Michael, I have seen this reverse NDR problem for months.
Tarpitting did not seem to help. However, installing a new sonicwall security appliance seemed to help by being able to set up some rules to intelligently manage the problem so the network does not get bogged down, and aside from annoyance, everything runs without error.
Carey
To: vantage@yahoogroups.comFrom: mmcwilliams22@...: Fri, 5 Sep 2008 19:55:57 +0000Subject: Re: {Disarmed} [Vantage] [OT} User mail problem
Relaying is turned off. I have a barracuda in the DMZ, but now it is bogged down trying to process all these messages. I am getting more than it can handle each minute. They are comming from tons of different source IP's. Not sure what to do here. I have never had this problem and I am guessing there is not much I can do besides wait it out.--- In vantage@yahoogroups.com, "Cliff Drumeller" <cliff@...> wrote:>> Make sure you have relaying turned off on your email server so an> outside spammer can't be sending from her address. Result you can wind> up getting you domain Blacklisted in a hurry. Change her email address> !!!> > Cliff Drumeller> IT Manager> Mass Precision, Inc.> 408 786 0348> 408 314 7420 cell> > > ________________________________> > From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf> Of Michael McWilliams> Sent: Friday, September 05, 2008 9:45 AM> To: vantage@yahoogroups.com> Subject: Re: {Disarmed} [Vantage] [OT} User mail problem> > > > I am pretty sure that someone she deals with has a virus that is > spoofing the emails and sending them all over using names of other > people in the address book. I guess there is nothing I can do but > block it at the spam server.> > .--- In vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> ,> "dhieber" <dhieber@> wrote:> >> > Michelle,> > > > > > > > I would start off by changing her password to her email. > > > > > > > > Thank you,> > > > > > > > > > > > > > > > Dina Hieber> > > > Vamco International, Inc.> > > > 555 Epsilon Drive, Pittsburgh, PA 15238> > > > Tel: (412) 963-7100> > > > Fax: (412) 963-9511> > > > > > > > email: dhieber@> > > > > > > > Website; www.vamcointernational.com> > > > > > > > **********> > > > This e-mail message and any files transmitted with it are > confidential and> > are intended for the sole use of the intended recipient(s). Any > unauthorized> > use or disclosure is prohibited. Any opinions expressed in the > email are> > those of the individual and not necessarily the company. If you > are not the> > intended recipient, please contact the sender by reply email and > destroy all> > copies of the original message.> > > > _____ > > > > From: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>> [mailto:vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> ] On > Behalf Of> > Michael McWilliams> > Sent: Friday, September 05, 2008 12:23 PM> > To: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> > > Subject: {Disarmed} [Vantage] [OT} User mail problem> > > > > > > > I have a user that came in today with 1500 delivery failure > messages > > for email she did not send. They are all comming from outside the > > network, I am guessing someone is sending spam using her email. > She > > is also getting emails with peoples name inside our company in the > > title but from odd domains. I can't find any odd activity on our > > network, could it be a customer or vendor is compromised? Any > thoughts?> > > > > > > > > > > > [Non-text portions of this message have been removed]> >> > > > > > > [Non-text portions of this message have been removed]>
_________________________________________________________________
Want to do more with Windows Live? Learn �10 hidden secrets� from Jamie.
http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008
[Non-text portions of this message have been removed]
Tarpitting did not seem to help. However, installing a new sonicwall security appliance seemed to help by being able to set up some rules to intelligently manage the problem so the network does not get bogged down, and aside from annoyance, everything runs without error.
Carey
To: vantage@yahoogroups.comFrom: mmcwilliams22@...: Fri, 5 Sep 2008 19:55:57 +0000Subject: Re: {Disarmed} [Vantage] [OT} User mail problem
Relaying is turned off. I have a barracuda in the DMZ, but now it is bogged down trying to process all these messages. I am getting more than it can handle each minute. They are comming from tons of different source IP's. Not sure what to do here. I have never had this problem and I am guessing there is not much I can do besides wait it out.--- In vantage@yahoogroups.com, "Cliff Drumeller" <cliff@...> wrote:>> Make sure you have relaying turned off on your email server so an> outside spammer can't be sending from her address. Result you can wind> up getting you domain Blacklisted in a hurry. Change her email address> !!!> > Cliff Drumeller> IT Manager> Mass Precision, Inc.> 408 786 0348> 408 314 7420 cell> > > ________________________________> > From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf> Of Michael McWilliams> Sent: Friday, September 05, 2008 9:45 AM> To: vantage@yahoogroups.com> Subject: Re: {Disarmed} [Vantage] [OT} User mail problem> > > > I am pretty sure that someone she deals with has a virus that is > spoofing the emails and sending them all over using names of other > people in the address book. I guess there is nothing I can do but > block it at the spam server.> > .--- In vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> ,> "dhieber" <dhieber@> wrote:> >> > Michelle,> > > > > > > > I would start off by changing her password to her email. > > > > > > > > Thank you,> > > > > > > > > > > > > > > > Dina Hieber> > > > Vamco International, Inc.> > > > 555 Epsilon Drive, Pittsburgh, PA 15238> > > > Tel: (412) 963-7100> > > > Fax: (412) 963-9511> > > > > > > > email: dhieber@> > > > > > > > Website; www.vamcointernational.com> > > > > > > > **********> > > > This e-mail message and any files transmitted with it are > confidential and> > are intended for the sole use of the intended recipient(s). Any > unauthorized> > use or disclosure is prohibited. Any opinions expressed in the > email are> > those of the individual and not necessarily the company. If you > are not the> > intended recipient, please contact the sender by reply email and > destroy all> > copies of the original message.> > > > _____ > > > > From: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>> [mailto:vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> ] On > Behalf Of> > Michael McWilliams> > Sent: Friday, September 05, 2008 12:23 PM> > To: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> > > Subject: {Disarmed} [Vantage] [OT} User mail problem> > > > > > > > I have a user that came in today with 1500 delivery failure > messages > > for email she did not send. They are all comming from outside the > > network, I am guessing someone is sending spam using her email. > She > > is also getting emails with peoples name inside our company in the > > title but from odd domains. I can't find any odd activity on our > > network, could it be a customer or vendor is compromised? Any > thoughts?> > > > > > > > > > > > [Non-text portions of this message have been removed]> >> > > > > > > [Non-text portions of this message have been removed]>
_________________________________________________________________
Want to do more with Windows Live? Learn �10 hidden secrets� from Jamie.
http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008
[Non-text portions of this message have been removed]