General discussion

Locked

compuer is being used for spaming

By davidh ·
I have had 2 companys contact me and a rather lot of bounced mail in the admin box suggesting 1 of the computers or a server has been hijacked and is sending out spam mail, i have made sure all virus software is up to date

what i what to know a way of finding out if a computer is sending out data - they are all networked

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by ippirate In reply to compuer is being used for ...

A packet sniffer can help you find that.

Ethereal is powerful and popular and free.

You can find several tools for managing/monitoring you network at the link.

http://www.insecure.org/tools.html

Collapse -

by BFilmFan In reply to compuer is being used for ...

You could look in your mail server and see who is generating an unusual amount of email. It could be that someone just spoofed your email address and you haven't been compromised.

Collapse -

by jdclyde In reply to compuer is being used for ...

Look at your firewall and see if it will show generated traffic and how much.

Reset all counters and then see what is connecting to what and with what protocol.

Rule of thumb, always put in a rule on your firewall to block outbound SMTP from everything but your mail server. This will take care of if a PC gets a trojan that installs a MassMailer.

Collapse -

by mm212 In reply to compuer is being used for ...

The first thing I would do is remove the SMTP service completely from any machine that isn't intended as a mail server or a mail relay. This should solve your problem. If your server is intended to be used as a mail server or relay, send test messges through it.

Open a command prompt
telnet [starts the telnet program]
set localecho [echoes all commands back to your screen]
open <IP Address> 25 [opens a telnet connection via port 25 to the server you are testing]
helo [tells the server you are going to be sending it commands]
MAIL FROM: <email address> [sending mail from this email address]
RCPT TO: <email address> [sending mail to this email address]
DATA [tells the server the body of the message is next]
SUBJECT <text> [<text> will be the subject line of the email]
Type the message you wish to send.
Enter a ?.? On a line by itself to end the message.
QUIT

Try sending to and from various internal and external email addresses. If you are able to send and messages to and from any email address, your server is an open relay and needs to be locked down. If it is not locked down, your email will continue to be blocked by organizations using realtime blackhole lists.

Back to Networks Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums