Re: Mass Mailing worm problem, please help
From: Chuck (none_at_example.net)
Date: 08/27/04
- Next message: Celtic Leroy: "Re: Good firewall recommendations"
- Previous message: chris: "Re: Mass Mailing worm problem, please help"
- In reply to: chris: "Mass Mailing worm problem, please help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 27 Aug 2004 13:48:14 -0500
On Fri, 27 Aug 2004 20:28:11 +0800, "chris" <router88@sinaman.com> wrote:
>Hi All,
>
>I got a very serious problem. My email server keep having the "relaying
>denied" message and I think some of my clients' pc got infected. However,
>the email didn't show which pc or from which IP address the email are sent
>from. Therefore, I would like to know how can I check it out or any software
>can help??? And also, how can I identify which virus my clients' pc are
>infected. As it made us can't send out any email with message below
>
>Mail server: WinRoute Pro 4.2.5 at ctw.com.hk
>Error description: message could not be delivered, server replied:
>550 5.7.1 <teix@ter.hk>... Relaying denied
>Original message is attached.
>
>Anyone can help?? Please help me...Thanks alot.
>
>Chris
Chris,
So were there not any clues in the "Original message is attached"?
If your client has a PC that's busy sending out spam, there should be a lot of
smtp traffic on their LAN. Hoping that they're behind a firewall or router, is
there not a firewall log?
What hub / switch is their LAN based upon? If a switch, can you install a hub
between it and the internet gateway, and setup a sniffer listening for outgoing
smtp traffic?
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
- Next message: Celtic Leroy: "Re: Good firewall recommendations"
- Previous message: chris: "Re: Mass Mailing worm problem, please help"
- In reply to: chris: "Mass Mailing worm problem, please help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
