Re: stop spamming
- From: "Tom Felts" <tfelts@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 12 Dec 2005 03:51:21 -0500
Can you pull the logs from your firewall? They should show any outbound
port 25 traffic, and what the originating IP is...
"Rod" <camino.april@xxxxxxxxxx> wrote in message
news:%23P%23hTcv$FHA.436@xxxxxxxxxxxxxxxxxxxxxxx
> I have just done what yuo suggested.
> Could I know which Private IP of my LAN is sending emails, because
> infected, watching in the router ?
>
>
> "Tom Felts" <tfelts@xxxxxxxxxxxxxxxxxxxxxx> ha scritto nel messaggio
> news:u4oZmbm$FHA.3392@xxxxxxxxxxxxxxxxxxxxxxx
> > Do you have AV on all your destops\servers? Sober U has it's own SMTP
> > engine, so it may not be going through your exchange server, but may be
> > going outbound through your firewall....can you block all outbound port
> > 25,
> > except for your exchange server?
> >
> >
> > "Rod" <camino.april@xxxxxxxxxx> wrote in message
> > news:urdtfHm$FHA.4012@xxxxxxxxxxxxxxxxxxxxxxx
> >> It seems that originating IP is mine (85.32.159.27).
> >> At the header of the email there is my IP (see above)
> >>
> >> "Tom Felts" <tfelts@xxxxxxxxxxxxxxxxxxxxxx> ha scritto nel messaggio
> >> news:%23LNt41l$FHA.740@xxxxxxxxxxxxxxxxxxxxxxx
> >> > There is a third possibility:
> >> >
> >> > Somone in the world has the virus, and is SPOOFING your domain as the
> >> > sender. The way to verify is to look at the headers of the e-mail
sent
> > to
> >> > rossi@xxxxxxxxxx What is the originating IP? Is it yours? If not,
it
> > is
> >> > spoofed (which sober does, btw).
> >> >
> >> >
> >> > Sounds like rossi@xxxxxxxxx needs a good AV solution.
> >> >
> >> >
> >> > "Rod" <camino.april@xxxxxxxxxx> wrote in message
> >> > news:%2350xtpl$FHA.328@xxxxxxxxxxxxxxxxxxxxxxx
> >> >> Hi at all!
> >> >> I have this configuration:
> >> >> MailServer (Exchange 2003) ----> Firewall (Watchguard Firebix
> > X) ----->
> >> >> Router Telecom ---> Internet
> >> >> I have MCcafee antivirus.
> >> >>
> >> >> My problem is:
> >> >> A person with this email "rossi@xxxxxxxxx" is receiving, one eache
16
> >> >> minutes, emails containing WORM.SOBER.U virus, from my smtp server.
> >> >> I think there are 2 reasons:
> >> >> a) I have the virus and send the email
> >> >> Analizing the smtp log of Exchange server 2003, I have no
> >> >> emails
> >> >> forwarded to rossi@xxxxxxxxx
> >> >>
> >> >> b) Someone in the world has the virus that use my server as SMTP
> > server
> >> > to
> >> >> send email containing the virus..
> >> >> How could I see this connections to my server ?
> >> >> How could I deny the access ?
> >> >>
> >> >> Could anyone help me, please?
> >> >> Regards,
> >> >> Antonio Grasso
> >> >>
> >> >>
> >> >
> >> >
> >>
> >>
> >
> >
>
>
.
- References:
- stop spamming
- From: Rod
- Re: stop spamming
- From: Tom Felts
- Re: stop spamming
- From: Rod
- Re: stop spamming
- From: Tom Felts
- Re: stop spamming
- From: Rod
- stop spamming
- Prev by Date: Re: stop spamming
- Next by Date: Re: Bulk delete question
- Previous by thread: Re: stop spamming
- Next by thread: Re: Name change due to marriage...
- Index(es):
Relevant Pages
|
