Email configure

Discussion in 'Trojan Defence Suite' started by lisvard, Apr 17, 2003.

Thread Status:
Not open for further replies.
  1. lisvard

    lisvard Guest

    Why am i getting this error?

    21:54:03 [SMTP] Failed - HELO error: 501 5.0.0 Invalid domain name
    21:54:04 [SMTP Error] Email to xyzxyzxyz@houston.rr.com failed.


    I have the right SMTP server configured. Where and why is it asking for a domain name?

    Thanks.


    Edit by FanJ: I have removed your email-address
     
  2. FanJ

    FanJ Guest

    I had a quick look at the site of your provider houston.rr.com

    Did you put the right smtp address in the servers-tab of TDS-3?

    In TDS-3 click on Configuration, then go to the Servers-tab.
    In the column at the right you see E-mail Setup.
    In the SMTP Server box you have to fill in the right SMTP Server address of your provider.
    According to your provider that is:
    smtp-server.houston.rr.com

    See my screenshot with the info from your provider:
     

    Attached Files:

  3. lisvard

    lisvard Guest

    I know that's it, I got the SMTP setting from Outlook. o_O
     
  4. odin777xj

    odin777xj Registered Member

    Joined:
    Apr 18, 2003
    Posts:
    2
    I have the same error message ive just got tds and my isp is blueyonder so for smtp server I put smtp.blueyonder.co.uk

    david


    it didnt work(
     
  5. FanJ

    FanJ Guest

    Have you made the configuration like the TDS-3 Helpfile describes it: see screenshot.

    Have you allowed it through your firewall?
     

    Attached Files:

  6. FanJ

    FanJ Guest

    Lisvard,

    For your own "safety" (with respect to email-harvesters) I have removed your email-address from your first posting in this thread.

    Regards, Jan.
     
  7. FanJ

    FanJ Guest

  8. FanJ

    FanJ Guest

    Lisvard and David,

    Which version of Windows are you running (98, ME, NT, 2000, XP Home, XP Pro)?
     
  9. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Remembered the issue has been posted about more frequent in the TDS private forum, so i can't write the threads links here.
    Some snippits from other users experiences might do:
    Regarding the email config, if you are using XP PRO you might want to consider loading the SMTP service on our machine and make sure it is configured to relay for only 127.0.0.1
    This will allow you to configure the email settings for TDS submission to your localhost. I have my Win2K system setup this way.


    Testing email in config does not work because our smtp server needs authentication by username and password, the problem is running on a network WITH smtp-authentification. The SMPT server needs user a name and a password to send mail, even in our lan. This means, our server does not allow anonymous emails.
    So I just set up a lokal smtp server without authentication only for administration. I think, after this, i will get warnings sent by tds3 in case of trojan infection or attack.
    This workaround solution in setting up a local SMTP server should work fine, and if you use a personal firewall it should be easy enough to restrict its access appropriately.

    Hope this can point a way for you too?
    Keep us updated please to look deeper if needed!
     
  10. lisvard

    lisvard Guest

    I'm running Windows 2000
     
  11. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Lisvard,
    did any of the users experiences in the private forum i posted above help your specific email situation?
    In the plugins is one for smtp too, which you can use for real or testing, emailing yourself for instance now.
     
  12. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hello lisvard, I was browsing through the GRC NG's yesterday and came across this.
    Newsgroups: grc.security.software
    Subject: Road Runner blocks forwarded email
    Date: Sat, 19 Apr 2003 14:44:47 -0500

    I am not sure if there is anything in the thread that may help you but it looks like RR are mucking around a bit at the mo.
     
  13. FanJ

    FanJ Guest

  14. lisvard

    lisvard Guest

    Well, I'm totaly confused now. I believe it may be a Trojan, but have no idea where it may be. What is NAV and where can I get it? HELP!!!!!!
     
  15. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Calm down first of all. NAV is Norton Anti Virus.
    Why do you think you do have any infection, does the lates updated TDS give any alert on that? (full system scan, everything checked and slider on highest sensitivity) ?
    When that is finished, you'll see in the bottom little console window the alerts. Click on one of the (rightclick) and save the alerts to textfile. This will be Scandump.txt, which is located in your TDS-3 directory.
    You might like to IM this to one of us, or email it to Gavin at support@diamondcs.com.au and he might ask for files to submit in case the alerts say "suspicious trojan code" with no "positive identification" and the nasty named. All the rest he has in the database.

    In stead of installing NAV on a system which might not be clean, you'd better first do this scan, and some online scans like http://housecall.antivirus.com or www.pandasoftware.com or www.bitdefender.com or.... there are several free on internet.
    Please before installing any other av/at do those scans and tell us what are your finds.
    A possible trojan is apart from an email configuration.

    After your results, we can help you further, but first of all keep calm, don't worry yet, do the scans and then report.
     
  16. lisvard

    lisvard Guest

    Yes, I had about 8 suspicious files that were tagged, which is why I was trying to send TDS support the info. I noticed a program that was trying to load (Scratch Cards) everytime I rebooted and I'm concerned it it still present.
     
  17. lisvard

    lisvard Guest

    I will also redo the scans and send.

    Thanks!
     
  18. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    That sounds more like Spyware:

    Use either Adaware 6 or Spybot S&D to clean out the possible spyware. Make sure to update before you do a scan.

    Regards,

    Pieter
     
  19. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Looking forward to your report. Suspicious can be for trojan code or for double extensions, several things.
    In the TDS > System analysis > Process Lists and Autostart Explorer you can stop the process and in the Autostart explorer you can search the key and delete it.
    You might like to look with Port Explorer if it is connecting to the outside world and if so to where and block that thing in your firewall as long as it's there.
    Before you delete it with an alert telling suspicious other then for double file extensions, you might indeed like to zip the things and send it (you can use email) to submit@diamondcs.com.au and you might like to add in one of the files your scandump.txt so Gavin or whomever will look at it knows what happened.

    If it is spyware (sounds like that, as Pieter says) you will get rid of it pretty soon with TDS (delete the files after submitting if you like) and with Adaware-6 and/or Spybot S&D.Just updated mine today and scanned too to make sure.
     
  20. lisvard

    lisvard Guest

    I sent the report to support@diamondcs.com.au let me know if you got it. I ran Adaware 6 and a Full scan. Adaware 6 found some stuff and the Full scan is listed in the report.
     
  21. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    In that case TDS found things too, i hope you zipped those things and sent them in too, before deleting them (zipped they can't harm in most cases if you don't touch to upzip them).
    Were the adaware alerts related to these same files?
     
Thread Status:
Not open for further replies.