• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Group accounts and false mail

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2000] >> Server Security >> Group accounts and false mail Page: [1]
Login
Message << Older Topic   Newer Topic >>
Group accounts and false mail - 27.Aug.2003 3:03:00 AM   
datechguy

 

Posts: 1
Joined: 27.Aug.2003
From: Columbia, SC
Status: offline
Good Evening,
I have several generic accounts and group accounts (ie webmaster, admissions, financialaid, helpdesk, etc.) at the school. I am using ex 2k with Trend Micro and GFI on a Dell server. I have a DMZ set up with a Cisco PIX. The problem that I am experiencing is that I am noticing mail being sent from my webmaster account to other users, both internal accounts and external accounts that I have never heard of or sent (I am also the webmaster). I was tipped to this when I received mail back from someone stating that my message was rejected due to the attachment, a .pif file, possibly containing a virus. I never sent this message. How is this possible? Have I been hacked? If so, how can I detect this and stop it? If not a hack, then what?

Thanks for the help and suggestions.

Garrick
Post #: 1
RE: Group accounts and false mail - 26.Sep.2003 5:52:00 PM   
pjhutch

 

Posts: 3578
Joined: 21.Jul.2001
From: W Yorks, England
Status: offline
The virus itself is probably sending these messages. Get all your PCs checked for viruses.
Typical viruses could be W32/Sobig.f.

See http://vil.nai.com/vil/content/v_100561.htm
for more info.

(in reply to datechguy)
Post #: 2
RE: Group accounts and false mail - 1.Oct.2003 3:02:00 AM   
Egiganet

 

Posts: 135
Joined: 10.Dec.2002
From: Michigan
Status: offline
The new breed of viruses love to spoof sender addresses. If you can view the headers of any of the e-mails you can see an IP where the e-mails originated from. More than likely not from you.

Aside from having proper virus protection on your end, there is not much you can do.

Couple of extras to check not entirely related to the topic:
You have your server in the DMZ. You are only allowing certain ports through to the server correct?

Lastly verify you're not setup as an open relay.

Good luck,
-Andy

(in reply to datechguy)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2000] >> Server Security >> Group accounts and false mail Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter