| Unassigned sender SMTP proliferation in Active Rep |
 Posted by
Nic Nel
on Monday, September 25, 2006 at 12:04:08 PM (EST)
This was the list of unassigned sender SMTP addresses reported on 22 Sept 2006. In the space of 2 days this list has grown to number over 280! In excess of 12Mb of bandwidth has been used over a long weekend when my computers were switched on but idle. Last night I ticked "Relay for 602LAN Suite users only" and listed all these addresses in the "SMTP Anti-Spam settings" using * and the extension. Hopefully, this will do the trick and stop what appears to me to be an email takeover. The HINET.NET site is all in chinese (or something) and I have not visited previously.
I am using McAfee aside from the AV from 602.
Can anybody tell me what is going on?
What else can I do?
Unassigned sender SMTP addresses:
8882@hotmail.com
88917@hotmail.com
al_orotom@yahoo.de
bethanybrigit570@gmx.de
fatc@nzqndk.com
iiie@xzrohm.com
KayeAlmira992@web.de
kkkk@yahoo.com.hk
mmdd.mmdd@msa.hinet.net
n.frevert@gmx.de
rhftkkzjgahm@ms41.hinet.net
smtpsmtp@hotmail.com
sqof@nieycy.com
web@hotmail.com
|
 Posted by
Martin Mallinson
on Monday, September 25, 2006 at 3:31:32 PM (EST)
I also have big problem this weekend - my ISP threatens to cut me off due to huge number of SMTP emails.. whats going on? What can I do? I have 5 user free Lansuite (have had no problems for many years).
Have just installed latest (1 sept 2006) and problem remains. I have disabled queue processing which seems to stop the problem and am now trying to get to "manage queues" but machine is Lanuite.exe 99% CPU and >200M memory for last 10 mins after this menu click.. I guess it has been flooded with some SPAM email and is trying to show me a huge list.
Anyhow anyone know what can be done?
|
Posted by
Beyers Slabbert
on Tuesday, September 26, 2006 at 11:58:23 AM (EST)
assuming your using DHCP... theres 2 things u might try.
in advanced configuration: SMTP
1.) "Relay for 602LAN SUITE users only" must be ticked, you can also add "Verify sender by previous POP3 access" which sometimes complicates things a bit...
2.) SMTP Relay IP Filter (through IP defines acces to SMTP)
use the range as in your DHCP Server Settings to ensure only your network users will be able to use your SMTP relay...
import in the last bit is that IF you're running DHCP and your lan-pc's TCP/IP settings are set to automatic,the alternate settings must be specific within the same range, and static in order to be able to use the SMTP / POP services of the server when connecting from another internet connection (like from home for argument sake)...
hope that helps...
you can also try and set your SMTP anti-spam settings...
|
Posted by
Nic Nel
on Tuesday, September 26, 2006 at 2:28:30 PM (EST)
Right, first off Martin:
I have had this phenomenon twice in the past - my computer suddenly sent out 1000s of copies of the same fairly long email. I never got to the bottom of it but I think LAN Suite never did an email termination (or whatever) and comtinued to act as though the email still had to be sent. It wiped my 3gig band width limit in about 15 hours. However, what you are experiencing does not appear to be the same problem I currently have, although last night I had 49Mb usage on what should have been an idle machine.
Beyers,
1. I am not using DHCP... Should I be and why?
2. "Relay etc" amd "Verify sender...etc" were not previously ticked because this setting causes hassles with emails with some (strangely, not all) PCs on my network. They cannot get emails out although everything else seems set up correctly. Anyway, I did tick them Sunday night but does not have made a difference to Mondays list, received today (Tuesday).
3. Also on Sunday, I have fiddled with the SMTP anti - spam settings and listed all the unassigned sender addresses with a * and the common part of the address. This does not seem to have helped as my list today was even longer. How much of this is history and how much of this is current email interference, I do not know. How do I clear the list?
|
Posted by
Beyers Slabbert
on Wednesday, September 27, 2006 at 1:57:45 AM (EST)
martin
using DHCP isn't a "must" - you can assign IP's to your lan-pc's manually and have them static, but you must remember to specify the default gateway then as well (this should be the same as your LS machine)... using DHCP just simplyfies the network range you use and the router being specified - all of this is in the attempt to be able to specify an IP filter for access to your SMTP relay service... which i think will still solve 90% of your problems...
say your LS "server" is on 192.168.0.1 - with subnet mask 255.255.255.0 - your pc's must be in a range for argurment of 192.168.0.2-192.168.0.254 with default gateway of 192.168.0.1, same subnet mask... then specifying the IP filter defines access, add 192.168.0.0 / 255.255.255.0 (which will only allow YOUR lan-pc's to use the SMTP server)...
the main reason using the DHCP is usefull is that LS then controls the lan settings of your lan-pc's so if you change something on the internet sharing or routing or natting or so: it gets applied to all the pc's...
how to clear the list?mmmm not sure myself will have a look though.
also try and look at your LS firewall - if your using it - have you added a SMTP set (and does it allow all access or again only your network range addresses?)...
|
Posted by
Nic Nel
on Wednesday, September 27, 2006 at 3:04:53 PM (EST)
Jimi Gooding has tried to downplay my fears by suggesting that I am only the target of unsuccessful spammers. If one looks at the amount of band width used, I would say they have successfully invaded my machine and I really need an answer soon. This is what last night's Active Report looked like:
Total data size from 2006/09/26 in protocols:
NAT: 0 B
HTTP: 154.9 MB
SOCKS: 0 B
FTP: 0 B
POP3: 0.2 MB
SMTP IN: 1.4 MB
SMTP OUT: 15.5 MB
FAX: 0 B
Total data size 10.0 MB from 2006/09/26 exceeded:
Nic Nel: 158.5 MB
Data size 10.0 MB over HTTP from 2006/09/26 exceeded:
Nic Nel: 143.1 MB
Data size 10.0 MB over SMTP OUT from 2006/09/26 exceeded:
Nic Nel: 15.3 MB
*** [Administration] ******************************************
Unassigned sender SMTP addresses:
8882@hotmail.com
8882@yahoo.com
88917@hotmail.com
ablplrqwu@ms26.hinet.net
abqdxcg@ms42.hinet.net
abwxlxxlxatp@ms74.hinet.net
