Jump to content

[Resolved] Listed by spamtrap twice - not sure why?


TMG

Recommended Posts

Based on last "data point" entered (see post #21) .. am tagging this as Resolved.  Congrats!

34547[/snapback]

Yep I believe the problem is resolved.

It appeared to be a hijacked client machine on the LAN which was generating the spam mail. The machine was actually not even supposed to be on the network, it was sitting in a pile of decomissioned workstations ready for the bin, a couple of our employee's decided they still had a use for it so plugged it back in, even though the software was outdated and unpatched and it did not show on my anti virus network administration tool so I was unaware for a while that it was even on the network with outdated anti virus software. :angry: A scan on the troublesome PC revealed it was riddled with virus infections.

I removed this workstation, blocked all outgoing port 25 traffic at the firewall except for the mail server address. I also tightened our mail server security a little but this was more of a preventative measure as the spam mail from this scenario was not using our network mail server(I could not find any reference to the mail in the mail server logs)

Thanks for the help in tracking the problem down everyone. ;)

Link to comment
Share on other sites

Trying to shake that feeling that "a pile of decomissioned workstations ready for the bin" contains better hardware than what I'm using right now <g> And the "decommissioned" phrase doesn't necessarily fly that the hard drives would still be in place, useable ... ????

Link to comment
Share on other sites

Trying to shake that feeling that "a pile of decomissioned workstations ready for the bin" contains better hardware than what I'm using right now <g>

34590[/snapback]

Me too. :(
Link to comment
Share on other sites

Trying to shake that feeling that "a pile of decomissioned workstations ready for the bin" contains better hardware than what I'm using right now <g>  And the "decommissioned" phrase doesn't necessarily fly that the hard drives would still be in place, useable ... ????

34590[/snapback]

Well actually, the 'bin' isnt entirely correct! These are workstations that arent up to the task of running our current applications anymore. Some of them get used for 'test' machines(we calibrate sceintific equipment and can use some of the older PC's as GPIB interfaces to the equipment), some of them with problems are kept for spare parts to maintain other older machines and usually the only ones that actually get thrown in the bin(unless any of the staff want them) are those that have been canabalised to fix other machines and are no longer worth the space they take up! We're a small family owned business so the IT budget isnt big! But we did just upgrade a bunch of PC's not long ago and the offending PC in this case was one they stole to use as a GPIB interface but the software hadnt been updated since it was removed from the network about 12 months ago. :(

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...