Re: Virtual SMTP logins - Urgent help wanted

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: _M_ (here_at_gone.com)
Date: 04/26/04 

Date: Mon, 26 Apr 2004 14:19:53 -0400

Actually, after checking the security logs in the event viewer, the spammers
were connecting via a hacked account and sending email from the mail server
and not to it. I have now disabled the account (which was a resource
account and unneeded) and the event logs show login failures, account
disabled.

"hansh" <hheemskerk@planet.nl> wrote in message
news:c6jjg7$j89$1@reader08.wxs.nl...
> You have anonymous login enabled (otherwise you would't be able to receive
> internet mail)
> These logins are probaly from spammers, sending lots of mail to for
instance
> john@yourdomain.com, william@..,
> trying every common first name. That is why these connections stay visible
> for some while. The queues are then filled with NDR's that Exchange keeps
> trying to deliver for a couple of days but can't because the return
address
> is a fake.
>
> Our exchange server receives its internet mail via a virus scanning
gateway
> (there are plenty on the market: GFI, McAfee etc) in the dmz and accepts
> only mail from that server. This gateway dumps a lot of unwanted mail
before
> it even reaches exchange..
>
>
>
>
>
>
>
> "_M_" <here@gone.com> schreef in bericht
> news:e17rqM7KEHA.2012@TK2MSFTNGP11.phx.gbl...
> > Have E2k3. If I look at the SMTP virtual server Current sessions I keep
> > getting these miscellaneous logins, like "scholastic", "hustled", etc.
> How
> > are they loging in to the SMTP virtual server when I have tested for
Relay
> > and it is NOT open. Anytime I notice these Logins, there then appears
> lots
> > of queues.
> >
> > How do I find the user account that was hacked if it was ?
> > How can I stop these Logins ?
> > Can this be a new virus ? (have run multiple virus scans)
> >
> > TIA
> >
> >
> >
> >
>
>

Relevant Pages

  • Secure web authentication system w/o SSL and PKI
    ... In the beginning, a user should be able to register for an account, ... minted one-time password to their email address. ... it is assumed that only both the server and the end ... I'm making the big assumption that the user's email login has not been ...
    (comp.security.misc)
  • Re: user cant access OWA or RWW
    ... I filtered the Security log on the server using her name in the User box and unchecked Success. ... Now I see Event 533's for her account when I tried it this morning. ... There should be a couple of events during this login process. ...
    (microsoft.public.windows.server.sbs)
  • Re: Error 10061, 0x800ccc0e, bug?
    ... message 'connection to server cannot be established. ... booting and in your first XP login session, ... * changing windows account is not important, ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: 0x800ccc0e & 0x800ccc0d
    ... Are you saying that I,:login username@xxxxxxxxxxxxx? ... Tiscali is my ISP but I have not got an e-mail account with them, ... server, set a reasonable number of days to delete from server, or your ISP ... Your Live mail account Will NOT work in WM, ...
    (microsoft.public.windows.vista.mail)
  • Re: Tough password question!
    ... Is it possible that NTLMv2 login is failing for some reason and the server / ... > I have used passwords longer than 14 characters on ... >>> account and it will login if I change the domain admin password to ...
    (microsoft.public.windows.server.active_directory)