I've been able to obtain several copies of headers but UUNET has blocked
port 25 at my IP. The user keeps spaming through a open relay out there and
it is still my issue since traffic originates from my network.

        Erik

-----Original Message-----
From: Focus on Microsoft Mailing List
[mailto:FOCUS-MSsecurityfocus.com]On Behalf Of Adam Garren
Sent: Monday, March 12, 2001 12:17 PM
To: FOCUS-MSsecurityfocus.com
Subject: Re: SMTP Relay

If you've received complaints regarding spam from your account or an
account on your network it doesn't necessarily mean it coming from your
network, right? Someone is probably relaying off an open linux box they've
run across. It would seem as though your best bet would be to get your
hands on the headers of a spammed message purportedly from your address
(assuming I understand your problem correctly) and glean what information
you can from it.

   -AD-
>
>To ALL.
> I have a issue with a spammer. Basically, I'm running
IIS 5.0 virtual >server and the smtp service has been shutdown. All known
executables and >programs are being audited and so far nothing has matched
up as far as time >frames when spam is going out. I was wondering if there
is anyone out there >that may have faced a simlar situation before. > I've
been using windump but I feel that my knowledge of it's potential is >not
known to it's fullest extent. > What I believe is happening is that the
user is uploading an exe or perl >mod and then removing it when he is
done. Anyone have any thoughts or other >apps that might be usefull. >
> Erik

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]