RE: NT4+IIS4 = spam problem?From: Matthew.van.Eerde@hbinc.com
- Previous message: Marc Fossi: "Re: Yet another OE worm (fwd)"
- Maybe in reply to: wanker: "NT4+IIS4 = spam problem?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <A9F857A45F1DD511AB010002B321B505013F14B3@dns1.hbinc.com> From: Matthew.van.Eerde@hbinc.com To: STulchinskiy@aspensys.com, firstname.lastname@example.org, email@example.com Subject: RE: NT4+IIS4 = spam problem? Date: Thu, 13 Sep 2001 13:22:04 -0700
You could tell the firewall to block *outbound* requests on port 25 from
this server (that is, connections from this server to a remote port 25)
From: Tulchinskiy, Sasha [mailto:STulchinskiy@aspensys.com]
Sent: Thursday, September 13, 2001 11:38
To: 'wanker'; Ken Seitz
Subject: RE: NT4+IIS4 = spam problem?
Look at "X-Mailer: Smartcode ObjectSet 1.0"
You might have this component used by one of your clients/developers.
Name: ObjectSet MAIL SDK
Product: OO SDK
Platforms: Win32, Win16, MacOS, Java
Phone: (847) 945 3516
Where: http://www.smartcodesoft.com and http://www.smartcode.fr
Author: Smartcode Software Inc
[ Olivier Meirhaeghe <firstname.lastname@example.org> 6-Nov-96 ]
ObjectSet MAIL SDK is a MIME/SMTP/POP3 SDK. It encapsulates these
three protocols in an EZ OO API. ObjectSet supports MIME1.0. The
MailMessage (MIME) Objects handles construction and parsing of MIME
compliant messages, encoding of Bodyparts. It is aimed towards
developers who want to easily integrate Mail into their applications,
or use Mail as the transport layer for their development. Integrates
with MFC (windows),CodeWarrior/Powerplant,MacApp (Apple). DLLs, OCX ,
ActiveX and Java to come. Unix: Ask us.
Further Details, Demo MUA and MIME Explorer, Sample Application source
Code, and a demo version of the Libraries with complete documentation
can be found on our web site, at http://www.smartcodesoft.com/
Unfortunately neither of links work but you can check registry for the
get its name and search the source code of your dynamic pages looking for
Received: by mail2.netacc.net (mbox x) (with Cubic Circle's cucipop
(v1.31 1998/05/13) Sun Sep 2 14:04:30 2001) X-From_: email@example.com
Sun Sep 2 11:31:57 2001 Return-Path: <firstname.lastname@example.org>
Received: from titanpdc.titansteel.com (mail.titansteel.com
[220.127.116.11]) by mail1.netacc.net (8.10.2/8.10.2) with ESMTP id
f82FVu035119; Sun, 2 Sep 2001 11:31:56 -0400 (EDT) Received: from
localhost (host.onmynetwork.com [xxx.xxx.xxx.xxx]) by
titanpdc.titansteel.com with SMTP (Microsoft Exchange Internet Mail
Service Version 5.5.2653.13) id RND6DNWM; Sun, 2 Sep 2001 11:23:25 -0400
MIME-Version: 1.0 X-Mailer: Smartcode ObjectSet 1.0
From: <email@example.com> Subject: Summer Software Special Date: Sun,
02 Sep 2001 08:41:21 To: x
On Thu, 13 Sep 2001, Ken Seitz wrote:
> Can you post a copy of the e-mail headers? It is difficult to diagnose
> without the full picture...
> Ken Seitz
> -----Original Message-----
> From: wanker [mailto:firstname.lastname@example.org]
> Sent: Wednesday, September 12, 2001 8:55 PM
> To: email@example.com
> Subject: NT4+IIS4 = spam problem?
> I would like to ask the assistance of anyone on the list that can assist
> me in solving an issue regarding spam eminating from a NT+IIS4
> server on my network. Please let me know if this question should be
> directed to a different list.
> NT4 server running IIS4.
> All pertinent patches applied.
> Approx 60 virtual hosts running on the server.
> port 25 blocked to the host IP at the router.
> Spam originating from this server. Headers indicate the spam originates
> from the server IP (not any of the virtual hosts).
> I have scanned the vhosts on the server for any cgi's that might allow
> relay (ie..formmail) and have not found anything. I have checked the log
> files/event viewer and have not found any definitive corresponding
> evidence regarding the origin of the spam (other than the starting and
> stopping of the smtp services) I am more than likely missing something
> very easy to spot but am drawing a blank.
> Any suggestions on tracking this issue down? (all suggestions welcome,
> matter how simple they may seem ;^)
> Thanks in advance.
> - wanker