Mass Mailing worm problem, please help

Discussion in 'Computer Security' started by chris, Aug 27, 2004.

  1. chris

    chris Guest

    Hi All,

    I got a very serious problem. My email server keep having the "relaying
    denied" message and I think some of my clients' pc got infected. However,
    the email didn't show which pc or from which IP address the email are sent
    from. Therefore, I would like to know how can I check it out or any software
    can help??? And also, how can I identify which virus my clients' pc are
    infected. As it made us can't send out any email with message below

    Mail server: WinRoute Pro 4.2.5 at ctw.com.hk
    Error description: message could not be delivered, server replied:
    550 5.7.1 <>... Relaying denied
    Original message is attached.

    Anyone can help?? Please help me...Thanks alot.

    Chris
     
    chris, Aug 27, 2004
    #1
    1. Advertising

  2. In article <cgn9eb$>, on Fri, 27 Aug 2004 20:28:11 +0800, "chris"
    <> wrote:

    | Hi All,
    |
    | I got a very serious problem. My email server keep having the "relaying
    | denied" message and I think some of my clients' pc got infected. However,
    | the email didn't show which pc or from which IP address the email are sent
    | from. Therefore, I would like to know how can I check it out or any software
    | can help??? And also, how can I identify which virus my clients' pc are
    | infected. As it made us can't send out any email with message below
    |
    | Mail server: WinRoute Pro 4.2.5 at ctw.com.hk
    | Error description: message could not be delivered, server replied:
    | 550 5.7.1 <>... Relaying denied
    | Original message is attached.
    |
    | Anyone can help?? Please help me...Thanks alot.

    What's wrong with looking at the server logs?

    From <http://kerio.apposite.com.hk/product/winroute%20_pro/mail.htm>:

    "Logging: For diagnostic and regulatory reasons the Kerio WinRoute
    administrator can trace all email processing using the Mail and Debug logs."

    <davidp />

    --
    David Postill
     
    David Postill, Aug 27, 2004
    #2
    1. Advertising

  3. chris

    chris Guest

    Thanks for your advise, David...But I would like to ask how can I identify
    which kind of virus the pc is infected if I found a mass mailing activities
    from a PC listed in the log file? As I know there are many kind of worm
    which lead to mass-mailing activities....

    CHRIS
    "David Postill" <> ???
    news: ???...
    > In article <cgn9eb$>, on Fri, 27 Aug 2004

    20:28:11 +0800, "chris"
    > <> wrote:
    >
    > | Hi All,
    > |
    > | I got a very serious problem. My email server keep having the "relaying
    > | denied" message and I think some of my clients' pc got infected.

    However,
    > | the email didn't show which pc or from which IP address the email are

    sent
    > | from. Therefore, I would like to know how can I check it out or any

    software
    > | can help??? And also, how can I identify which virus my clients' pc are
    > | infected. As it made us can't send out any email with message below
    > |
    > | Mail server: WinRoute Pro 4.2.5 at ctw.com.hk
    > | Error description: message could not be delivered, server replied:
    > | 550 5.7.1 <>... Relaying denied
    > | Original message is attached.
    > |
    > | Anyone can help?? Please help me...Thanks alot.
    >
    > What's wrong with looking at the server logs?
    >
    > From <http://kerio.apposite.com.hk/product/winroute%20_pro/mail.htm>:
    >
    > "Logging: For diagnostic and regulatory reasons the Kerio WinRoute
    > administrator can trace all email processing using the Mail and Debug

    logs."
    >
    > <davidp />
    >
    > --
    > David Postill
     
    chris, Aug 27, 2004
    #3
  4. chris

    Chuck Guest

    On Fri, 27 Aug 2004 20:28:11 +0800, "chris" <> wrote:

    >Hi All,
    >
    >I got a very serious problem. My email server keep having the "relaying
    >denied" message and I think some of my clients' pc got infected. However,
    >the email didn't show which pc or from which IP address the email are sent
    >from. Therefore, I would like to know how can I check it out or any software
    >can help??? And also, how can I identify which virus my clients' pc are
    >infected. As it made us can't send out any email with message below
    >
    >Mail server: WinRoute Pro 4.2.5 at ctw.com.hk
    >Error description: message could not be delivered, server replied:
    >550 5.7.1 <>... Relaying denied
    >Original message is attached.
    >
    >Anyone can help?? Please help me...Thanks alot.
    >
    >Chris


    Chris,

    So were there not any clues in the "Original message is attached"?