adapn@ms12.hinet.net
afkztlcozews@ms14.hinet.net
agbnujb@yahoo.com
ahozqgbawkymyj@ms69.hinet.net
aksumtgxvpmkhh@ms75.hinet.net
al_orotom@yahoo.de
alxfnuxojpth@ms42.hinet.net
amjssjg@yahoo.com
aorflwqoewhreu@yahoo.com
arkxjaajdegf@ms2.hinet.net
ayduf@ms14.hinet.net
ayiqaivayl@yahoo.com
bcehujpvrx@ms67.hinet.net
bdrivbzpeied@ms35.hinet.net
bethanybrigit570@gmx.de
bgmsyccscwzi@ms26.hinet.net
bhmxcxr@ms42.hinet.net
bhpiiqg@yahoo.com
bitsfvcyvu@ms27.hinet.net
bkvigxvl@ms74.hinet.net
bkxzepeyegu@yahoo.com
bnpnaffuvmyrls@ms41.hinet.net
bnqmnlceo@ms62.hinet.net
bpdfluwguhqwro@ms69.hinet.net
bpolbjktxfpgif@yahoo.com
btwngyqlttj@ms38.hinet.net
bwwmhygvhxq@yahoo.com
ccpfj@ms64.hinet.net
cdujcvsn@ms1.hinet.net
cgmplym@ms75.hinet.net
cndkfdvj@yahoo.com
coyizsm@yahoo.com
cswdips@ms18.hinet.net
ctvkfnhfkwjl@ms12.hinet.net
cvdmcurpgk@ms10.hinet.net
dafigoqkv@yahoo.com
ddvjibijw@yahoo.com
dgcsanqvcxjcrh@yahoo.com
dhidmkgdzlcp@ms31.hinet.net
dhkgzbpqb@yahoo.com
djqgltly@ms21.hinet.net
dkmkux@yahoo.com
dmoqe@ms67.hinet.net
dmvavgilcp@ms32.hinet.net
dpennwgahwgfim@ms23.hinet.net
dptpsiikkx@ms42.hinet.net
dqtdegyblgubr@ms66.hinet.net
dvjgzwj@ms69.hinet.net
dwjzelhjbisuvh@ms6.hinet.net
dwlmouptjlz@ms8.hinet.net
dwtltrtmkrpeb@ms64.hinet.net
dwxzondubp@ms24.hinet.net
dzsddjvicrj@ms49.hinet.net
eafqkaytg@ms18.hinet.net
ebnzdbotwruq@ms62.hinet.net
edgpipswlbzcwr@ms65.hinet.net
eikdjae@ms19.hinet.net
ejnouckjuw@ms43.hinet.net
ejvitfy@ms77.hinet.net
ekqwthfjsg@yahoo.com
ekxxxcvewca@yahoo.com
emnprzhnhtzuw@ms17.hinet.net
enoejcdci@ms13.hinet.net
epukcxsjeuqtl@yahoo.com
eqdksrq@yahoo.com
etdfccsnent@ms47.hinet.net
etpnzjropkl@ms41.hinet.net
euhwfyxshzosy@yahoo.com
ezpubpitxi@ms79.hinet.net
eztfpfpswpcz@ms66.hinet.net
fam@nelton.co.za
fatc@nzqndk.com
fdqmrpfqut@ms25.hinet.net
ffkehmruwpxp@ms69.hinet.net
fjvukrtc@ms16.hinet.net
fkhtlatcnt@ms18.hinet.net
fkipwngwf@yahoo.com
flxuwrwhihni@yahoo.com
fqryfalja@yahoo.com
fqujrysmh@ms71.hinet.net
fwlivrjuzigiuz@ms76.hinet.net
fybhar@yahoo.com
fzivakim@yahoo.com
gacbsilz@yahoo.com
gbrlovesiidfs@ms52.hinet.net
gcclpjdp@yahoo.com
gdcurmsyzi@ms62.hinet.net
gggqcffc@yahoo.com
ggxgfxdlwn@ms73.hinet.net
ghxlaslurw@ms55.hinet.net
glymfyu@yahoo.com
gmkwvnzb@yahoo.com
gortjzbnykiyf@ms35.hinet.net
gpyqqgqgnwcl@ms69.hinet.net
gqfsfin@ms32.hinet.net
gqoiashzr@ms54.hinet.net
gsddnji@ms19.hinet.net
gsiixguvbow@yahoo.com
gthjvhh@ms64.hinet.net
gtqgttzn@ms28.hinet.net
gtrsoilmt@ms79.hinet.net
gubfavfbklapan@ms7.hinet.net
gvgqbwh@yahoo.com
gvkhtrnoog@ms76.hinet.net
gynmdruxobqvyv@yahoo.com
hawfblbfdozux@ms41.hinet.net
hddjwhyvey@ms38.hinet.net
hemqv@yahoo.com
hhlwi@ms53.hinet.net
hpketsewnjyi@yahoo.com
hpttuzdapqq@ms41.hinet.net
hqieqiqspvm@yahoo.com
hqoqatcgyc@ms13.hinet.net
hsseogaqt@ms55.hinet.net
htdsjdcmni@ms36.hinet.net
htjxenzsp@ms8.hinet.net
htrfdqhbymsn@ms43.hinet.net
hvsodi@ms61.hinet.net
hwquhvpenqj@yahoo.com
hxaqczqtbzr@yahoo.com
hyvnuzukbbv@ms2.hinet.net
hzejnzdltrzdn@yahoo.com
iayhbisbyprhfh@yahoo.com
icxlgkxshqisn@ms10.hinet.net
ifhlnhtfvoay@ms32.hinet.net
iflhaimdpejn@ms52.hinet.net
iglip@ms52.hinet.net
ihdfcqmhs@ms27.hinet.net
iiie@xzrohm.com
iiuziwacztj@ms16.hinet.net
ijuhrqiyfnqsd@yahoo.com
ikzozeqqsi@ms68.hinet.net
ileotehxdcloro@ms25.hinet.net
ilgothvht@ms66.hinet.net
inbubwxrppzvoq@ms15.hinet.net
inexsicthwmd@ms23.hinet.net
ipajesfolstbez@ms29.hinet.net
iqckom@ms7.hinet.net
iuhdxmpztqjxsb@ms2.hinet.net
iwjfbdicn@ms53.hinet.net
iwvussyhfd@ms15.hinet.net
iztleetxmbcvu@ms66.hinet.net
jbycdcknektq@ms35.hinet.net
jdbbdjfh@yahoo.com
jfuwm@ms61.hinet.net
jfvpdqeotcnvth@ms34.hinet.net
jgkoczleerqp@ms47.hinet.net
jhxtqqfu@yahoo.com
jnpclbfgveokw@ms54.hinet.net
jtveywb@yahoo.com
jwisxwpapxglkg@yahoo.com
jykaacpcca@ms14.hinet.net
jzwccupchh@ms74.hinet.net
KayeAlmira992@web.de
kbrsqr@yahoo.com
kccuxpiqhl@ms74.hinet.net
kciyzck@ms52.hinet.net
kdentfkdb@yahoo.com
kdghvctcxzj@ms35.hinet.net
kflollo@ms46.hinet.net
khuzpvqfl@yahoo.com
kiqjdv@ms61.hinet.net
kkkk@yahoo.com.hk
knrglfhmklhjfg@ms51.hinet.net
knrkoapzicfifc@ms67.hinet.net
krhxpb@ms25.hinet.net
kumrw@ms35.hinet.net
kvdpcqfq@ms14.hinet.net
kvrevrdpbuuv@yahoo.com
kwjjofoet@ms76.hinet.net
kxyvo@ms45.hinet.net
kyxvld@ms39.hinet.net
laxojs@ms67.hinet.net
lbifnzbhiraisd@yahoo.com
lclnxxmqv@ms47.hinet.net
lcudhpxdclmi@ms67.hinet.net
lcukosvtc@ms27.hinet.net
ldinmutm@ms2.hinet.net
lfvmre@yahoo.com
liobolpdqk@ms10.hinet.net
ljbtsoz@ms43.hinet.net
ljnjqw@ms68.hinet.net
lmgcvrfrceau@yahoo.com
lmszradlbklnk@ms17.hinet.net
lniqjxplqmwst@ms65.hinet.net
lokdhzdwjp@ms66.hinet.net
lspjklh@ms26.hinet.net
lvjpgmbe@ms36.hinet.net
lwsdoul@ms33.hinet.net
mailer@nelton.co.za
mbbbgreox@ms27.hinet.net
mbuuvxnvmikybk@yahoo.com
mbzfsktsjtgzck@ms35.hinet.net
mccyktosji@ms71.hinet.net
mcowk@ms48.hinet.net
mdexirun@ms81.hinet.net
mgjsuy@ms28.hinet.net
mjteu@ms45.hinet.net
mjtupjfwze@ms29.hinet.net
mlrckocpzrc@yahoo.com
mlrnzkut@ms12.hinet.net
mmdd.mmdd@msa.hinet.net
moknanycneh@yahoo.com
mvccgojf@ms75.hinet.net
n.frevert@gmx.de
narxuwqmsq@ms3.hinet.net
ndaszijididhju@ms4.hinet.net
nfodsuwvfixgoy@ms76.hinet.net
nic
niibbfqc@ms18.hinet.net
nkewv@yahoo.com
nkjpnbqsbkismb@yahoo.com
nopizhkc@ms48.hinet.net
npbaudaoragpzc@ms81.hinet.net
npcyvu@ms17.hinet.net
nppkdrvvuamt@yahoo.com
nqepu@ms18.hinet.net
ntrptfrf@ms76.hinet.net
nvvfcjzo@ms35.hinet.net
