[Dshield] Spammer

Andre Ludwig ALudwig at Calfingroup.com
Fri Oct 31 04:09:51 GMT 2003


Check this website out for more info on open relays and securing your
exchange server.

http://www.slipstick.com/exs/relay.htm

Seems to cover it for ya if u have any other questions shoot me an email i
will try and help you out some. 

Andre Ludwig, CISSP

-----Original Message-----
From: KennethSoong at tagtechnology.com.sg
[mailto:KennethSoong at tagtechnology.com.sg]
Sent: Thursday, October 30, 2003 5:18 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Spammer



Hi !! Jojannes
     I've have gone to the SMTP virtual server properties, Access tab,
Relay button and selected "only the list below" radio button and left box
blank. Yet the spammer can get into the Exchange server. I would appreciate
if you can suggest on how to totally stop all relay.

Thanks & Regards
Kenneth Soong



 

                    Johannes

                    Ullrich              To:     General DShield Discussion
List <list at dshield.org>                
                    <jullrich at eucl       cc:

                    idian.com>           Subject:     Re: [Dshield] Spammer

                    Sent by:

                    list-bounces at d

                    shield.org

 

 

                    29-10-03 08:56

                    PM

                    Please respond

                    to General

                    DShield

                    Discussion

                    List

 

 






The IP is owned by 'Dishnet', which is a US Satellite ISP for consumers.
I would assume that they got their fair share of hacked consumer boxes.

BTW: You say they are using your Exchange server to relay. I hope you
locked it down so its not an open relay ;-)


On Wed, 2003-10-29 at 07:19, KennethSoong at tagtechnology.com.sg wrote:
> Hi!!
>      I seem notice a particular spammer from IP range of 61.11.0.0/16
using
> our MS Exchanger 2000 Server to relay their emails. Can anyone tell me
who
> this people are. I tried ping, tracert and even checking whois database
but
> each it return error or no record.
>
> Kenneth Soong
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
--
--------------------------------------------------------------
Johannes Ullrich                     jullrich at euclidian.com
pgp key: http://johannes.homepc.org/PGPKEYS
--------------------------------------------------------------
   "We regret to inform you that we do not enable any of the
    security functions within the routers that we install."
         support at covad.net
--------------------------------------------------------------


_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list