Sidetrack question but urgent-- email server is bombed

Our domain is haywardquartz.com. We are using NT4. I just follow the
instruction in the links provided by Paul and clean up the queue. My
email is qle@..., please do the test and let me know
what should be done. I know that there is no perfect security but I
want at least we try our best.
Thanks.

--- In vantage@y..., "pile_of_34" <peter.paasch@a...> wrote:
> Sound like you exchange server is allowing mail relays. Hackers
> amoung other people keep lists and database of mail servers that
> allow relaying. They allow some anominity and make it more
difficult
> to track a naughty email or unwanted email.
>
> In Exchange 2000 go the servers icon in MMC then protocols and then
> smtp make sure the relay properties are setup properly. What is
your
> domain? I can test it for relay capabilities if you'd like. I
might
> also be able to help you find out if you system has been breached
> some other way. Is your security tight?
>
> --- In vantage@y..., "Rich Shafer" <rshafer@a...> wrote:
> > Are these emails addressed to email addresses inside your domain
or
> are they being returned because they are being sent to invalid
> addresses externally?
> >
> > If they are external addresses do what ever Exchange requires you
> to do to turn off email relaying as quickly as possible.
> > ----- Original Message -----
> > From: quangthuy
> > To: vantage@y...
> > Sent: Tuesday, July 09, 2002 1:07 PM
> > Subject: [Vantage] Sidetrack question but urgent-- email server
> is bombed
> >
> >
> > This morning, our email server (Exchange) starts sending out
more
> > than 4,000 mails and because they go nowhere, they are
redirected
> to
> > admin account. The headers of those mail show that they are
> > generated as a forward from an email received from "direkciya@e-
> > mail.com"
> >
> > Obviously, this is an email attack like what happened last year
> to
> > some big guys. Now, there are about 1,000 more queuing in my
> server,
> > jamming up emails of outbound traffic.
> >
> > Any help, idea about how to, or what software we should use.
> BTW, we
> > are using Norton Corp Edition v.7.
> >
> > Thanks in advance.
> >
> >
> > Yahoo! Groups Sponsor
> >
> >
> > Useful links for the Yahoo!Groups Vantage Board are: ( Note:
You
> must have already linked your email address to a yahoo id to enable
> access. )
> > (1) To access the Files Section of our Yahoo!Group for Report
> Builder and Crystal Reports and other 'goodies', please goto:
> http://groups.yahoo.com/group/vantage/files/.
> > (2) To search through old msg's goto:
> http://groups.yahoo.com/group/vantage/messages
> > (3) To view links to Vendors that provide Vantage services
goto:
> http://groups.yahoo.com/group/vantage/links
> >
> > Your use of Yahoo! Groups is subject to the Yahoo! Terms of
> Service.
> >
> >
> >
> > [Non-text portions of this message have been removed]
This morning, our email server (Exchange) starts sending out more
than 4,000 mails and because they go nowhere, they are redirected to
admin account. The headers of those mail show that they are
generated as a forward from an email received from "direkciya@e-
mail.com"

Obviously, this is an email attack like what happened last year to
some big guys. Now, there are about 1,000 more queuing in my server,
jamming up emails of outbound traffic.

Any help, idea about how to, or what software we should use. BTW, we
are using Norton Corp Edition v.7.

Thanks in advance.
Can you configure your Exchange, to dump those messages, as they arrive. I
have dinky little Avirt mail Server and it can direct messages like that to
delete or refuse therm.

Shirley Graver
Systems Administrator
Rubber Associates Inc.
Cleveland/Akron, OH

-----Original Message-----
From: quangthuy [mailto:quangthuy@...]
Sent: Tuesday, July 09, 2002 1:07 PM
To: vantage@yahoogroups.com
Subject: [Vantage] Sidetrack question but urgent-- email server is bombed


This morning, our email server (Exchange) starts sending out more
than 4,000 mails and because they go nowhere, they are redirected to
admin account. The headers of those mail show that they are
generated as a forward from an email received from "direkciya@e-
mail.com"

Obviously, this is an email attack like what happened last year to
some big guys. Now, there are about 1,000 more queuing in my server,
jamming up emails of outbound traffic.

Any help, idea about how to, or what software we should use. BTW, we
are using Norton Corp Edition v.7.

Thanks in advance.


Yahoo! Groups Sponsor


Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must
have already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.



[Non-text portions of this message have been removed]
Are these emails addressed to email addresses inside your domain or are they being returned because they are being sent to invalid addresses externally?

If they are external addresses do what ever Exchange requires you to do to turn off email relaying as quickly as possible.
----- Original Message -----
From: quangthuy
To: vantage@yahoogroups.com
Sent: Tuesday, July 09, 2002 1:07 PM
Subject: [Vantage] Sidetrack question but urgent-- email server is bombed


This morning, our email server (Exchange) starts sending out more
than 4,000 mails and because they go nowhere, they are redirected to
admin account. The headers of those mail show that they are
generated as a forward from an email received from "direkciya@e-
mail.com"

Obviously, this is an email attack like what happened last year to
some big guys. Now, there are about 1,000 more queuing in my server,
jamming up emails of outbound traffic.

Any help, idea about how to, or what software we should use. BTW, we
are using Norton Corp Edition v.7.

Thanks in advance.


Yahoo! Groups Sponsor


Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and Crystal Reports and other 'goodies', please goto: http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto: http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto: http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.



[Non-text portions of this message have been removed]
Sound like you exchange server is allowing mail relays. Hackers
amoung other people keep lists and database of mail servers that
allow relaying. They allow some anominity and make it more difficult
to track a naughty email or unwanted email.

In Exchange 2000 go the servers icon in MMC then protocols and then
smtp make sure the relay properties are setup properly. What is your
domain? I can test it for relay capabilities if you'd like. I might
also be able to help you find out if you system has been breached
some other way. Is your security tight?

--- In vantage@y..., "Rich Shafer" <rshafer@a...> wrote:
> Are these emails addressed to email addresses inside your domain or
are they being returned because they are being sent to invalid
addresses externally?
>
> If they are external addresses do what ever Exchange requires you
to do to turn off email relaying as quickly as possible.
> ----- Original Message -----
> From: quangthuy
> To: vantage@y...
> Sent: Tuesday, July 09, 2002 1:07 PM
> Subject: [Vantage] Sidetrack question but urgent-- email server
is bombed
>
>
> This morning, our email server (Exchange) starts sending out more
> than 4,000 mails and because they go nowhere, they are redirected
to
> admin account. The headers of those mail show that they are
> generated as a forward from an email received from "direkciya@e-
> mail.com"
>
> Obviously, this is an email attack like what happened last year
to
> some big guys. Now, there are about 1,000 more queuing in my
server,
> jamming up emails of outbound traffic.
>
> Any help, idea about how to, or what software we should use.
BTW, we
> are using Norton Corp Edition v.7.
>
> Thanks in advance.
>
>
> Yahoo! Groups Sponsor
>
>
> Useful links for the Yahoo!Groups Vantage Board are: ( Note: You
must have already linked your email address to a yahoo id to enable
access. )
> (1) To access the Files Section of our Yahoo!Group for Report
Builder and Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
> (2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
> (3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links
>
> Your use of Yahoo! Groups is subject to the Yahoo! Terms of
Service.
>
>
>
> [Non-text portions of this message have been removed]