nyhtmg@ms10.hinet.net
nyuyoy@ms22.hinet.net
objelfchewlbub@ms25.hinet.net
ocgdqdx@yahoo.com
oclndlhxqiqgau@ms15.hinet.net
ofhodhj@yahoo.com
ooyyl@ms10.hinet.net
opauywxkijhf@ms8.hinet.net
opvcw@yahoo.com
oqqhi@ms24.hinet.net
orplxb@ms6.hinet.net
orqjagcntatz@ms45.hinet.net
orrce@ms12.hinet.net
oshbcq@ms34.hinet.net
oussus@ms52.hinet.net
ovqmjg@yahoo.com
owutxgszskjlum@yahoo.com
oyzumfctke@ms9.hinet.net
paszlqtwsahg@ms64.hinet.net
pbkecjhuquds@yahoo.com
pcfjvhny@ms29.hinet.net
pdouxudqodtlw@yahoo.com
pebpyfnkm@ms74.hinet.net
pepnczhfjka@ms9.hinet.net
pgdqlsttmoulsx@ms1.hinet.net
phtvsooembmvde@ms22.hinet.net
pjrpaeeqi@ms39.hinet.net
pjtbxwrne@ms48.hinet.net
pmcfzwrt@ms78.hinet.net
pnnsuejkzrchs@yahoo.com
ppbpoku@ms61.hinet.net
prhsdwviec@yahoo.com
prkysqh@ms66.hinet.net
ptfidb@yahoo.com
puhynx@yahoo.com
pumgnryktyq@ms57.hinet.net
puwgdmatej@ms48.hinet.net
pxfhfu@ms78.hinet.net
pzxltlgwudtkwu@ms37.hinet.net
qdbokkyouoprw@ms71.hinet.net
qeswynrefxg@ms77.hinet.net
qgpezk@ms53.hinet.net
qilxzexyc@ms74.hinet.net
qiookk@yahoo.com
qjkpzjux@ms66.hinet.net
qkpdyxeqw@yahoo.com
qktaw@ms45.hinet.net
qnkzwhlhzytpe@ms81.hinet.net
qnvioxesqkb@yahoo.com
qqjpukpdrr@ms29.hinet.net
qqkqmsi@ms63.hinet.net
qtizdagrilqxhe@ms12.hinet.net
qvpwirrhfnjc@ms7.hinet.net
rcfsebocnku@ms79.hinet.net
rhftkkzjgahm@ms41.hinet.net
rhghxmgii@ms32.hinet.net
rjahdozao@ms66.hinet.net
rmflilqcywphm@ms13.hinet.net
rnzoowzjkyfds@ms26.hinet.net
rpgacqb@ms58.hinet.net
rptiqtef@ms26.hinet.net
rqygxnwmbimgt@yahoo.com
rwhwnhijy@ms78.hinet.net
rxdiktxtkd@ms1.hinet.net
rxfqiwy@ms36.hinet.net
rzkuyek@yahoo.com
sahhgpyxmtjnsa@ms81.hinet.net
saxeb@yahoo.com
sfcvy@ms17.hinet.net
sfeazv@ms11.hinet.net
sfwtw@yahoo.com
smtpsmtp@hotmail.com
soterlycfn@ms69.hinet.net
sqof@nieycy.com
sqybrqbwisch@yahoo.com
sqzscguxfzcg@ms33.hinet.net
ssmkvvrkotjb@ms51.hinet.net
stdyapln@ms28.hinet.net
sugqvtzfigg@ms25.hinet.net
suqzrvsp@ms35.hinet.net
svfzoywadsnpt@ms48.hinet.net
swmgkuxzbzdu@ms72.hinet.net
swufbncvrvmii@ms38.hinet.net
syiqihyph@ms47.hinet.net
szmvxwcixxx@ms71.hinet.net
tavkg@ms36.hinet.net
tbaywcryga@ms18.hinet.net
tbpkwlxtbiyek@ms4.hinet.net
tdqigp@ms58.hinet.net
tdtyvx@yahoo.com
teyrknnfzomurv@ms29.hinet.net
tgjugfcpvg@ms73.hinet.net
thmrxvrqrpkq@ms55.hinet.net
thtxj@yahoo.com
tjnssaqorlnp@ms71.hinet.net
tkghl@ms47.hinet.net
tnndbixepffhm@yahoo.com
tnpdmtpu@ms7.hinet.net
tojpxoommhiy@ms22.hinet.net
tslajnhwsacy@ms9.hinet.net
tutna@ms55.hinet.net
twatcwjesjjikd@yahoo.com
txkqtau@yahoo.com
ucbwazbfjc@ms22.hinet.net
uculcbh@ms62.hinet.net
ugwyhyocoax@ms24.hinet.net
uhgkolcxbhs@ms35.hinet.net
umdbmjft@ms79.hinet.net
uomtreaenc@yahoo.com
upjvhgoaq@ms34.hinet.net
