Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Mass Mailing worm problem, please help

Reply
Thread Tools

Mass Mailing worm problem, please help

 
 
chris
Guest
Posts: n/a
 
      08-27-2004
Hi All,

I got a very serious problem. My email server keep having the "relaying
denied" message and I think some of my clients' pc got infected. However,
the email didn't show which pc or from which IP address the email are sent
from. Therefore, I would like to know how can I check it out or any software
can help??? And also, how can I identify which virus my clients' pc are
infected. As it made us can't send out any email with message below

Mail server: WinRoute Pro 4.2.5 at ctw.com.hk
Error description: message could not be delivered, server replied:
550 5.7.1 <(E-Mail Removed)>... Relaying denied
Original message is attached.

Anyone can help?? Please help me...Thanks alot.

Chris


 
Reply With Quote
 
 
 
 
David Postill
Guest
Posts: n/a
 
      08-27-2004
In article <cgn9eb$(E-Mail Removed)>, on Fri, 27 Aug 2004 20:28:11 +0800, "chris"
<(E-Mail Removed)> wrote:

| Hi All,
|
| I got a very serious problem. My email server keep having the "relaying
| denied" message and I think some of my clients' pc got infected. However,
| the email didn't show which pc or from which IP address the email are sent
| from. Therefore, I would like to know how can I check it out or any software
| can help??? And also, how can I identify which virus my clients' pc are
| infected. As it made us can't send out any email with message below
|
| Mail server: WinRoute Pro 4.2.5 at ctw.com.hk
| Error description: message could not be delivered, server replied:
| 550 5.7.1 <(E-Mail Removed)>... Relaying denied
| Original message is attached.
|
| Anyone can help?? Please help me...Thanks alot.

What's wrong with looking at the server logs?

From <http://kerio.apposite.com.hk/product/winroute%20_pro/mail.htm>:

"Logging: For diagnostic and regulatory reasons the Kerio WinRoute
administrator can trace all email processing using the Mail and Debug logs."

<davidp />

--
David Postill
 
Reply With Quote
 
 
 
 
chris
Guest
Posts: n/a
 
      08-27-2004
Thanks for your advise, David...But I would like to ask how can I identify
which kind of virus the pc is infected if I found a mass mailing activities
from a PC listed in the log file? As I know there are many kind of worm
which lead to mass-mailing activities....

CHRIS
"David Postill" <(E-Mail Removed)> ???
news:(E-Mail Removed) ???...
> In article <cgn9eb$(E-Mail Removed)>, on Fri, 27 Aug 2004

20:28:11 +0800, "chris"
> <(E-Mail Removed)> wrote:
>
> | Hi All,
> |
> | I got a very serious problem. My email server keep having the "relaying
> | denied" message and I think some of my clients' pc got infected.

However,
> | the email didn't show which pc or from which IP address the email are

sent
> | from. Therefore, I would like to know how can I check it out or any

software
> | can help??? And also, how can I identify which virus my clients' pc are
> | infected. As it made us can't send out any email with message below
> |
> | Mail server: WinRoute Pro 4.2.5 at ctw.com.hk
> | Error description: message could not be delivered, server replied:
> | 550 5.7.1 <(E-Mail Removed)>... Relaying denied
> | Original message is attached.
> |
> | Anyone can help?? Please help me...Thanks alot.
>
> What's wrong with looking at the server logs?
>
> From <http://kerio.apposite.com.hk/product/winroute%20_pro/mail.htm>:
>
> "Logging: For diagnostic and regulatory reasons the Kerio WinRoute
> administrator can trace all email processing using the Mail and Debug

logs."
>
> <davidp />
>
> --
> David Postill



 
Reply With Quote
 
Chuck
Guest
Posts: n/a
 
      08-27-2004
On Fri, 27 Aug 2004 20:28:11 +0800, "chris" <(E-Mail Removed)> wrote:

>Hi All,
>
>I got a very serious problem. My email server keep having the "relaying
>denied" message and I think some of my clients' pc got infected. However,
>the email didn't show which pc or from which IP address the email are sent
>from. Therefore, I would like to know how can I check it out or any software
>can help??? And also, how can I identify which virus my clients' pc are
>infected. As it made us can't send out any email with message below
>
>Mail server: WinRoute Pro 4.2.5 at ctw.com.hk
>Error description: message could not be delivered, server replied:
>550 5.7.1 <(E-Mail Removed)>... Relaying denied
>Original message is attached.
>
>Anyone can help?? Please help me...Thanks alot.
>
>Chris


Chris,

So were there not any clues in the "Original message is attached"?

If your client has a PC that's busy sending out spam, there should be a lot of
smtp traffic on their LAN. Hoping that they're behind a firewall or router, is
there not a firewall log?

What hub / switch is their LAN based upon? If a switch, can you install a hub
between it and the internet gateway, and setup a sniffer listening for outgoing
smtp traffic?

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
 
Reply With Quote
 
David Postill
Guest
Posts: n/a
 
      08-28-2004
In article <cgnq17$(E-Mail Removed)>, on Sat, 28 Aug 2004 01:11:18 +0800, "chris"
<(E-Mail Removed)> wrote:

Please don't top post.

| Thanks for your advise, David...But I would like to ask how can I identify
| which kind of virus the pc is infected if I found a mass mailing activities
| from a PC listed in the log file? As I know there are many kind of worm
| which lead to mass-mailing activities....

There are many virus and trojan detectors available.

Here are some links you can explore...

AntiVirus Tools

<http://lists.gpick.com/pages/AntiVirus_Tools.htm> AntiVirus Tools Links

<https://netfiles.uiuc.edu/ehowes/www/soft1.htm> AntiVirus Tools Links

Trojan Protection

<http://lists.gpick.com/pages/AntiTrojan_Tools.htm> AntiTrojan Tools Links

<https://netfiles.uiuc.edu/ehowes/www/soft5.htm> AntiTrojan Tools Links

|
| CHRIS
| "David Postill" <(E-Mail Removed)> ???
| news:(E-Mail Removed) ???...
| > In article <cgn9eb$(E-Mail Removed)>, on Fri, 27 Aug 2004
| 20:28:11 +0800, "chris"
| > <(E-Mail Removed)> wrote:
| >
| > | Hi All,
| > |
| > | I got a very serious problem. My email server keep having the "relaying
| > | denied" message and I think some of my clients' pc got infected.
| However,
| > | the email didn't show which pc or from which IP address the email are
| sent
| > | from. Therefore, I would like to know how can I check it out or any
| software
| > | can help??? And also, how can I identify which virus my clients' pc are
| > | infected. As it made us can't send out any email with message below
| > |
| > | Mail server: WinRoute Pro 4.2.5 at ctw.com.hk
| > | Error description: message could not be delivered, server replied:
| > | 550 5.7.1 <(E-Mail Removed)>... Relaying denied
| > | Original message is attached.
| > |
| > | Anyone can help?? Please help me...Thanks alot.
| >
| > What's wrong with looking at the server logs?
| >
| > From <http://kerio.apposite.com.hk/product/winroute%20_pro/mail.htm>:
| >
| > "Logging: For diagnostic and regulatory reasons the Kerio WinRoute
| > administrator can trace all email processing using the Mail and Debug
| logs."

<davidp />

--
David Postill
 
Reply With Quote
 
David Bolt
Guest
Posts: n/a
 
      08-29-2004
What does 'top post' mean?
Dave Bolt

"David Postill" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> In article <cgnq17$(E-Mail Removed)>, on Sat, 28 Aug 2004

01:11:18 +0800, "chris"
> <(E-Mail Removed)> wrote:
>
> Please don't top post.
>
> | Thanks for your advise, David...But I would like to ask how can I

identify
> | which kind of virus the pc is infected if I found a mass mailing

activities
> | from a PC listed in the log file? As I know there are many kind of worm
> | which lead to mass-mailing activities....
>
> There are many virus and trojan detectors available.
>
> Here are some links you can explore...
>
> AntiVirus Tools
>
> <http://lists.gpick.com/pages/AntiVirus_Tools.htm> AntiVirus Tools Links
>
> <https://netfiles.uiuc.edu/ehowes/www/soft1.htm> AntiVirus Tools Links
>
> Trojan Protection
>
> <http://lists.gpick.com/pages/AntiTrojan_Tools.htm> AntiTrojan Tools Links
>
> <https://netfiles.uiuc.edu/ehowes/www/soft5.htm> AntiTrojan Tools Links
>
> |
> | CHRIS
> | "David Postill" <(E-Mail Removed)> ???
> | news:(E-Mail Removed) ???...
> | > In article <cgn9eb$(E-Mail Removed)>, on Fri, 27 Aug 2004
> | 20:28:11 +0800, "chris"
> | > <(E-Mail Removed)> wrote:
> | >
> | > | Hi All,
> | > |
> | > | I got a very serious problem. My email server keep having the

"relaying
> | > | denied" message and I think some of my clients' pc got infected.
> | However,
> | > | the email didn't show which pc or from which IP address the email

are
> | sent
> | > | from. Therefore, I would like to know how can I check it out or any
> | software
> | > | can help??? And also, how can I identify which virus my clients' pc

are
> | > | infected. As it made us can't send out any email with message below
> | > |
> | > | Mail server: WinRoute Pro 4.2.5 at ctw.com.hk
> | > | Error description: message could not be delivered, server replied:
> | > | 550 5.7.1 <(E-Mail Removed)>... Relaying denied
> | > | Original message is attached.
> | > |
> | > | Anyone can help?? Please help me...Thanks alot.
> | >
> | > What's wrong with looking at the server logs?
> | >
> | > From <http://kerio.apposite.com.hk/product/winroute%20_pro/mail.htm>:
> | >
> | > "Logging: For diagnostic and regulatory reasons the Kerio WinRoute
> | > administrator can trace all email processing using the Mail and Debug
> | logs."
>
> <davidp />
>
> --
> David Postill



 
Reply With Quote
 
David Postill
Guest
Posts: n/a
 
      08-29-2004
In article <cgsfgd$mnf$(E-Mail Removed)>, on Sun, 29 Aug 2004 12:43:08 +0100, "David Bolt"
<(E-Mail Removed)> wrote:

| What does 'top post' mean?
| Dave Bolt

What you just did. Posting at the top of the message so the
conversation reads back to front.

There's a whole bunch of sites on the subject if you want to know more:

http://www.zedtoo.demon.co.uk/jcode/basic.html
http://www.netmeister.org/news/learn2quote2.html#ss2.3
http://www.uwasa.fi/~ts/http/quote.html
http://www.blakjak.demon.co.uk/gey_stv0.htm
http://www.blakjak.demon.co.uk/gey_chr0.htm
http://www.cs.tut.fi/~jkorpela/usenet/brox.html
http://www.spfc.org/band/faq.html?faq_id=10

<davidp />

--
David Postill
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Trick on mass mailing in one attempt manenrapture Computer Support 29 08-28-2007 09:15 PM
Some mass-mailing recipients not getting emails Jim Beaver Computer Support 2 01-05-2004 09:54 PM
legal mass mailing problems? Aplus ASP General 4 10-03-2003 09:12 AM
Yet another Mass e-mail worm TM - Gibe-F/Swen-A - E-mail from Microsoft Lord Shaolin Computer Security 39 09-26-2003 12:59 PM
more on the mass mailing RB Computer Security 2 09-21-2003 11:14 AM



Advertisments