If they compromised any systems, it was the mail server because it is the only one that resides on a DMZ. I am concerned as it was scanned over 12 times from the same IP address in the course of a day according to the PIX syslog server files.
Unfortunately, none of the logs was indicative of a non-company computer "being treated as local." The logs were not indicative of any company accounts being used for spam transmission. It is almost as if the SMTP authentication was not working and allowing mail relay while the "No Mail Relay" option was turned on. In earlier e-mails, a log from Wednesday the 9th showed any and everybody going through it despite the settings. On the 11th I got an e-mail from spamcop.net and UU Net stating that my server was being used as open relay. I looked at the logs to see that they were right. I then checked the SMTP security settings to find "No Mail Relay" enabled. I then rebooted the server, loaded some more windows updated packages etc., and reapplied the 7.13 I-Mail program. Upon reboot, the logs were indicative of non-local users being bounced. Looking through the event viewer I found no errors related to the IMail program either. Based on that my conclusion is that the SMTP security had hung for a couple of days when we moved the IMail box from a public IP to a DMZ. This is because once the server was moved to the DMZ we turned open relay on to test the initial sending etc. Once that was satisfied, I am positive that we re-selected No Mail Relay. However, because we all know that POP authentication is transmitted in clear text then what I am asking for in a later release is SSL encryption support for Eudora, and the Microsilly clients. This is to further thwart the possibility of a clear text password being sniffed. C. Douglas Mays Jr. Network Engineer In Zone Companies "ALL F*****G SPAMMERS MUST F*****G HANG!!!!!!!!!!" To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
