NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Am I really under attack?



Yeah, SMTP headers are great aren't they!!!

I have not seen too many ways to clean up the headers that exchange generates.
I don't know if there is a 3rd party product or what, but I am considering setting
up a sendmail box and doing some custom PERL-MX scripting to replace all the
info I don't like with XXX's....

Anybody else have a solution to prevent exchange from producing these insightful
headers? Our exchange guru says there aren't any nerd knobs to do it.

----- Original Message ----- 
From: "Tika Mahata" <[email protected]>
To: <[email protected]>
Sent: Monday, January 08, 2001 10:14 AM
Subject: [FW1] Am I really under attack?


> 
> Hi All,
> 
> I think I'm under attack.
> 
> Someone used my Exchange Server 5.5 as relay agent for
> huge amount of mails produced from
> hotmail.com,yahoo.com,exite.com etc.
> After I came to know that someone used this I got one 
> mail from my ISP which was sent by someone who
> received it from my mailserver.I surprised when I saw
> there is my FW NETBIOS name as well as its internal
> interface's invalid IP address.
> 
> 
> 
> In FW only there are following rules:
> 
> 1. ANY MAILSRV SMTP ACCEPT
> 2. MAILSRV ANY SMTP ACCEPT
> 3. InternetGr@ANY ANY HTTP USER-AUTH
> 4. LocalNet ANY HTTPS ACCEPT
> 5. SecureUsr@NAY LocalNet ANY Client-Encrypt
> 6. ANY External-wks ANY ACCEPT
> 7. ANY ANY    ANY REJECT
>   
> And,
> 
> Today I can't browse any internet sites.But after long
> diagnosis, it is found that I can ping any sites with
> its domain name  (I refer DNS query from   ISP's DNS
> Server).And it is important to say that I can browse
> only the unknown sites (i.e not used frequently) only
> once.Then after I can't even browse this site also
> even from Gateway.I've no proxy server.I'm using FW's
> proxy with dynamic NAT.
> 
> FW-1 4.0 sp6
> NT 4.0  sp6a
> 
> Now I'm able to stop SMTP relay but internet access
> can't be succeeded.There is no problem in my VPN. 
> connection.
> 
> Pls suggest me what to do next.
> 
> Tika Mahata
>   
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Photos - Share your holiday photos online!
> http://photos.yahoo.com/
> 
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================
> 



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.