uprrqgzkrzgv@ms63.hinet.net
urwkrutjpr@ms12.hinet.net
usznaci@ms4.hinet.net
uvemlvxnrnjrh@ms28.hinet.net
uwdyxmlhismhf@ms14.hinet.net
uwqkdshnzuom@ms81.hinet.net
uybjmxll@yahoo.com
uzjsulnop@ms75.hinet.net
vckcfyylrgwed@ms26.hinet.net
vdpnnprxrm@ms52.hinet.net
vencmpyxtfv@ms29.hinet.net
vepbsssnc@ms41.hinet.net
vfdbfu@ms49.hinet.net
vhpepfpu@yahoo.com
viqnnvussksadl@ms21.hinet.net
vjkjghhnfdqae@ms41.hinet.net
vpeilekfbaa@ms2.hinet.net
vplfqik@yahoo.com
vtypaazvwzyeqy@ms28.hinet.net
vwezafpdcktrn@ms54.hinet.net
vwloxcxatxf@ms7.hinet.net
vxkalojlcmc@yahoo.com
vyzvxpipwmrynv@ms42.hinet.net
wadytwlgbfwe@yahoo.com
wapxziyrfru@ms54.hinet.net
web@hotmail.com
wgnthzkav@ms74.hinet.net
wismbzleuqfp@ms11.hinet.net
wjjpbqfp@ms76.hinet.net
wmlbucaacem@ms1.hinet.net
wnhezgbgnyleyw@yahoo.com
wnuwrmxrf@yahoo.com
wosthtkzloo@ms74.hinet.net
wpica@ms34.hinet.net
wpqbunqeiesf@ms26.hinet.net
wqmvrwo@ms43.hinet.net
wrbcwlsyxr@ms11.hinet.net
wrjzymae@ms21.hinet.net
wsiidlkvld@ms14.hinet.net
wskshevcjd@ms38.hinet.net
wuwvxzkvjz@yahoo.com
wyqze@ms34.hinet.net
xcmmrfj@ms65.hinet.net
xcqyqew@ms69.hinet.net
xcsvdc@yahoo.com
xelfccuak@ms69.hinet.net
xfofbkslle@ms2.hinet.net
xgkcgq@ms17.hinet.net
xhhsvws@ms62.hinet.net
xiqsz@ms56.hinet.net
xjdkjhdgf@ms49.hinet.net
xkaxtzlatpbmxm@ms79.hinet.net
xlfchyt@ms41.hinet.net
xlsyqwicfyqa@ms29.hinet.net
xqdxlkt@yahoo.com
xtpyuqejw@ms15.hinet.net
xuwfjlyhx@ms1.hinet.net
xwvmjsm@yahoo.com
xxeuctmqcl@ms81.hinet.net
xxwfyu@ms33.hinet.net
xyfrqdcppoxki@ms66.hinet.net
xypkyokvw@ms51.hinet.net
yawzsb@ms34.hinet.net
ydrhx@ms27.hinet.net
yeayayowpfimiw@yahoo.com
yfdqvaenfk@ms51.hinet.net
yfrcepzyjrjedv@yahoo.com
ygvrxndpzrnd@yahoo.com
yiqwrurtohuz@ms34.hinet.net
yizxaunrzusy@ms36.hinet.net
ykuprgawhptnjl@yahoo.com
ymvmd@ms38.hinet.net
ypwkrqcskhxaaw@ms19.hinet.net
yqabthpxm@ms76.hinet.net
yreizs@ms29.hinet.net
ysyylobehwmyz@ms33.hinet.net
yxffgcuofge@yahoo.com
yxfwaekbsdgw@ms38.hinet.net
yysbhrfvp@yahoo.com
yyvmyazm@ms1.hinet.net
zalopljpzv@ms23.hinet.net
zbblzsw@yahoo.com
zbcwkrbriypn@yahoo.com
zctqxpeqaw@ms74.hinet.net
zdxjoxn@yahoo.com
zfeefpeivj@ms29.hinet.net
zfhjdxoronz@yahoo.com
zgfgyizmuy@ms74.hinet.net
zhhzvcrwfex@ms62.hinet.net
zhmfg@yahoo.com
zisoaksftnhu@ms66.hinet.net
zkqfebtj@yahoo.com
zlwoienvumyefv@ms55.hinet.net
znawamqczlxnky@ms79.hinet.net
zqhbs@yahoo.com
zrzvqo@ms57.hinet.net
zupsi@ms41.hinet.net
zxgybwyogfus@ms19.hinet.net
Statistics created by 602LAN SUITE ActiveReports http://www.software602.com/
This e-mail was scanned for viruses using BitDefender
|
Posted by
Robert Smith
on Friday, September 29, 2006 at 10:24:20 AM (EST)
What does your SMTP relay options look like?
