Re: Server hacked/being used as spammers haven...

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Again, thanks to everyone who responded... I appreciate it all :)

"Rlee" <tech_support@xxxxxxxxxx> wrote in message
news:e18LKJyJIHA.5764@xxxxxxxxxxxxxxxxxxxxxxx
It wasn't fully exposed... There were ports that were blocked... ISA
server has always been running...

In the end, i did figure out how to stop the spam from coming out...
Somehow the users were sending anonymous info THROUGH my proxy (which i've
tested as NOT being exposed) as i used several testers on it and it
couldn't be seen.

Basically, this is what i did...
1. I removed the virus, extra accounts, etc
2. I closed the open relay
3. Turned off "anonymous" relay in ISA Server.

Once i did the last one, i have YET to see any issues with spam being sent
(afterall, i have been watching all the spam servers to see if we are
still sending).

From what i can see while going over my logs, i rarely see any external ip
addresses going through isa server... Which i believe was the problem...

If i was to do a complete reinstall, i might as well just upgrade.. :)

As i had thought about this, and the fact that the server is 4 or 5 years
old, i am going to start the research on the upgrade to sbs2003.... i
believe i had read that there might be a newer sbs coming out soon ?



Considering this server is 4 years old, i am goin
"Leythos" <void@xxxxxxxxxxx> wrote in message
news:MPG.21a4a40ec121dcbe98985b@xxxxxxxxxxxxxxxxxxxx
In article <qld#dRpJIHA.5204@xxxxxxxxxxxxxxxxxxxxxx>, v-
terliu@xxxxxxxxxxxxxxxxxxxx says...
If I have misunderstood
the problem, please don't hesitate to let me know.

Yes, you missed the part where his server was fully exposed to the
internet without ANY protection of any type.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)




.

Relevant Pages

  • Re: How to do rDNS. WAS: RE: educating rDNS violators
    ... It's done in the DNS server. ... As a spam prevention measure, a lot of end-user Internet providers are ... Using your own mail server as a slave to the ISP's mail server will add ...
    (Security-Basics)
  • RE: OMA and Outgoing Spam
    ... Someone hacked a user account and use it to spam emails; ... Your Exchange server is open relaying emails;(You have checked it ... Your server is under RNDR Attack. ... Microsoft is providing this information as a convenience to you. ...
    (microsoft.public.windows.server.sbs)
  • RE: OMA and Outgoing Spam
    ... Someone hacked a user account and use it to spam emails; ... Your Exchange server is open relaying emails;(You have checked it ... Your server is under RNDR Attack. ... When you enable recipient filtering on the SMTP virtual server, ...
    (microsoft.public.windows.server.sbs)
  • Re: Will this work??
    ... You can upgrade but don't rely on Exchange 2003 to eliminate your spam ... Exchange 2003 uses IP lookup in an RBL server ... I'd rather not upgrade the mailbox servers at this point. ...
    (microsoft.public.exchange2000.misc)
  • Re: Will this work??
    ... You can upgrade but don't rely on Exchange 2003 to eliminate your spam ... Exchange 2003 uses IP lookup in an RBL server ... I'd rather not upgrade the mailbox servers at this point. ...
    (microsoft.public.exchange2000.admin)