1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Spam Bots

Collapse
X
1 to 4 of 4 Previous template Next
Collapse
Reply to Thread
  •  
  • Filter
  • Time
  • Show
Clear All
new posts
1 to 4 of 4 Previous template Next
    #1

    Spam Bots

    Guys,

    Has anyone any experience of Spam Bots sending cr@p out from a network via Exchange Server. This isn't a 'for sure' problem I'm looking into but I've got some strange emails heading out in the form of [garbled-mix of alphanumenrics]@our-domain-name.co.uk which looks like the classic generated spam we all come across.

    Does anyone know of any software we can deploy to determine if we have a hijacked PC/Server?

    Thanks.
    Tags: None
    #2
    Originally posted by Kyajae
    Guys,

    Has anyone any experience of Spam Bots sending cr@p out from a network via Exchange Server. This isn't a 'for sure' problem I'm looking into but I've got some strange emails heading out in the form of [garbled-mix of alphanumenrics]@our-domain-name.co.uk which looks like the classic generated spam we all come across.

    Does anyone know of any software we can deploy to determine if we have a hijacked PC/Server?

    Thanks.
    You have turned of mail forwarding on the server, havn't you?

    When you say you have strange emails heading out where are you seing them? Are they being bounced as undeliverable or can you see them in the mail transaction logs?

    It's probably not the server that has the problem but a compromised PC on the network. Check the mail server log for traffic and see if there is a culprit. If you arn't logging traffic atm start and see what turns up.

    Do the destination addresses have a pattern? Are they all sent from the same "from" address?

    If this fails run a sniffer like windump/tcpdump and look for traffic on port 25, might give you the IP off the offending box including traffic coming from outside and being bounced off your mail server.
    "Being nice costs nothing and sometimes gets you extra bacon" - Pondlife.

    Comment

      #3
      Is your Exchange server external facing, or do you have another host/service inbetween that and the internet?

      As mentioned it is worth checking your relay settings on the Frontend servers, to ensure that the server is not acting as an open relay.

      Comment

        #4
        This may help

        Comment

        Reply to Thread
        1 to 4 of 4 Previous template Next

        Advertisers

        1. Contracting
          1. General
            1. Brexit
          2. Business / Contracts
            1. Coronavirus Assistance
          3. Accounting / Legal
            1. Umbrella Companies
            2. HMRC Scheme Enquiries
            3. The Future of Contracting
            4. IR35 Reform
          4. Technical
          5. Welcome / FAQs
        2. Social
          1. Light Relief
          2. Social / Events
        Working...
        X