> >Bam. There's your answer. 172.20.207.185 is a local IP. The spammer is
> >sending mail through that server. It's not an IMail issue; your other
> >server was compromised.
>
>Hmmm...That's the IP of our firewall/proxy server. It's not running SMTP,
>but has NAT and packet filters enabled that pass the appropriate traffic to
>the IMAIl server....
You should get rid of that firewall immediately. It sounds like it is
seriously broken.
If the firewall is sending packets to IMail with the firewall's IP address,
either someone broke into the firewall and was able to do stuff that a
firewall shouldn't be able to do (send spam), or it is allowing a spammer
to spoof the IP address of the firewall (no firewall should accept packets
that claim to be from its IP), or it is in some other way allowing traffic
from outside the firewall to come inside anonymously (the proxy perhaps?).
Unless I'm missing something, that firewall is worse than having no
firewall (in which case you would at least know where the traffic was
coming from).
-Scott
---
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for
IMail. http://www.declude.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
