:17:02 - TCP packet - Source: 192.168.15.108 - Destination: 202.131.27.96 - [Service access request successful Src 4007 Dst 25 from LAN]
Tue, 2009-12-22 16:17:02 - TCP packet - Source: 192.168.15.108 - Destination: 202.131.27.96 - [Service access request successful Src 4008 Dst 25 from LAN]
Tue, 2009-12-22 16:17:02 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 46911 Dst 53 from LAN]
Tue, 2009-12-22 16:17:02 - TCP packet - Source: 192.168.15.108 - Destination: 142.192.200.31 - [Service access request successful Src 4009 Dst 25 from LAN]
Tue, 2009-12-22 16:17:02 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 10363 Dst 53 from LAN]
Tue, 2009-12-22 16:17:02 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 42494 Dst 53 from LAN]
Tue, 2009-12-22 16:17:02 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 30937 Dst 53 from LAN]
Tue, 2009-12-22 16:17:02 - TCP packet - Source: 192.168.15.108 - Destination: 166.77.11.78 - [Service access request successful Src 4010 Dst 25 from LAN]
Tue, 2009-12-22 16:17:02 - TCP packet - Source: 192.168.15.108 - Destination: 69.32.146.50 - [Service access request successful Src 4011 Dst 25 from LAN]
Tue, 2009-12-22 16:17:02 - TCP packet - Source: 200.61.183.149 - Destination: 76.231.220.130 - [Zero bytes transferred for connection Src 49461 Dst 113 from WAN]
Tue, 2009-12-22 16:17:02 - [Alert email failed]
Tue, 2009-12-22 16:17:02 - TCP packet - Source: 192.168.15.108 - Destination: 166.77.11.78 - [Service access request successful Src 4012 Dst 25 from LAN]
Tue, 2009-12-22 16:17:03 - TCP packet - Source: 192.168.15.108 - Destination: 166.77.11.78 - [Service access request successful Src 4013 Dst 25 from LAN]
Tue, 2009-12-22 16:17:03 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 18334 Dst 53 from LAN]
Tue, 2009-12-22 16:17:03 - TCP packet - Source: 192.168.15.108 - Destination: 213.228.128.59 - [Service access request successful Src 4014 Dst 25 from LAN]
Tue, 2009-12-22 16:17:03 - TCP packet - Source: 192.168.15.108 - Destination: 193.110.120.2 - [Service access request successful Src 4015 Dst 25 from LAN]
Tue, 2009-12-22 16:17:03 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 49554 Dst 53 from LAN]
Tue, 2009-12-22 16:17:03 - TCP packet - Source: 192.168.15.108 - Destination: 213.228.128.59 - [Service access request successful Src 4016 Dst 25 from LAN]
Tue, 2009-12-22 16:17:03 - TCP packet - Source: 192.168.15.108 - Destination: 213.228.128.59 - [Service access request successful Src 4018 Dst 25 from LAN]
Tue, 2009-12-22 16:17:03 - TCP packet - Source: 192.168.15.108 - Destination: 66.60.193.44 - [Service access request successful Src 4021 Dst 25 from LAN]
Tue, 2009-12-22 16:17:03 - TCP packet - Source: 192.168.15.108 - Destination: 66.60.193.44 - [Service access request successful Src 4022 Dst 25 from LAN]
Tue, 2009-12-22 16:17:03 - TCP packet - Source: 192.168.15.108 - Destination: 66.60.193.44 - [Service access request successful Src 4023 Dst 25 from LAN]
Tue, 2009-12-22 16:17:03 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 33858 Dst 53 from LAN]
Tue, 2009-12-22 16:17:03 - TCP packet - Source: 192.168.15.108 - Destination: 69.39.83.143 - [Service access request successful Src 4024 Dst 25 from LAN]
Tue, 2009-12-22 16:17:03 - TCP packet - Source: 192.168.15.108 - Destination: 66.60.193.44 - [Service access request successful Src 4025 Dst 25 from LAN]
Tue, 2009-12-22 16:17:03 - TCP packet - Source: 192.168.15.108 - Destination: 66.60.193.44 - [Service access request successful Src 4026 Dst 25 from LAN]
Tue, 2009-12-22 16:17:03 - TCP packet - Source: 192.168.15.108 - Destination: 66.60.193.44 - [Service access request successful Src 4027 Dst 25 from LAN]
Tue, 2009-12-22 16:17:04 - TCP packet - Source: 192.168.15.108 - Destination: 66.60.193.44 - [Service access request successful Src 4028 Dst 25 from LAN]
Tue, 2009-12-22 16:17:04 - TCP packet - Source: 192.168.15.108 - Destination: 66.60.193.44 - [Service access request successful Src 4029 Dst 25 from LAN]
Tue, 2009-12-22 16:17:04 - TCP packet - Source: 192.168.15.108 - Destination: 66.60.193.44 - [Service access request successful Src 4030 Dst 25 from LAN]
Tue, 2009-12-22 16:17:04 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 53276 Dst 53 from LAN]
Tue, 2009-12-22 16:17:04 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 48421 Dst 53 from LAN]
Tue, 2009-12-22 16:17:04 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 6674 Dst 53 from LAN]
Tue, 2009-12-22 16:17:04 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 32761 Dst 53 from LAN]
Tue, 2009-12-22 16:17:04 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 6162 Dst 53 from LAN]
Tue, 2009-12-22 16:17:04 - TCP packet - Source: 192.168.15.108 - Destination: 216.32.180.22 - [Service access request successful Src 4031 Dst 25 from LAN]
Tue, 2009-12-22 16:17:04 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 56408 Dst 53 from LAN]
Tue, 2009-12-22 16:17:04 - TCP packet - Source: 192.168.15.108 - Destination: 208.20.220.60 - [Service access request successful Src 4032 Dst 25 from LAN]
