Software602 Home . products . download . support . register . how to buy . . view cart . . . contact us . . . .
Software602 Home . . . . . .
. .
Software602 Login
Support Home .
User Forum .
Knowledge Base .
Submit Ticket .
View My Tickets .
. .
602LAN SUITE 2004 User Forumforum home | rss | search | terms of use
BackBack to 602LAN SUITE 2004 Forum
Add New TopicAdd New Topic
Post ReplyPost Reply
Unassigned sender SMTP proliferation in Active Rep
  Posted by  Nic Nel  on Monday, September 25, 2006 at 12:04:08 PM (EST)
This was the list of unassigned sender SMTP addresses reported on 22 Sept 2006. In the space of 2 days this list has grown to number over 280! In excess of 12Mb of bandwidth has been used over a long weekend when my computers were switched on but idle. Last night I ticked "Relay for 602LAN Suite users only" and listed all these addresses in the "SMTP Anti-Spam settings" using * and the extension. Hopefully, this will do the trick and stop what appears to me to be an email takeover. The HINET.NET site is all in chinese (or something) and I have not visited previously.
I am using McAfee aside from the AV from 602.
Can anybody tell me what is going on?
What else can I do?

Unassigned sender SMTP addresses:

  Posted by Martin Mallinson  on Monday, September 25, 2006 at 3:31:32 PM (EST)
I also have big problem this weekend - my ISP threatens to cut me off due to huge number of SMTP emails.. whats going on? What can I do? I have 5 user free Lansuite (have had no problems for many years).

Have just installed latest (1 sept 2006) and problem remains. I have disabled queue processing which seems to stop the problem and am now trying to get to "manage queues" but machine is Lanuite.exe 99% CPU and >200M memory for last 10 mins after this menu click.. I guess it has been flooded with some SPAM email and is trying to show me a huge list.

Anyhow anyone know what can be done?
  Posted by Beyers Slabbert  on Tuesday, September 26, 2006 at 11:58:23 AM (EST)
assuming your using DHCP... theres 2 things u might try.
in advanced configuration: SMTP
1.) "Relay for 602LAN SUITE users only" must be ticked, you can also add "Verify sender by previous POP3 access" which sometimes complicates things a bit...
2.) SMTP Relay IP Filter (through IP defines acces to SMTP)
use the range as in your DHCP Server Settings to ensure only your network users will be able to use your SMTP relay...

import in the last bit is that IF you're running DHCP and your lan-pc's TCP/IP settings are set to automatic,the alternate settings must be specific within the same range, and static in order to be able to use the SMTP / POP services of the server when connecting from another internet connection (like from home for argument sake)...
hope that helps...
you can also try and set your SMTP anti-spam settings...
  Posted by Nic Nel  on Tuesday, September 26, 2006 at 2:28:30 PM (EST)
Right, first off Martin:
I have had this phenomenon twice in the past - my computer suddenly sent out 1000s of copies of the same fairly long email. I never got to the bottom of it but I think LAN Suite never did an email termination (or whatever) and comtinued to act as though the email still had to be sent. It wiped my 3gig band width limit in about 15 hours. However, what you are experiencing does not appear to be the same problem I currently have, although last night I had 49Mb usage on what should have been an idle machine.
1. I am not using DHCP... Should I be and why?
2. "Relay etc" amd "Verify sender...etc" were not previously ticked because this setting causes hassles with emails with some (strangely, not all) PCs on my network. They cannot get emails out although everything else seems set up correctly. Anyway, I did tick them Sunday night but does not have made a difference to Mondays list, received today (Tuesday).
3. Also on Sunday, I have fiddled with the SMTP anti - spam settings and listed all the unassigned sender addresses with a * and the common part of the address. This does not seem to have helped as my list today was even longer. How much of this is history and how much of this is current email interference, I do not know. How do I clear the list?
  Posted by Beyers Slabbert  on Wednesday, September 27, 2006 at 1:57:45 AM (EST)
using DHCP isn't a "must" - you can assign IP's to your lan-pc's manually and have them static, but you must remember to specify the default gateway then as well (this should be the same as your LS machine)... using DHCP just simplyfies the network range you use and the router being specified - all of this is in the attempt to be able to specify an IP filter for access to your SMTP relay service... which i think will still solve 90% of your problems...
say your LS "server" is on - with subnet mask - your pc's must be in a range for argurment of with default gateway of, same subnet mask... then specifying the IP filter defines access, add / (which will only allow YOUR lan-pc's to use the SMTP server)...
the main reason using the DHCP is usefull is that LS then controls the lan settings of your lan-pc's so if you change something on the internet sharing or routing or natting or so: it gets applied to all the pc's...
how to clear the list?mmmm not sure myself will have a look though.
also try and look at your LS firewall - if your using it - have you added a SMTP set (and does it allow all access or again only your network range addresses?)...
  Posted by Nic Nel  on Wednesday, September 27, 2006 at 3:04:53 PM (EST)
Jimi Gooding has tried to downplay my fears by suggesting that I am only the target of unsuccessful spammers. If one looks at the amount of band width used, I would say they have successfully invaded my machine and I really need an answer soon. This is what last night's Active Report looked like:

Total data size from 2006/09/26 in protocols:

NAT: 0 B
HTTP: 154.9 MB
FTP: 0 B
POP3: 0.2 MB
FAX: 0 B

Total data size 10.0 MB from 2006/09/26 exceeded:

Nic Nel: 158.5 MB

Data size 10.0 MB over HTTP from 2006/09/26 exceeded:

Nic Nel: 143.1 MB

Data size 10.0 MB over SMTP OUT from 2006/09/26 exceeded:

Nic Nel: 15.3 MB

*** [Administration] ******************************************

Unassigned sender SMTP addresses:

Statistics created by 602LAN SUITE ActiveReports

This e-mail was scanned for viruses using BitDefender
  Posted by Robert Smith  on Friday, September 29, 2006 at 10:24:20 AM (EST)
What does your SMTP relay options look like?

You might also want to check your workstations for viruses or's possible they are sending out the messages. they might not even be relayed off the server.
  Posted by Nic Nel  on Monday, October 02, 2006 at 4:04:31 AM (EST)
Hi Robert
I have put Spybot 1.4 on each machine. I have also been corresponding with Support direct. I have sent them screenshots of SMTP and other windows as well as copies of several files and logs. So far, they have not come up with anything hopeful. Spybot did eliminate several threats on each machine.
I will let you know progress when I get any. Meanwhile, I have acted on the lines suggested by you.
  Posted by M Blande  on Wednesday, October 04, 2006 at 3:40:18 PM (EST)
I would definately check off relay for 602 users only AND verify by previous pop access. With out both anyone from outside can send mail through your system. With just the relay spammers will spoof the sending address like "" and still get through. The previous access is a bit of a pain but just tell all your users to click the check mail everytime before sending. If they send and get immediate error to just resend.
From all the post here I think your systems are being used to relay from outside, and if so you run the risk of having your IP address dropped into a black hole like spam cop and then you will have real fun trying to get it removed.
  Posted by Nic Nel  on Thursday, October 05, 2006 at 1:32:42 AM (EST)
Thank you, M Blande. I agree these must be checked off but the 602 Agent in Pretoria, Interexcel, removed the ticks because he said this caused problems with email - to some degree he is right because we do experience sending problems from time to time, now that they are ticked off again. At this stage it is intermittent, so very frustrating. I am getting my computer geek guy in today to sort everything out properly.
We have a problem also inasmuch as there do not appear to be any really well qualified experts in Johannesburg South Africa to help with 602.
My Active Reports alerted me to the problem but now, for a reason I cannot work out, these are no longer delivered to me. I am now blithely (not quite) unaware of what is going on.
  Posted by Robert Smith  on Thursday, October 05, 2006 at 11:47:41 AM (EST)
What kind of "problems" do you get intermittently? The first 2 options will require that your users check mail before they can send it. If your users are getting "we do not relay" errors, set their mail clients to poll your mail server every 4 minutes. The timeout on lan suite in my experience is 5 minutes (300 seconds). I don't think there's a way to change that, but usually users will download their mail anyways before replying. Setting their mail client to check every 4 minutes will make sure they stay authenticated.

As long as your users have strong passwords, you should be safe from being relayed off of. A strong password should be at least 8 characters in length and include a mixture of numbers and pass001 is not strong, but p6a0s2s0 is.. So would something like p34as72s. You should not use dictionary words. I like to misspell words like I'll use a password something like s3p4h3l41 That is "spell" spelled "sph3l1" (s-p-h-three-L-one) with some numbers thrown into it to further mix it up,

With these two options set, the only way you'd be an open relay is if 1. The spammers use a real lan suite e-mail address or alias. 2. The spammers authenticate via POP3. Basically, they'd have to crack the username (easy because it's right before the @ sign in an e-mail address) and the password (hard if you set strong passwords).

Maybe you're not getting any reports because your data isn't going over the thresholds? If I remember correctly, those reports are only emailed when a user goes over 10 mb in data by default. You could change it to 1mb and get them if you always go over 1mb in data transfer. That's the lowest amount you can do if I recall correctly.
  Posted by Nic Nel  on Monday, October 09, 2006 at 2:39:10 PM (EST)
Hey, these complcated paswords are OK for you young guys. I am on the wrong side of 60 going for 70. At my age, I cannot even remember at lunch what I had for breakfast.
But your advice is good.
Will let you know progress.
BackBack to 602LAN SUITE 2004 Forum
Add New TopicAdd New Topic
Post ReplyPost Reply
. . .
  © 2009 Software602, Inc. All rights reserved.