little off topic: Am I an open relay?
Jason Williams
jwilliams at COURTESYMORTGAGE.COM
Tue Jun 7 16:42:43 IST 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Steve,
Thanks for the heads-up, especially since we are testing out Thunderbird
right now.
Well, I figured out for the most part what the problem was. It appears
one of my users computer is loaded with spyware. *sigh*
I was able to watch my server and catch a piece of the mail. When I
broke down the headers, the orginating IP address was from my internal
network. Which completely threw me off as well as piss me off. Once I
unplugged the persons computer from the network, everything was fine. So
in essence, that computer turned into a mailserver. Today I will be
doing some forensic work on the computer to see just what the hell
happened (can you tell that I am still angry?)
This is another one of those things that drives me nuts because i've
been pushing for months (almost a year really) to tighten down what are
users can do, both browsing the internet and installing software.
FINALLY! After yesterday, the big wigs said "Wow, that was serious.
Maybe we should stop it. Lets do it." Ya, a day late and a dollar short.
Anyway, if anyone is curious as to what I find on the computer, shoot me
a personal email and i'll give you a full breakdown of what i find.
Thanks for the heads up Steve.
Jason
>Jason,
>
>I had a similar situation just last week. It had to do with some kind of setup
>on a user's Thunderbird. A friend of this user told him how to set up
>Thunderbird to act as a relay for a different domain than ours, and for some
>reason, because it was being done from our IPs, sendmail would go merrily along
>and send it, even though it wasn't supposed to. I never did find out what the
>user had done to make this happen, and he wasn't savvy enough to be able to tell
>me. My only option I could think of before I found out what was happening, was
>to block the domain in MS, and the user finally called and complained.
>
>
>
>
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list