Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Mailserver compromised?
  •  
cecotto479

Messages: 3
Karma: 0
Send a private message to this user
I have a site running Mailserver 6.6 on a Centos box behind a Sonicwall firewall.

All has been ghoing swimmingly for over a year.

In the past couple of days, the users have complained of poor network performance. All client PCs are virus protected with AVG professional and up to date. The server is running Avast and up to date. Recent scans show no issues. Port 25 is blocked for all PCs on the network except the mailserver.

The only thing I can find unusual in the mailserver logs is:-
"[02/Jul/2009 07:20:59] Sent: Queue-ID: 4a4b6718-00000041, Recipient: <gbounce-76813395-5131-500017685-1246454396824<_a.t_>bounce.wc-nl.co.uk >, Result: delayed, Status: 4.1.1 450 4.7.1 <saturn.*domain*>: Helo command rejected: Host not found"

This, or a very similar message occurs about 200 times per day.

All other mail events appear to relate properly to users and recognised e-mail addresses.

With no other PCs connected to the network, the WAN activity light on the router goes bonkers flashing continually. Connect any or all PCs and network/internet speed is poor.

Disconnect the server from the network and all is well for as long as it is disconnected. Reconnect it and the network slows to a crawl.

Stop the "keriomailserver" service and the network performs normally. Restart it and within 5 minutes it's slowed down again.

These are the reasons I'm focussing on the mailserver.

Any suggestions please?

[Updated on: Thu, 02 July 2009 10:05]

  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
cecotto479 wrote on Thu, 02 July 2009 10:04



Any suggestions please?



Yes. Find the line with "Recv:" and same message queue ID in the mail log and try to find which client (or computer) is sending the emails.
  •  
cecotto479

Messages: 3
Karma: 0
Send a private message to this user
Thanks for the reply.

Looks like a spam bounce message.

I have disabled the "send bounce message" on the Spam filters to see if that helps.
  •  
freakinvibe

Messages: 1526
Karma: 60
Send a private message to this user
Have you looked at the KMS queue? Do you have lots of mail waiting in the queue?

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
Previous Topic: sending messages to address book contacts
Next Topic: Hardware
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Sep 21 01:50:50 CEST 2017

Total time taken to generate the page: 0.00376 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.