Re: Ok, strange thing
From: Vassilis Contogeorgos (vcon_at_hate_spam_hol.gr)
Date: 02/04/04
- Next message: Scott: "Where is the protocol IP address stored in the AD?"
- Previous message: Lanwench [MVP - Exchange]: "Re: Outlook"
- In reply to: Lanwench [MVP - Exchange]: "Re: Ok, strange thing"
- Next in thread: J.H: "Re: Ok, strange thing"
- Reply: J.H: "Re: Ok, strange thing"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 4 Feb 2004 17:17:14 +0200
Symantec corporate 8 exhcange filtering. Yes i allow relay upon
authentication cause otherwise the POP3 thing won't work.
But is is a strange issue. I don't think that someons is relaying through my
server. The administrator NDRs the text is not a standard Mydoom.a virus. I
mean no "unicode error, see attached file for details" etc.
"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
news:ecGZszy6DHA.1428@TK2MSFTNGP12.phx.gbl...
> What AV software are you using for Exchange, your server's file system,
your
> workstations? Do you allow non-Exchange e-mail into your network anywhere?
> Anyone allowed to relay, even via authenticated relay?
>
> Vassilis Contogeorgos wrote:
> > guys,
> >
> > i know that the virus spoofs the sender but i think that you miss the
> > point. I don't get NDRs from other domains saying that i send an
> > email with a virus. I get an NDR from MY administrator box of
> > exchange with the virus as an attachement. Their is no trace of SMTP
> > connection whatsover. Here is an example:
> >
> > our message did not reach some or all of the intended recipients.
> >
> > Subject: Error
> > Sent: 3/2/2004 13:27
> >
> > The following recipient(s) could not be reached:
> >
> > george@otherdomain.com on 3/2/2004 13:25
> > The e-mail account does not exist at the organization this
> > message was sent to. Check the e-mail address, or contact the
> > recipient directly to find out the correct address.
> > < aserver.dot #5.1.1 SMTP; 550-machine (server.dot) [an
> > ip] is currently not permitted to relay>
> >
> > I have a few of this NDRs with different erros, no user found, no host
> > found, wrong mailbox etc.
> >
> >
> >
> > "Vassilis Contogeorgos" <vcon@hate_spam_hol.gr> wrote in message
> > news:#Sv#LOj6DHA.3008@TK2MSFTNGP09.phx.gbl...
> >> Here is the issue.
> >>
> >> Since the Mydoom.A virus, a few users are starting to get reports
> >> from the exchange administrator (the local NDRs) saying that error
> >> in transmision, no host found, unable to relay etc etc. All this
> >> NDRs comes with attachement! the attachement contains the actuall
> >> virus which my AV sofware deletes the attachement. The strange thing
> >> is that it seems to come from my actual exchange (the icon of the
> >> message in outlook has the normal NDR icon (the red one) and there
> >> is no SMTP trace from the options to view a header. Their is no way
> >> that the server has the virus or that any other computer in my
> >> network has the virus.
> >>
> >> Is this some variant that tricks the user to think that it came from
> >> the server itself ?
> >>
> >> I'm not an open relay.
> >>
> >> Anyone has this symptom ?
> >>
> >> Thank you,
>
>
- Next message: Scott: "Where is the protocol IP address stored in the AD?"
- Previous message: Lanwench [MVP - Exchange]: "Re: Outlook"
- In reply to: Lanwench [MVP - Exchange]: "Re: Ok, strange thing"
- Next in thread: J.H: "Re: Ok, strange thing"
- Reply: J.H: "Re: Ok, strange thing"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
