I'm going to say that it is what you think it is. You can search your system logs for "error 10038" and that might tell you for sure.
We have seen the the "non responding / still says running SMTP" beginning Monday. In all cases we see lines like:
RCPT TO:
<@qo♥►:ÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉ
ÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉ
(a variety of special characters in the string)
Followed by:
SMTPD() send error 10038
and somewhere thereafter SMTP stops working.
We are currently using 8.15, and were advised by techsupport (response this morning,
though before this thread, to try 8.22 or 2006...neither of which, by themselves would work, though I am getting the impression that a recent patch of 2006 might fix this?)
>That might not be what you think. SMTP has had a problem crashing since v8.x >came out. I'd do a little more research before determining it was compromised.
>Mike N wrote:
> Well, that answers that question - a client running 8.22 just had an
> SMTP crash. Therefor 8.22 must be vulnerable. Successful payload
> delivery - who knows? [ They have an SA and are still in the final
> stages of moving to 2006 ].
>
> ----- Original Message -----
>
> *From:* Korey Verlsteffen <mailto:[EMAIL PROTECTED]>
>
*To:* [email protected]
> *Sent:* Thursday, October 26, 2006 11:34 AM
> *Subject:* [IMail Forum] SMTP Exploit Scanning Going on NOW
>
> Heads up everyone. My IDS systems are reporting heavy scanning for
> the IMail SMTP exploit.
>
>
---
[This E-mail scanned for viruses courtesy of Netslyder, Inc.(http://www.netslyder.net)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Do you Yahoo!?
Get on board. You're invited to try the new Yahoo! Mail.
