Announcement

Collapse
No announcement yet.

Any spam experts on here?

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • #1

    Any spam experts on here?

    I'm not talking about a home computer, I'm talking about a company being hit by spammers. So here's the situation...

    Earlier this week, our mail queue started to fill up. After looking into it, it seems as though spammers are spoofing email and relaying it through our network even though we're not an open relay. So how are they getting through? I'm guessing either someone's credentials and/or laptop has been comprimised but I can't find anything that shows me where the source is.

    I found a script that shows the number of active CAS users but can't seem to find info to identify those users. I've checked logs but can't seem to find anything useful either....

    Any ideas?
    Tags: None
  • #2
    what smtp server? IIS?

    Comment

    • #3
      if its linux I can fix it for $50.

      Comment

      • #4
        I like to grill it in a pan (or hot plate) and garnish with pineapple rings.

        Comment

        • #5
          I only eat that shit maybe once a year and I too cook it on the stove and eat it sandwich style.

          Comment

          • #6
            Acting stupid about the internet isn't funny anymore.

            Comment

            • #7
              So then you no longer refer to yourself as the internet god then, right? Cause that shit was stupid.
              How do we forget ourselves? How do we forget our minds?

              Comment

              • #8
                Not Linux....

                We're running Exch 2010 and using a Barracuda Spam and Virus firewall. I think what I'm trying to accomplish right now is identify, then block how this spammer is realying through our network. Once I can do that, then I can address the issue that about 50% of our laptops were issued to users with no AV... I can't say for certain that's how this all started, but it definitely shouldn't have happened regardless.

                So in a nutshell, Barracuda filter, Exchange 2010 with a CAS array, round robin through a Netscaler. Checking the email headers, it shows that it's coming through our Netscaler IP but nothing more.

                And yes, IIS for OWA
                Last edited by GeorgeG.; 09-09-2012, 10:08 AM.

                Comment

                • #9
                  And this is why network security engineers charge so much for their services...

                  Comment

                  • #10
                    $5 says your barracuda has been compromised.

                    Not impossible.

                    Comment

                    • #11
                      spam and potaters

                      Comment

                      • #12
                        Finally figured it out...

                        So a few weeks ago, we swapped out some Cisco gear with an ASA and long story short, the IP address for OWA was allowing port 25 when all port 25 traffic should be going to the IP for our spam firewall. Been spam free for the past hour and a half so we'll see how it goes by morning.

                        What finally gave it away was while I was manually clearing the queue, I saw a spam email with a spoof sender/recipient but the subject field had the IP address for our webmail, so then I checked the NAT statements and the access lists....and there it was.

                        Comment

                        • #13
                          so wait, your spam firewall prevents you from being an open relay?

                          but before you were an open relay? Hope you checked the the spam lists for your ip space.

                          Comment

                          • #14
                            Originally posted by diablo rojo View Post
                            I like to grill it in a pan (or hot plate) and garnish with pineapple rings.
                            you classy motherfucker!

                            god bless.
                            It is easier to build strong children than to repair broken men -Frederick Douglass

                            Comment

                            • #15
                              They have bacon spam now...
                              "If I asked people what they wanted, they would have said faster horses." - Henry Ford

                              Comment

                              Previous 1 2 template Next
                              Working...
                              X