What is calling imail1.exe? http://www.ipswitch.com/support/IMail/guide/imailug801/Appendix%20C%20cmd_line5.html
John On Thu, 20 May 2004 12:36:28 -0400, Mailing Lists wrote: > Also noticed that process imail1.exe (sometimes more than 1 > process) is > running in taskbar? What is calling imail1.exe? > > BTW, also running Declude (Junkmail and Virus on server) > > Peter > > > ----- Original Message ----- > From: "Mailing Lists" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, May 20, 2004 12:23 PM > Subject: [IMail Forum] Possible Imail Hack?? > > >> We found the weirdest thing on Imail Server today (running 8.05). >> >> We had some host admins complaining that they saw users in their >> domain >> which were not recognized (i.e. they did not create these users). >> >> As more reports came in, we found a pattern.... users created >> were always >> same .... postmaster (not alias but user), peter, mariselas and a >> couple >> others. >> >> Looking into the registry, these illegal users all had just a >> registry >> string called SMTPWIN with value of 20,20,524,350 >> >> No other strings values for the illegal users which is extremely >> weird > (see >> below). >> >> Even more curious, as we deleted these illegal users, they >> cropped up > again >> after a short while.... >> >> I called IPSWICTH this morning, and were not willing to look into >> it as >> there wasnt enough information! Not the best answer I received >> especially >> since it concerns security. I can understand that they dont know >> what and >> where the issue is but you would expect them to want to >> investigate if > there >> is a hole some-where... so I guess I am at mercy of this list. >> >> There is a firewall in front of Imail server, allowing just port >> 80 for > web >> interface of imail, port 25, port for imap, port 110, and port >> for web >> calendaring. >> >> There is AV on machine, it just does not scan user mailboxes and >> spool. > Just >> ran a virus scan and comes out clean. >> >> Any help or directions would be appreciated. >> >> Thanks >> >> PV >> >> > [HKEY_LOCAL_MACHINE\SOFTWARE\Ipswitch\IMail\Domains\domain.com\Users\p > ostmas >> ter] >> "SMTPWIN"="20,20,524,350" >> >> > [HKEY_LOCAL_MACHINE\SOFTWARE\Ipswitch\IMail\Domains\domain.com\Users\p > ostmas >> [EMAIL PROTECTED] >> "SMTPWIN"="20,20,524,350" >> >> >> To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html >> List Archive: http://www.mail- >> archive.com/imail_forum%40list.ipswitch.com/ >> Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail- > archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ ColdFusion ASP ActiveState PERL Hosting Includes 10 Domains - 100% Browser Based Administration http://www.cybersmarts.net LogFileManager - IIS LogFile Management Tool WebPageChecker - Helps Maintain Server UpTime http://www.serverautomationtools.com To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
