troubleshooting Question
possible infected spam server? trying to track down what is sending out spam
I am running exchange 2003 sp2 and have barracuda spam filter filtering inbound and outbound.
pop3
imap
rpc/http is enabled
i have a situation where spam is being sent by my servers. The ip in the headers are from a foregin country. They are somehow connecting to my email server and sending out spam.
could it be possible that one of my pop/imap users is infected with a virus and authenticating and then seding out spam?
how can i find the offending users.
I turned up loggin on pop3 and imap but do not see the offending ip anywhere.
need help in tracking down the offending user. or can it be my server has a security hole?
i am blocking the spam going outbound from the spam filter but need to get to the bottom
why its sending out.
Thanks in advance
X-ASG-Debug-ID: 1299760893-00f14f5fb10f8d0
X-Barracuda-Envelope-From:
Received: from User ([207.194.87.105]) by server1.com with Microsoft SMTPSVC(6.0.3790.3959);
Thu, 10 Mar 2011 07:41:33 -0500
Reply-To: dtglvl@tvdirectsat.tv
X-Barracuda-Apparent-Sourc
X-Barracuda-BBL-IP: 207.194.87.105
X-Barracuda-RBL-IP: 207.194.87.105
From: Online TV Software<dtglvl@tvdirectsa
Subject: Watch 9000 World Wide TV Channels on your Computer, TV or SmartPhone
Date: Thu, 10 Mar 2011 14:41:27 +0200
X-ASG-Orig-Subj: Watch 9000 World Wide TV Channels on your Computer, TV or SmartPhone
pop3
imap
rpc/http is enabled
i have a situation where spam is being sent by my servers. The ip in the headers are from a foregin country. They are somehow connecting to my email server and sending out spam.
could it be possible that one of my pop/imap users is infected with a virus and authenticating and then seding out spam?
how can i find the offending users.
I turned up loggin on pop3 and imap but do not see the offending ip anywhere.
need help in tracking down the offending user. or can it be my server has a security hole?
i am blocking the spam going outbound from the spam filter but need to get to the bottom
why its sending out.
Thanks in advance
X-ASG-Debug-ID: 1299760893-00f14f5fb10f8d0
X-Barracuda-Envelope-From:
Received: from User ([207.194.87.105]) by server1.com with Microsoft SMTPSVC(6.0.3790.3959);
Thu, 10 Mar 2011 07:41:33 -0500
Reply-To: dtglvl@tvdirectsat.tv
X-Barracuda-Apparent-Sourc
X-Barracuda-BBL-IP: 207.194.87.105
X-Barracuda-RBL-IP: 207.194.87.105
From: Online TV Software<dtglvl@tvdirectsa
Subject: Watch 9000 World Wide TV Channels on your Computer, TV or SmartPhone
Date: Thu, 10 Mar 2011 14:41:27 +0200
X-ASG-Orig-Subj: Watch 9000 World Wide TV Channels on your Computer, TV or SmartPhone
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 5 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.
The Distinguished Expert awards are presented to the top veteran and rookie experts to earn the most points in the top 50 topics.