* This is the vopmailbeta mailing list *
Hi, I have a customer that we are hosting e-mail for. This is the second time this has happened with this particular user (happened last year on our old mail system). I notice on Sunday that e-mail with a mailfrom of the users account, was attempting to send to various different users at about 1 minute intervals. At first I thought the customer didn't have the "authenticate" for SMTP. Anyway, after seeing some e-mails addressed to "unlikely" receipients (various colorful adjectives), I realized that the user must be infected again. Luckily, we have the requirement of authentication. ---- SMTPRS log entry made at 10/14/2002 00:14:16 SMTP command failed when talking to 142.154.115.21: >>> RCPT TO:<[EMAIL PROTECTED]> <<< 501 This system is not configured to relay mail from <[EMAIL PROTECTED]> to <[EMAIL PROTECTED]> for 142.154.115.21 ---- SMTPRS log entry made at 10/14/2002 00:16:41 SMTP command failed when talking to 142.154.115.21: >>> RCPT TO:<[EMAIL PROTECTED]> <<< 501 This system is not configured to relay mail from <[EMAIL PROTECTED]> to <[EMAIL PROTECTED]> for 142.154.115.21 ---- SMTPRS log entry made at 10/14/2002 00:18:25 SMTP command failed when talking to 142.154.115.21: >>> RCPT TO:<[EMAIL PROTECTED]> <<< 501 This system is not configured to relay mail from <[EMAIL PROTECTED]> to <[EMAIL PROTECTED]> for 142.154.115.21 I tried to help over the phone with an antivirus update (the user had it turned off and last definitions were from October last year). Anyway... the customer is not concerned because the e-mail is working for them and they seem to not care about fixing their system. What can I do to block, stop, etc? The customer is using a dial-up so I can block the IP being used now, but it's gonna change. I very worried that if some gets through, our server will get BL'd. Any ideas? Warren (Sam) Sampson MCSE, CCA KMP Designs Inc. 7145 West Credit Ave Suite 101, Building 2 Mississauga, ON L5N 6J7 Phone: (905)812-5635 Fax: (905)812-5636 E-mail: [EMAIL PROTECTED] ** To leave this list, send an email to [EMAIL PROTECTED] and put the word "LEAVE" in the BODY of the email.
