[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Am I really under attack?
Yeah, SMTP headers are great aren't they!!! I have not seen too many ways to clean up the headers that exchange generates. I don't know if there is a 3rd party product or what, but I am considering setting up a sendmail box and doing some custom PERL-MX scripting to replace all the info I don't like with XXX's.... Anybody else have a solution to prevent exchange from producing these insightful headers? Our exchange guru says there aren't any nerd knobs to do it. ----- Original Message ----- From: "Tika Mahata" <[email protected]> To: <[email protected]> Sent: Monday, January 08, 2001 10:14 AM Subject: [FW1] Am I really under attack? > > Hi All, > > I think I'm under attack. > > Someone used my Exchange Server 5.5 as relay agent for > huge amount of mails produced from > hotmail.com,yahoo.com,exite.com etc. > After I came to know that someone used this I got one > mail from my ISP which was sent by someone who > received it from my mailserver.I surprised when I saw > there is my FW NETBIOS name as well as its internal > interface's invalid IP address. > > > > In FW only there are following rules: > > 1. ANY MAILSRV SMTP ACCEPT > 2. MAILSRV ANY SMTP ACCEPT > 3. InternetGr@ANY ANY HTTP USER-AUTH > 4. LocalNet ANY HTTPS ACCEPT > 5. SecureUsr@NAY LocalNet ANY Client-Encrypt > 6. ANY External-wks ANY ACCEPT > 7. ANY ANY ANY REJECT > > And, > > Today I can't browse any internet sites.But after long > diagnosis, it is found that I can ping any sites with > its domain name (I refer DNS query from ISP's DNS > Server).And it is important to say that I can browse > only the unknown sites (i.e not used frequently) only > once.Then after I can't even browse this site also > even from Gateway.I've no proxy server.I'm using FW's > proxy with dynamic NAT. > > FW-1 4.0 sp6 > NT 4.0 sp6a > > Now I'm able to stop SMTP relay but internet access > can't be succeeded.There is no problem in my VPN. > connection. > > Pls suggest me what to do next. > > Tika Mahata > > > > __________________________________________________ > Do You Yahoo!? > Yahoo! Photos - Share your holiday photos online! > http://photos.yahoo.com/ > > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|