    If your client has a PC that's busy sending out spam, there should be a lot of
    smtp traffic on their LAN. Hoping that they're behind a firewall or router, is
    there not a firewall log?

    What hub / switch is their LAN based upon? If a switch, can you install a hub
    between it and the internet gateway, and setup a sniffer listening for outgoing
    smtp traffic?

    Cheers,
    Chuck
    Paranoia comes from experience - and is not necessarily a bad thing.
     
    Chuck, Aug 27, 2004
    #4
  5. In article <cgnq17$>, on Sat, 28 Aug 2004 01:11:18 +0800, "chris"
    <> wrote:

    Please don't top post.

    | Thanks for your advise, David...But I would like to ask how can I identify
    | which kind of virus the pc is infected if I found a mass mailing activities
    | from a PC listed in the log file? As I know there are many kind of worm
    | which lead to mass-mailing activities....

    There are many virus and trojan detectors available.

    Here are some links you can explore...

    AntiVirus Tools

    <http://lists.gpick.com/pages/AntiVirus_Tools.htm> AntiVirus Tools Links

    <https://netfiles.uiuc.edu/ehowes/www/soft1.htm> AntiVirus Tools Links

    Trojan Protection

    <http://lists.gpick.com/pages/AntiTrojan_Tools.htm> AntiTrojan Tools Links

    <https://netfiles.uiuc.edu/ehowes/www/soft5.htm> AntiTrojan Tools Links

    |
    | CHRIS
    | "David Postill" <> ???
    | news: ???...
    | > In article <cgn9eb$>, on Fri, 27 Aug 2004
    | 20:28:11 +0800, "chris"
    | > <> wrote:
    | >
    | > | Hi All,
    | > |
    | > | I got a very serious problem. My email server keep having the "relaying
    | > | denied" message and I think some of my clients' pc got infected.
    | However,
    | > | the email didn't show which pc or from which IP address the email are
    | sent
    | > | from. Therefore, I would like to know how can I check it out or any
    | software
    | > | can help??? And also, how can I identify which virus my clients' pc are
    | > | infected. As it made us can't send out any email with message below
    | > |
    | > | Mail server: WinRoute Pro 4.2.5 at ctw.com.hk
    | > | Error description: message could not be delivered, server replied:
    | > | 550 5.7.1 <>... Relaying denied
    | > | Original message is attached.
    | > |
    | > | Anyone can help?? Please help me...Thanks alot.
    | >
    | > What's wrong with looking at the server logs?
    | >
    | > From <http://kerio.apposite.com.hk/product/winroute%20_pro/mail.htm>:
    | >
    | > "Logging: For diagnostic and regulatory reasons the Kerio WinRoute
    | > administrator can trace all email processing using the Mail and Debug
    | logs."

    <davidp />

    --
    David Postill
     
    David Postill, Aug 28, 2004
    #5
  6. chris

    David Bolt Guest

    What does 'top post' mean?
    Dave Bolt

    "David Postill" <> wrote in message
    news:...
    > In article <cgnq17$>, on Sat, 28 Aug 2004

