Email server hacked??

Discussion in 'privacy problems' started by martindijk, Oct 23, 2003.

Thread Status:
Not open for further replies.
  1. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Hi all,

    Didn't know what hit me yesterday, as always i checked my email on my Win2000 server and i received 2100 mails back from the Postmaster.

    All adresses were send to different names but always a "hotmail" domain.

    Now it seems a korean guy is using my mailserver to propagate spam and everytime i check my mail i get hundreds of returned mail from the postmaster and our own internal mail can not be received anymore as a result of all those "hotmail" returned messages.

    For now i have reconfigured the email server, but i haven't got a clue what is generating all this mail o_O

    Could this be the affect of a browser hack or something like that.

    Please help me out here guys, any suggestion is welcome.

    Thanks in advance,

    cheers,
    Martin
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi Martin,

    Have you checked your list of processes for anything suspicious?
    I have seen reports of trojan-like programs turning computers into spam relayers.

    Regards,

    Pieter
     
  3. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Hi Pieter,

    Done that and at first glance it seems to be oké.

    Is it worth running Hijack This on the server and have it checked out on this forumo_O

    rgds,
    Martin
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi Martin,

    I'd be happy to have a look if I can find something.

    Regards,

    Pieter
     
  5. DiGi

    DiGi Registered Member

    Joined:
    Jul 24, 2003
    Posts:
    114
    Location:
    in the middle of nowhere
    Maybe it was only wrong configured smtp server (open relay)...

    Check http://www.ordb.org/
     
  6. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Hi DiGi,

    Can you please tell me what that means to me : an open relay, and how this can solve my earlier mentioned problems??

    cheers,
    Martin
     
  7. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    If your mailserver is a open relay, it means anyone can send email from your smtp server.

    Spammers love that of course.

    Normally, you would have restrictions on who can use your smtp server, either by limiting by ip , or by allowing mail after a pop authication etc
     
  8. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Another possibility (depending on the type of messages you are getting), some did a joe job on you.

    IE someone spoofed your email addie by changing the
    "Reply To" address .

    You can't do much in this case.
     
  9. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Thanks all for your replies,

    Is there an easy way of closing this open relay??

    cheers,
    Martin
     
  10. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    ?? It depends on what mail server you are running. No offence but if you don't know what an open relay is , you really shouldnt be running a mail server.

    Lots of security issues....
     
  11. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Iam running a Cobalt Cube 3, and as for the open relay aspect, it is just the english terms that confuses me, that's all.

    cheers,
    Martin
     
  12. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Sorry. never heard of it. Try checking your documentation. Also are you certain yours is an open relay?
     
  13. 4NodAu

    4NodAu Registered Member

    Joined:
    Oct 27, 2003
    Posts:
    6
    Hi,
    VIEW: Thank U Nod32 Staff x 2 4NodAu ( Posted Tuesday 28th October 2003 Australian Time )

    ************

    VIEW : http://www.sacm.co.za/Feature.asp?NewsID=6828&Cont=News

    THIS NASTY CAME BY WAY OF AN OFFICIAL LOOKIN' MICROSOFT EMAIL PATCH FOR IE V'S 4.01 - 6.xx and win 95 - win xp.

    MAYBE these ISP'S have got umpteen WORMS - TROJANS - VIRUSES imbedded and nasty TERRISTO'S are REMOTELY CONTROLLING THE SERVERS AND / OR DUMPING AND email ADDIES to these

    BULK SENDERS OF EMAIL UNSOLICITED AND OR SPAMMMERS !!!

    USE ADAWARE AND ALWAYS QUARANTIENE EVERYTHING CHECK IT IS ALWAYS ON. HURISTIC AND DEEP SCAN ON.

    CHOOSE TO LEAVE ON SERVER AND MOVE TO TRASH ON EXIT SOUNDS A GOOD IDEA.

    PERHAPS THE HACKERS HAVE THE ISP SERVERS SETUP TO KEEP PILES OF EMAILS THAT SHOULD HAVE BEEN DELETED ... THEN DUMP THEM ON US.


    ********************************

    WE RECEIVED 20 + OF EXACTLY THE SAME BLOODY EMAIL FROM EXACTLY THE SAME SOURCE.

    ********************************

    regards
    4NodAu
     
  14. 4NodAu

    4NodAu Registered Member

    Joined:
    Oct 27, 2003
    Posts:
    6
    Hi,
    By the way ... MAYBE why you copped them back was that everyone's email server mail boxes were chockers like ours at telstra bigpond.com.au here in Aussie we were 101% FULL UP AND OVERFLOWING. WE WERE ADVISED BY EMAIL THAT THE BIGPOND SERVER WOULD REJECT ANY FURTHER EMAILS TO OUR ADDIE AND TO CLEAN OUT OR EMAIL BOX.

    BLOODY NETSCAPE GOES IN EVER 10 MINUTES AND GETS OUR EMAILS !!

    IT WAS JUST EMAIL KAYOS !!


    regards
    4NodAu.
     
  15. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    @Pieter, maybe you can find something, thanks in advance.

    cheers,
    Martin
     
  16. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi Martin,

    Perfectly normal log for a Compaq ProLiant server. ;)

    Regards,

    Pieter
     
  17. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Hi Pieter,

    Thanks for letting me know, i appreciate it.

    cheers,
    Martin
     
Loading...
Thread Status:
Not open for further replies.