Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Auto-send on KMS
  •  
T-one

Messages: 13
Karma: 0
Send a private message to this user
Hi all,

I have infected machines on my network, but I still don't know wich ones (even after full scan). In the meantime, by using extended log settings in debug log of KMS, I see HELLO/RCPT TO/SEND DATA command from empty sender. Sometimes, it occurs when I delete mails from the mail queue, even if the SMTP service is disabled. In SMTP options, only one exchange server with one IP can send. How can I prevent such behaviour of virus using their own smpt engine?

Thanks for any info
  •  
T-one

Messages: 13
Karma: 0
Send a private message to this user
Beside,

What's sometimes shown on protocol used is DSN. How can I stop these delivery notifications to be generated.

  •  
Petr Dobry (Kerio)

Messages: 776
Karma: 61
Send a private message to this user
T-one wrote on Wed, 16 June 2004 08:10

Hi all,

I have infected machines on my network, but I still don't know wich ones (even after full scan). In the meantime, by using extended log settings in debug log of KMS, I see HELLO/RCPT TO/SEND DATA command from empty sender. Sometimes, it occurs when I delete mails from the mail queue, even if the SMTP service is disabled. In SMTP options, only one exchange server with one IP can send. How can I prevent such behaviour of virus using their own smpt engine?

Thanks for any info


When virus use own SMTP engine, it doesn't need KMS. It delivers faked emails directly.

Petr Dobry
Product Development Manager | Kerio
  •  
T-one

Messages: 13
Karma: 0
Send a private message to this user
And how can it be stopped ?

  •  
Petr Dobry (Kerio)

Messages: 776
Karma: 61
Send a private message to this user
T-one wrote on Wed, 16 June 2004 11:58

And how can it be stopped ?




Sipmly block all connections to port 25 on firewall from all computers, except the one running KMS.

Petr Dobry
Product Development Manager | Kerio
  •  
scorpicek

Messages: 1
Karma: 0
Send a private message to this user
Hello,

I didn't look at the date, so this might be past-due... But easy way to find where your spam comes from is mail log. You'll find the IP (or resolved name) that is connecting and then comparing it to the security log, where you'll see AntiVirus messages about the same time.

I had only two viruses on my network and that was easy to find exactly this way. Looking at the logs, who is sending more mail than usually, when, comparing it the security log and getting results...

I hope that helps, and if not sorry :)

Tomas
Previous Topic: Webmail.. Calendar probelm
Next Topic: Some Kerio features I thought of. What do you think?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 24 04:47:56 CET 2017

Total time taken to generate the page: 0.00387 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.