weak username/passsword being used to send using smtp-auth? regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 44 (0)24 7635 5378, Fax: 44 (0)24 7635 8378 mailto:[EMAIL PROTECTED]
> -----Original Message----- > From: Henry, Christopher M. [mailto:[EMAIL PROTECTED] > Sent: 19 April 2004 16:13 > To: Exchange Discussions > Subject: RE: Exchange server used to relay spam > > > I do have a bunch of remote users that still connect by dialup... > And right now only the IT department has VPN access. > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Weatherly, Rob > Sent: Monday, April 19, 2004 11:10 AM > To: Exchange Discussions > Subject: RE: Exchange server used to relay spam > > Do you have user that connect through a VPN or RAS. > It might be coming from remotely connected home users > > A possibility?? > > -------------------------------- > Rob Weatherly > -------------------------------- > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Henry, Christopher M. > Sent: Monday, April 19, 2004 11:07 AM > To: Exchange Discussions > Subject: RE: Exchange server used to relay spam > > That is what one of header look like: > > > > Received: from antoinette ([200.185.86.250]) by exchange.rcoa.com with > Microsoft SMTPSVC(5.0.2195.6713); > Sun, 18 Apr 2004 16:59:12 -0400 > From: "Jocelyn Dolan-Tarver"<[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: CIA_L1S & LEV_ITRA is taken about half an hOur before any > s~exua1l activity begins ! > Mime-Version: 1.0 > Content-Type: text/html; charset=us-ascii > Content-Transfer-Encoding: 7bit > Return-Path: [EMAIL PROTECTED] > Message-ID: <[EMAIL PROTECTED]> > X-OriginalArrivalTime: 18 Apr 2004 20:59:13.0906 (UTC) > FILETIME=[01322520:01C42588] > Date: 18 Apr 2004 16:59:13 -0400 > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rob > Ellis @ Hook > Sent: Monday, April 19, 2004 10:11 AM > To: Exchange Discussions > Subject: RE: Exchange server used to relay spam > > Where are they connecting to? Various places, one would assume. > > Virus on the exchange server? > > Virus on a client? > > > > Regards, > > > Rob Ellis > User Support Manager > ntl Group IT > Ext: (711) 4245 > DDI: 01256 754245 > Mob: 07974 403273 > email: [EMAIL PROTECTED] > > > -----Original Message----- > From: Henry, Christopher M. [mailto:[EMAIL PROTECTED] > Sent: 19 April 2004 15:04 > To: Exchange Discussions > Subject: RE: Exchange server used to relay spam > > I have verified that it is not an open relay. My log files > are averaging > between 2-300 megs daily. And I am pretty sure it is spam based on the > subjects in the logs. I have excessive amounts of outbound smtp > connections from my exchange server (when the office is empty). > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Tony > Hlabse > Sent: Monday, April 19, 2004 9:52 AM > To: Exchange Discussions > Subject: RE: Exchange server used to relay spam > > Have used any utilities to verify that you are not an open > rely. Such as > http://www.ordb.org/submit/ > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Henry, Christopher M. > Sent: Monday, April 19, 2004 9:42 AM > To: Exchange Discussions > Subject: Exchange server used to relay spam > > Once again I am completely screwed. > > My exchange server is being used to relay spam, However it is not an > open relay. My guess is that there is some Trojan loaded on there > somewhere. > Does anyone have any ideas on where I might start to even attempt to > figure out what is going on? > > > Chris > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=& > lang > =english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=& > lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=& > lang > =english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > > The contents of this email and any attachments are sent for > the personal > attention of the addressee(s) only and may be confidential. > If you are > not the intended addressee, any use, disclosure or copying of > this email > and any attachments is unauthorised - please notify the > sender by return > and delete the message. Any representations or commitments > expressed in > this email are subject to contract. > > ntl Group Limited > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=& > lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
