General discussion

Locked

Unknown senders in outgoing mail queue

By dpotter555 ·
I am running Microsoft Exchange 5.5 on an NT Server machine. I have noticed that every time I look at the "outbound messages awaiting delivery" queue for Internet Mail Service, there are many (sometimes a couple of hundred) entries addressed to our own domain as well as other domains with no "originator". I have checked and our mail server does not allow relaying so I know they are not being delivered. They try for 2 days and then are removed. Is this someone trying to relay through our mail server? Is there a machine on our network (I have about 20) with a virus or malware? Is this something I should be concerned about? If more information is needed, please just ask.

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Dr Dij In reply to Unknown senders in outgoi ...

relaying is for outside people trying to send from your system. you said you've secured against this. so is likely you've got a trojan being used as a spambot.

they can have their own prog to send email, e.g. commail.exe. any field, such as from can be blank. so would be harder to find which PC has problem. I use this program for logs and stats on production file generation, which is then emailed to the account manager directly from the prog that creates the files.

you need to scan for trojans, maybe rootkits. some enterprise versions check outgoing mail but may only work for progs like outlook, not if trojan is sending its own mail to the mail server.

did you open the pst and look at some of the outgoing emails? you can read them with a hex editor. xvi editor (from download.com) can open unlimited size files for example.

free version of zonealarm would tell which pc is sending out, unless they piggyback onto internet explorer the outgoing packets.

Collapse -

by dpotter555 In reply to

Poster rated this answer.

Collapse -

by mjd420nova In reply to Unknown senders in outgoi ...

TROJAN TROJAN Disconnect from internet access and watch all machines. Then shut all the units off. Power them all on and watch the fun. the culprit will reveal itself. Wipe the hard drive on the offending unit and reinstall OS. Sorry but this drive isn't even worth trying to recover anything and you must not hook it to any other machine unless you know what you're doing. The data can be recovered but would be expensive. Not worth the risk. It's 50/50 if it's in the server. Good luck

Collapse -

by dpotter555 In reply to

Poster rated this answer.

Collapse -

by davebkelly In reply to Unknown senders in outgoi ...

It is highly likely that you have a Trojan somewhere on the network and you seem to have some good advice already so I wont add to it.

However, a good check to see if you are indeed not relaying is to use www.dnsreport.com this will check your domain and report any issues.

Collapse -

by dpotter555 In reply to

Poster rated this answer.

Collapse -

by dpotter555 In reply to Unknown senders in outgoi ...

This question was closed by the author

Back to Software Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums