Wow, that's pretty discouraging. It's a Microsoft ISA Server METICULOUSLY configured to protect our internal PCs. I know it's somewhat off my original question, but any recommendations from the list on ISA and IMAIL?
V�ctor R. Scott Perry wrote: > >> >Bam. There's your answer. 172.20.207.185 is a local IP. The >> spammer is >> >sending mail through that server. It's not an IMail issue; your other >> >server was compromised. >> >> Hmmm...That's the IP of our firewall/proxy server. It's not running >> SMTP, >> but has NAT and packet filters enabled that pass the appropriate >> traffic to >> the IMAIl server.... > > > You should get rid of that firewall immediately. It sounds like it is > seriously broken. > > If the firewall is sending packets to IMail with the firewall's IP > address, either someone broke into the firewall and was able to do > stuff that a firewall shouldn't be able to do (send spam), or it is > allowing a spammer to spoof the IP address of the firewall (no > firewall should accept packets that claim to be from its IP), or it is > in some other way allowing traffic from outside the firewall to come > inside anonymously (the proxy perhaps?). > > Unless I'm missing something, that firewall is worse than having no > firewall (in which case you would at least know where the traffic was > coming from). > > -Scott > --- > Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for > IMail. http://www.declude.com > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
