Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Exchange Server Query

Options
  • 23-05-2002 4:20pm
    #1
    BioHazRd
    Registered Users Posts: 2,088 ✭✭✭


    Hi

    I hope I am posting in the correct forum here, but if not, please feel free to move it. I have just noticed a number of mails in my outbound queue that are just like the following ( Our info is blanked out) Up until now my exchange server had no routing restrictions (I have now set that to hosts and clients that successfully authenticate). I must admit I don't know a whole lot about exchange - and I have inherited this situation on a temp basis - new IT guy to start soon. :rolleyes:

    These messages look decidedly dodgy - they seem to be sending my Internet IP address in the subject line. should I be concerned and what should I do to stop them if this is what is needed

    We have no firewall (I am sick of trying to stress to the powers that be how important this is) and Our exchange server dials out on demand

    Am I just being paranoid :confused:




    ì ImCr àÜq ksdkfksjdfksdjfdkfkdkfk KSDKFKSJDFKSDJF <scott_nie@aol.com> c=IE;a= ;p=**************;l=DUBLIN_SVR10205231450KTTNZWLN I <lyi@xsptt.zjpta.net.cn> > ðEwLsReceived: from ksdkfksjdfksdjfdkfkdkfk (KSDKFKSJDFKSDJF [211.167.114.130]) by dublin_svr1.*********** with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21)
    id KTTNZWLN; Thu, 23 May 2002 15:50:30 +0100
    Date: Thu, 23 May 2002 23:03:36 +0800
    From: scott_nie@aol.com
    X-Priority: 3
    To: lyi@xsptt.zjpta.net.cn
    Subject: 627d1b031b5f79e8a98f26a29f4b4ad5:194.125.148.***
    :211.167.114.130
    Mime-Version: 1.0
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit


Comments

  • Options
    #2
    flamegrill
    Registered Users Posts: 1,862 ✭✭✭flamegrill


    Could it be an internet worm reporting information back? have you got virus protection on your machine(s)? if so scan all servers and clients that have any email contact and check for virus's.

    Thats what it looks like to me,

    Regards,

    Paul


  • Options
    #3
    BioHazRd
    Registered Users Posts: 2,088 ✭✭✭BioHazRd


    I am in already the process of updating patterns and scanning all machines - I will let you know how I get on


  • Options
    #4
    BioHazRd
    Registered Users Posts: 2,088 ✭✭✭BioHazRd


    I have manually checked every machine here and I found nothing - except one machine with Whack-a-mole - a NetBus trojan (now deleted)

    I have used a trojan detector - and nothing is showing up

    Am I in the clear ??

    B


Advertisement