Server hacked/being used as spammers haven...
- From: "Rlee" <tech_support@xxxxxxxxxx>
- Date: Mon, 12 Nov 2007 19:15:23 -0700
Hi there,
Our webserver recently got hit with one of those spam senders... I will say
that ORF (spam blocker) has definitely helped me in noticing that we were
being used as an
open relay... anyway, that has been fixed.
The problem is that i'm still getting some relaying through our system...
ORF does show the emails going out, but i have no clue how they are sending
the emails through our server.
We are using small business server 2000 with exchange 2k, isa2k, etc...
Basically, the spammer is able to send mail if they somehow log onto our
server (via 10.0.0.2)... if the spammer uses their own ip address, it does
get blocked. They used to be able to use fake emails to relay, but now they
use our domain mail (@uls.com) to send them out.
All emails that are sent out are from FAKE uls email accounts (they do not
exist on our system).
Any help or suggestions would be appreciated.... It has been a very very
long week :(...
My only thought is that we have a port open... we are running ISA server 2k
in front...
Thanks!
....Robin
.
- Follow-Ups:
- RE: Server hacked/being used as spammers haven...
- From: Terence Liu [MSFT]
- Re: Server hacked/being used as spammers haven...
- From: Rlee
- RE: Server hacked/being used as spammers haven...
- Prev by Date: Re: owa
- Next by Date: Re: Different Sharepoint 3.0 Q's
- Previous by thread: RWW Is this possible with one NIC?
- Next by thread: Re: Server hacked/being used as spammers haven...
- Index(es):
Relevant Pages
|
