Re: Is this a Virus? Spammer? Emails sent to unkown address...
From: x y (jamescagney90210@yahoo.com)Date: 04/25/02
- Next message: x y: "Re: Go in.exe"
- Previous message: Completely Normal: "Thank God For Firewalls (KazaaLite)"
- In reply to: Spelcher@info.der-keiler.de: "Is this a Virus? Spammer? Emails sent to unkown address..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "x y" <jamescagney90210@yahoo.com> Date: Thu, 25 Apr 2002 18:38:32 GMT
That could be a lot of things. Giving us more info about the netstat
results, like the port number, would be helpful. Also, I assume this
netstat was done on your mail server? There are various URLs where you can
check to see if you're set to relay, or you can telnet in to your server and
use SMTP commands to try to send email. Search previous posts here to get
the URL.
Exchange server can and does keep lots of ports open, mostly to your Outlook
email clients on the network, and also to email servers on the internet
either to or from port 25. The IP address using port 25 in the netstat
results is the one receiving email in that connection.
The following commands typed at a command prompt are a clue as to whether or
not your server is denying relaying:
telnet servername 25
helo yahoo.com
mail from: user@yahoo.com
rcpt to: user2@yahoo.com
data
test
. [that's a period]
exit
If your email server is set up for relaying, which is bad, you should
receive an email at the user2@yahoo.com mailbox. If you get an error
message right after the rcpt to: line, it's not relaying. Any other result
may require further investigation.
check the instructions at http://support.microsoft.com to make sure your
exchange server is not set up to relay spam. Fport from foundstone.com can
tell you what ports are open on your computer, try running that on your mail
server. post the results here and the netstat -an results if you need more
advice. Recommend installing all the latest microsoft patches, doing the
security stuff recommended at www.microsoft.com/security including signing
up for the microsoft security patches newsletter. Also download and install
www.gfi.com Languard file integrity checker for free on the mail server and
any other externally visible servers, like your web server. Also an
antivirus program that downloads updates automatically. The free pstools
from www.sysinternals.com are also helpful forensic tools for this,
especially pslist. Also, I assume you have a "hardware" firewall. You
might check the logs there for traffic to your mail server.
<Spelcher> wrote in message news:aa9dl502llj@enews2.newsguy.com...
>
> We are running windows 2000 SP2/Exchange with all the latest patches
behind a Netscreen 10 firewall.
> The last few days we have been getting emails bounced back that appear to
be sent from us to an unknown address.
> Last night in the wee hours of the night I noticed a little traffic so I
wen't to the command prompt and typed
>
> netstat -a
>
> and got about 100 or so active connections listed...
>
> 192.168.1.45:whatever randome ip address
>
> Any idea what's happening here? Am I relaying spam and don't know it? We
just recently upgraded to
> windows 2000.
>
> TIA
>
> Spelcher
>
>
- Next message: x y: "Re: Go in.exe"
- Previous message: Completely Normal: "Thank God For Firewalls (KazaaLite)"
- In reply to: Spelcher@info.der-keiler.de: "Is this a Virus? Spammer? Emails sent to unkown address..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