You might also want to check your workstations for viruses or trojans..it's possible they are sending out the messages. they might not even be relayed off the server.
|
Posted by
Nic Nel
on Monday, October 02, 2006 at 4:04:31 AM (EST)
Hi Robert
I have put Spybot 1.4 on each machine. I have also been corresponding with Support direct. I have sent them screenshots of SMTP and other windows as well as copies of several files and logs. So far, they have not come up with anything hopeful. Spybot did eliminate several threats on each machine.
I will let you know progress when I get any. Meanwhile, I have acted on the lines suggested by you.
|
Posted by
M Blande
on Wednesday, October 04, 2006 at 3:40:18 PM (EST)
I would definately check off relay for 602 users only AND verify by previous pop access. With out both anyone from outside can send mail through your system. With just the relay spammers will spoof the sending address like "bigbill@yourname.com" and still get through. The previous access is a bit of a pain but just tell all your users to click the check mail everytime before sending. If they send and get immediate error to just resend.
From all the post here I think your systems are being used to relay from outside, and if so you run the risk of having your IP address dropped into a black hole like spam cop and then you will have real fun trying to get it removed.
|
Posted by
Nic Nel
on Thursday, October 05, 2006 at 1:32:42 AM (EST)
Thank you, M Blande. I agree these must be checked off but the 602 Agent in Pretoria, Interexcel, removed the ticks because he said this caused problems with email - to some degree he is right because we do experience sending problems from time to time, now that they are ticked off again. At this stage it is intermittent, so very frustrating. I am getting my computer geek guy in today to sort everything out properly.
We have a problem also inasmuch as there do not appear to be any really well qualified experts in Johannesburg South Africa to help with 602.
My Active Reports alerted me to the problem but now, for a reason I cannot work out, these are no longer delivered to me. I am now blithely (not quite) unaware of what is going on.
|
Posted by
Robert Smith
on Thursday, October 05, 2006 at 11:47:41 AM (EST)
What kind of "problems" do you get intermittently? The first 2 options will require that your users check mail before they can send it. If your users are getting "we do not relay" errors, set their mail clients to poll your mail server every 4 minutes. The timeout on lan suite in my experience is 5 minutes (300 seconds). I don't think there's a way to change that, but usually users will download their mail anyways before replying. Setting their mail client to check every 4 minutes will make sure they stay authenticated.
As long as your users have strong passwords, you should be safe from being relayed off of. A strong password should be at least 8 characters in length and include a mixture of numbers and letters..like pass001 is not strong, but p6a0s2s0 is.. So would something like p34as72s. You should not use dictionary words. I like to misspell words like I'll use a password something like s3p4h3l41 That is "spell" spelled "sph3l1" (s-p-h-three-L-one) with some numbers thrown into it to further mix it up,
With these two options set, the only way you'd be an open relay is if 1. The spammers use a real lan suite e-mail address or alias. 2. The spammers authenticate via POP3. Basically, they'd have to crack the username (easy because it's right before the @ sign in an e-mail address) and the password (hard if you set strong passwords).
Maybe you're not getting any reports because your data isn't going over the thresholds? If I remember correctly, those reports are only emailed when a user goes over 10 mb in data by default. You could change it to 1mb and get them if you always go over 1mb in data transfer. That's the lowest amount you can do if I recall correctly.
|
Posted by
Nic Nel
on Monday, October 09, 2006 at 2:39:10 PM (EST)
Hey, these complcated paswords are OK for you young guys. I am on the wrong side of 60 going for 70. At my age, I cannot even remember at lunch what I had for breakfast.
But your advice is good.
Will let you know progress.
|
|
