Jump to content
Sign in to follow this  
TMG

[Resolved] Listed by spamtrap twice - not sure why?

Recommended Posts

Based on last "data point" entered (see post #21) .. am tagging this as Resolved. Congrats!

Share this post


Link to post
Share on other sites
Based on last "data point" entered (see post #21) .. am tagging this as Resolved.  Congrats!

34547[/snapback]

Yep I believe the problem is resolved.

It appeared to be a hijacked client machine on the LAN which was generating the spam mail. The machine was actually not even supposed to be on the network, it was sitting in a pile of decomissioned workstations ready for the bin, a couple of our employee's decided they still had a use for it so plugged it back in, even though the software was outdated and unpatched and it did not show on my anti virus network administration tool so I was unaware for a while that it was even on the network with outdated anti virus software. :angry: A scan on the troublesome PC revealed it was riddled with virus infections.

I removed this workstation, blocked all outgoing port 25 traffic at the firewall except for the mail server address. I also tightened our mail server security a little but this was more of a preventative measure as the spam mail from this scenario was not using our network mail server(I could not find any reference to the mail in the mail server logs)

Thanks for the help in tracking the problem down everyone. ;)

Share this post


Link to post
Share on other sites
It's always nice to see a responsible mail admin  ;)

34557[/snapback]

Yes, it sure is! Thanks for helping to protect the Internet, TMG!

Share this post


Link to post
Share on other sites

Trying to shake that feeling that "a pile of decomissioned workstations ready for the bin" contains better hardware than what I'm using right now <g> And the "decommissioned" phrase doesn't necessarily fly that the hard drives would still be in place, useable ... ????

Share this post


Link to post
Share on other sites
Trying to shake that feeling that "a pile of decomissioned workstations ready for the bin" contains better hardware than what I'm using right now <g>

34590[/snapback]

Me too. :(

Share this post


Link to post
Share on other sites
Trying to shake that feeling that "a pile of decomissioned workstations ready for the bin" contains better hardware than what I'm using right now <g>  And the "decommissioned" phrase doesn't necessarily fly that the hard drives would still be in place, useable ... ????

34590[/snapback]

Well actually, the 'bin' isnt entirely correct! These are workstations that arent up to the task of running our current applications anymore. Some of them get used for 'test' machines(we calibrate sceintific equipment and can use some of the older PC's as GPIB interfaces to the equipment), some of them with problems are kept for spare parts to maintain other older machines and usually the only ones that actually get thrown in the bin(unless any of the staff want them) are those that have been canabalised to fix other machines and are no longer worth the space they take up! We're a small family owned business so the IT budget isnt big! But we did just upgrade a bunch of PC's not long ago and the offending PC in this case was one they stole to use as a GPIB interface but the software hadnt been updated since it was removed from the network about 12 months ago. :(

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×