Re: [Declude.JunkMail] DORKZTL:Strange
I have another issue that may or may not be germane here. I have a small server running W2K as the OS with Apache and PHP running a webpage. The webpage has an entry to an email user on my Imail server. This morning I noticed my log file hit over 14 Mb in size. How high is it normally? If it is normally 10-12 MB, there may be no problem. If is is normally 1-2 MB, you may have a compromised server that a spammer is using to send out spam. I cleared out over 14,000 bad emails and email in the queue at about 10:00 am today. Ten minutes ago I cleaned out another 15,000 emails from the queue. I also stopped the SMTP service on the server. Does anyone have any idea how or what I need to do to stop this monster? The first step is to identify the monster. To do that, I would open some of those 10,000's of E-mails, and see who they are from/to. If they are all from/to the same user, there may be a mail loop. More likely, a spammer has found a way to send spam through your mailserver. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] DORKZTL:Strange
Normal size is around 1 Mb. Just a small server with around 5K emails a day. All of the emails seem to be coming from the same sender. The weird thing is it is not on my email server...it is on a web server that is not published but used strictly for in house use by a client. I have killed the SMTP service on it in hopes of stopping it for the time being. All the Bad emails and queued emails were on the web server and not the email server. There is no reference of an email on the web server other than a form that sends it through my email server (one form.) I guess that is how it is getting to the email server. Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Monday, July 15, 2002 1:08 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] DORKZTL:Strange I have another issue that may or may not be germane here. I have a small server running W2K as the OS with Apache and PHP running a webpage. The webpage has an entry to an email user on my Imail server. This morning I noticed my log file hit over 14 Mb in size. How high is it normally? If it is normally 10-12 MB, there may be no problem. If is is normally 1-2 MB, you may have a compromised server that a spammer is using to send out spam. I cleared out over 14,000 bad emails and email in the queue at about 10:00 am today. Ten minutes ago I cleaned out another 15,000 emails from the queue. I also stopped the SMTP service on the server. Does anyone have any idea how or what I need to do to stop this monster? The first step is to identify the monster. To do that, I would open some of those 10,000's of E-mails, and see who they are from/to. If they are all from/to the same user, there may be a mail loop. More likely, a spammer has found a way to send spam through your mailserver. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.375 / Virus Database: 210 - Release Date: 7/10/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.375 / Virus Database: 210 - Release Date: 7/10/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] DORKZTL:Strange
I can't tell you as I apparently don't have it configured properly yet. The DECCON log told me at 0930 that I had 1536 emails, with 873 Spam. I clicked it close when doing something and it didn't come back on. I started it again an hour ago and I just now checked it and it said 0,0,0,0 so I have another issue as well. Oh, I forgot the one about the boss yelling about how he spent $700 to get an email this morning about an adult porn site! I told him he should invest some time in it and leave me alone so I could figure out how to help his spam situation. Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff Sent: Monday, July 15, 2002 1:12 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] DORKZTL:Strange If you have Declude Hijack loaded and configured, what does the Deccon log say? John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com I have another issue that may or may not be germane here. I have a small server running W2K as the OS with Apache and PHP running a webpage. The webpage has an entry to an email user on my Imail server. This morning I noticed my log file hit over 14 Mb in size. I just loaded Declude Hijack and Declude Junk Mail on the server Saturday. I have been running Declude Virus for quite some time. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.375 / Virus Database: 210 - Release Date: 7/10/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.375 / Virus Database: 210 - Release Date: 7/10/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] DORKZTL:Strange
Normal size is around 1 Mb. Just a small server with around 5K emails a day. All of the emails seem to be coming from the same sender. The weird thing is it is not on my email server...it is on a web server that is not published but used strictly for in house use by a client. I have killed the SMTP service on it in hopes of stopping it for the time being. Note that the spammers that break into webservers will run their own software on there, not using the Microsoft SMTP service. All the Bad emails and queued emails were on the web server and not the email server. There is no reference of an email on the web server other than a form that sends it through my email server (one form.) I guess that is how it is getting to the email server. Usually the spammers access their spamware through a web form, so that it probably the problem. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] DORKZTL:Strange
Did the Console screen on the server show any mails being held? (It would list by IP address.) John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jim Rooth Sent: Monday, July 15, 2002 11:28 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] DORKZTL:Strange I can't tell you as I apparently don't have it configured properly yet. The DECCON log told me at 0930 that I had 1536 emails, with 873 Spam. I clicked it close when doing something and it didn't come back on. I started it again an hour ago and I just now checked it and it said 0,0,0,0 so I have another issue as well. Oh, I forgot the one about the boss yelling about how he spent $700 to get an email this morning about an adult porn site! I told him he should invest some time in it and leave me alone so I could figure out how to help his spam situation. Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff Sent: Monday, July 15, 2002 1:12 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] DORKZTL:Strange If you have Declude Hijack loaded and configured, what does the Deccon log say? John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com I have another issue that may or may not be germane here. I have a small server running W2K as the OS with Apache and PHP running a webpage. The webpage has an entry to an email user on my Imail server. This morning I noticed my log file hit over 14 Mb in size. I just loaded Declude Hijack and Declude Junk Mail on the server Saturday. I have been running Declude Virus for quite some time. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.375 / Virus Database: 210 - Release Date: 7/10/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.375 / Virus Database: 210 - Release Date: 7/10/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