Tue, 2009-12-22 16:17:04 - TCP packet - Source: 192.168.15.108 - Destination: 208.20.220.60 - [Service access request successful Src 4033 Dst 25 from LAN]
Tue, 2009-12-22 16:17:04 - TCP packet - Source: 192.168.15.108 - Destination: 12.105.199.39 - [Service access request successful Src 4034 Dst 25 from LAN]
Tue, 2009-12-22 16:17:04 - TCP packet - Source: 192.168.15.108 - Destination: 12.105.199.39 - [Service access request successful Src 4036 Dst 25 from LAN]
Tue, 2009-12-22 16:17:04 - TCP packet - Source: 192.168.15.108 - Destination: 198.184.222.227 - [Service access request successful Src 4037 Dst 25 from LAN]
Tue, 2009-12-22 16:17:04 - TCP packet - Source: 192.168.15.108 - Destination: 207.126.154.14 - [Service access request successful Src 4038 Dst 25 from LAN]
Tue, 2009-12-22 16:17:04 - TCP packet - Source: 192.168.15.108 - Destination: 12.105.199.39 - [Service access request successful Src 4039 Dst 25 from LAN]
Tue, 2009-12-22 16:17:04 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 14201 Dst 53 from LAN]
Tue, 2009-12-22 16:17:04 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 58892 Dst 53 from LAN]
Tue, 2009-12-22 16:17:05 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 54501 Dst 53 from LAN]
Tue, 2009-12-22 16:17:05 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 31723 Dst 53 from LAN]
Tue, 2009-12-22 16:17:05 - TCP packet - Source: 192.168.15.108 - Destination: 216.237.221.35 - [Service access request successful Src 4040 Dst 25 from LAN]
Tue, 2009-12-22 16:17:05 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 51919 Dst 53 from LAN]
Tue, 2009-12-22 16:17:05 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 38829 Dst 53 from LAN]
Tue, 2009-12-22 16:17:05 - TCP packet - Source: 192.168.15.108 - Destination: 132.246.11.163 - [Service access request successful Src 4041 Dst 25 from LAN]
Tue, 2009-12-22 16:17:05 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 49515 Dst 53 from LAN]
Tue, 2009-12-22 16:17:05 - TCP packet - Source: 192.168.15.108 - Destination: 132.156.36.31 - [Service access request successful Src 4042 Dst 25 from LAN]
Tue, 2009-12-22 16:17:05 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 22970 Dst 53 from LAN]
Tue, 2009-12-22 16:17:05 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 7535 Dst 53 from LAN]
Tue, 2009-12-22 16:17:05 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 34459 Dst 53 from LAN]
Tue, 2009-12-22 16:17:05 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 40414 Dst 53 from LAN]
Tue, 2009-12-22 16:17:05 - TCP packet - Source: 192.168.15.108 - Destination: 167.182.124.98 - [Service access request successful Src 4043 Dst 25 from LAN]
Tue, 2009-12-22 16:17:05 - TCP packet - Source: 192.168.15.108 - Destination: 200.245.2.134 - [Service access request successful Src 4044 Dst 25 from LAN]
Tue, 2009-12-22 16:17:05 - TCP packet - Source: 192.168.15.11 - Destination: 206.51.26.33 - [Service access request successful Src 3062 Dst 3101 from LAN]
Tue, 2009-12-22 16:17:05 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 3800 Dst 53 from LAN]
Tue, 2009-12-22 16:17:05 - TCP packet - Source: 192.168.15.108 - Destination: 89.216.2.3 - [Service access request successful Src 4045 Dst 25 from LAN]
Tue, 2009-12-22 16:17:06 - TCP packet - Source: 192.168.15.108 - Destination: 205.120.117.130 - [Service access request successful Src 4046 Dst 25 from LAN]
Tue, 2009-12-22 16:17:06 - TCP packet - Source: 192.168.15.108 - Destination: 142.67.28.42 - [Service access request successful Src 4047 Dst 25 from LAN]
Tue, 2009-12-22 16:17:06 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 40454 Dst 53 from LAN]
Tue, 2009-12-22 16:17:06 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 49622 Dst 53 from LAN]
Tue, 2009-12-22 16:17:06 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 15441 Dst 53 from LAN]
Tue, 2009-12-22 16:17:06 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 11553 Dst 53 from LAN]
Tue, 2009-12-22 16:17:06 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 28327 Dst 53 from LAN]
Tue, 2009-12-22 16:17:06 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 46302 Dst 53 from LAN]
Tue, 2009-12-22 16:17:06 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 52794 Dst 53 from LAN]
Tue, 2009-12-22 16:17:06 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 7834 Dst 53 from LAN]
Tue, 2009-12-22 16:17:07 - UDP packet - Source: 192.168.15.10 - Destination: 68.94.156.1 - [Service access request successful Src 47178 Dst 53 from LAN]

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of davorin
davorin
Flag of Slovenia image
If 192.168.15.108 is not your mail server, go for Alan sugestion.
Avatar of mkouloumoundras
mkouloumoundras

ASKER

192.168.15.108 is a laptop on the network that had the attached screen shot of viruses in the quarantine, however, this still hasnt solved the problem, I have submitted requests to be removed from the DNSBL's and have been checking periodically, I was removed from one DNSBL and re-added about an hour later.
untitled.jpg