    01:11:18 +0800, "chris"
    > <> wrote:
    >
    > Please don't top post.
    >
    > | Thanks for your advise, David...But I would like to ask how can I

    identify
    > | which kind of virus the pc is infected if I found a mass mailing

    activities
    > | from a PC listed in the log file? As I know there are many kind of worm
    > | which lead to mass-mailing activities....
    >
    > There are many virus and trojan detectors available.
    >
    > Here are some links you can explore...
    >
    > AntiVirus Tools
    >
    > <http://lists.gpick.com/pages/AntiVirus_Tools.htm> AntiVirus Tools Links
    >
    > <https://netfiles.uiuc.edu/ehowes/www/soft1.htm> AntiVirus Tools Links
    >
    > Trojan Protection
    >
    > <http://lists.gpick.com/pages/AntiTrojan_Tools.htm> AntiTrojan Tools Links
    >
    > <https://netfiles.uiuc.edu/ehowes/www/soft5.htm> AntiTrojan Tools Links
    >
    > |
    > | CHRIS
    > | "David Postill" <> ???
    > | news: ???...
    > | > In article <cgn9eb$>, on Fri, 27 Aug 2004
    > | 20:28:11 +0800, "chris"
    > | > <> wrote:
    > | >
    > | > | Hi All,
    > | > |
    > | > | I got a very serious problem. My email server keep having the

    "relaying
    > | > | denied" message and I think some of my clients' pc got infected.
    > | However,
    > | > | the email didn't show which pc or from which IP address the email

    are
    > | sent
    > | > | from. Therefore, I would like to know how can I check it out or any
    > | software
    > | > | can help??? And also, how can I identify which virus my clients' pc

    are
    > | > | infected. As it made us can't send out any email with message below
    > | > |
    > | > | Mail server: WinRoute Pro 4.2.5 at ctw.com.hk
    > | > | Error description: message could not be delivered, server replied:
    > | > | 550 5.7.1 <>... Relaying denied
    > | > | Original message is attached.
    > | > |
    > | > | Anyone can help?? Please help me...Thanks alot.
    > | >
    > | > What's wrong with looking at the server logs?
    > | >
    > | > From <http://kerio.apposite.com.hk/product/winroute%20_pro/mail.htm>:
    > | >
    > | > "Logging: For diagnostic and regulatory reasons the Kerio WinRoute
    > | > administrator can trace all email processing using the Mail and Debug
    > | logs."
    >
    > <davidp />
    >
    > --
    > David Postill
     
    David Bolt, Aug 29, 2004
    #6
  7. In article <cgsfgd$mnf$>, on Sun, 29 Aug 2004 12:43:08 +0100, "David Bolt"
    <> wrote:

    | What does 'top post' mean?
    | Dave Bolt

    What you just did. Posting at the top of the message so the
    conversation reads back to front.

    There's a whole bunch of sites on the subject if you want to know more:

    http://www.zedtoo.demon.co.uk/jcode/basic.html
    http://www.netmeister.org/news/learn2quote2.html#ss2.3
    http://www.uwasa.fi/~ts/http/quote.html
    http://www.blakjak.demon.co.uk/gey_stv0.htm
    http://www.blakjak.demon.co.uk/gey_chr0.htm
    http://www.cs.tut.fi/~jkorpela/usenet/brox.html
    http://www.spfc.org/band/faq.html?faq_id=10

    <davidp />

    --
    David Postill
     
    David Postill, Aug 29, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jim Beaver

    Some mass-mailing recipients not getting emails

    Jim Beaver, Jan 5, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    414
    Boomer
    Jan 5, 2004
  2. Lord Shaolin
    Replies:
    6
    Views:
    2,654
    John Tate
    Aug 20, 2003
  3. Lord Shaolin
    Replies:
    39
    Views:
    993
    Mimic
    Sep 26, 2003
  4. RB

    more on the mass mailing

    RB, Sep 19, 2003, in forum: Computer Security
    Replies:
    2
    Views:
    384
    =?ISO-8859-1?Q?Andr=E9_Franke?=
    Sep 21, 2003
  5. manenrapture

    Trick on mass mailing in one attempt

    manenrapture, Aug 25, 2007, in forum: Computer Support
    Replies:
    29
    Views:
    1,046
    Plato
    Aug 28, 2007
Loading...

Share This Page