Jump to content

Can't seem to find problem


jkee
 Share

Recommended Posts

I keep missing any of the signs that show you look back at things, but ... data point for the day;

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 3.5 .... 240%

Last 30 days .. 3.5 .... 305%

Average ........ 2.9

On the downward slide

Link to comment
Share on other sites

I keep missing any of the signs that show you look back at things, but ... data point for the day;

Volume Statistics for this IP 

Magnitude Vol Change vs. Average

Last day ........ 3.5 .... 240%

Last 30 days .. 3.5 .... 305%

Average ........ 2.9

On the downward slide

19255[/snapback]

Remember that the smtp/auth spammer (and others I suppose) will back off of a listed server for 3 or 4 days waiting for a delist and then start back up again. We see this quite often so looking at one day and see a magnitude decrease is not definitive.

Of course wandering into this thread in the middle I have probably missed the whole point of your post ...

Link to comment
Share on other sites

Remember that the smtp/auth spammer (and others I suppose) will back off of a listed server for 3 or 4 days waiting for a delist and then start back up again. We see this quite often so looking at one day and see a magnitude decrease is not definitive.

Of course wandering into this thread in the middle I have probably missed the whole point of your post ...

Yes. Please see my previous posts at http://forum.spamcop.net/forums/index.php?...indpost&p=19210 which set the first data point for the traffic flow from this IP ... then look at http://forum.spamcop.net/forums/index.php?...indpost&p=19223 which also included the scenario of the spammer letting the IP get delisted and then starting another spew run.

And by the way, current data is;

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ......... 3.0 ... 23%

Last 30 days ... 3.5 .. 306%

Average ......... 2.9

Link to comment
Share on other sites

Your mailserver appears to be running Microsoft Exchange Server 5.0 - according to MAPS:

Microsoft Exchange Server

    Status:  Commercial (Microsoft Corp.)

    Systems: Win/NT

    Info:    http://www.microsoft.com/

Versions through 5.0 are vulnerable to relay if they permit any local SMTP users. (Servers that only act as a gateway between internal non-SMTP mail and the Internet don't have relay problems.) In other words, if your Exchange 5.0 server is connected to the Internet, it WILL relay for anyone, and that cannot be stopped.

Starting with version 5.5, provisions have been made to prevent unauthorized relay. These are described in detail in an article from Windows NT Magazine [which was formerly here]. If you're running an older version, it's time to upgrade.

Microsoft has an article on their TechNet site that discusses securing Exchange 2000 and 5.5.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...