Axman
VP of Extreme Liberty
- Joined
- Jul 13, 2005
- Messages
- 17,399
I've got a machine on our network that's got a spam-factory on it. Unfortunately, it's the mail/ web server. To boot, it's got a possibly separate flaw on it that prevents Active X from running. Windiz update aside, I can't run utilities like Housecall on it. And we've got delays getting our Antivirus license finalized. So I'm running AVG Free (which is against the rules but they've got our money, I'm going to be OK with it) which, while otherwise quite adequate, won't find my bug. Hijack this and Spybot come up broke, too.
I was, in the meanwhile, thinking of some port-management and firewall trickery to let us use Exchange while not giving the machine direct access to SMTP outbound.
However, that is not a solution. Any good ideas out there? If you want a log:
2005-11-10 07:30:57 1EaBZx-0007LJ-I9 <= [email protected]
H=(net.gs-school.local) [69.15.95.70]:9846 I=[10.50.1.49]:25 P=esmtp
S=1545 [email protected]
T="\241L~\266R\244F\244\243\245\316\301\331~\244\361\257\262\252\272\301
\331\253K\251ykmcdw" from <[email protected]> for
[email protected] [email protected] [email protected]
[email protected] [email protected] [email protected]
[email protected] [email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]
2005-11-10 07:28:33 1EaBXc-0006Pk-Vp <= [email protected]
H=(net.gs-school.local) [69.15.95.70]:9802 I=[10.50.1.49]:25 P=esmtp
S=987 [email protected]
T="\271\332\267Q\246V\253e\254\335" from <[email protected]> for
[email protected]
2005-11-10 07:28:32 1EaBXc-0006Pk-Py <= [email protected]
H=(net.gs-school.local) [69.15.95.70]:9802 I=[10.50.1.49]:25 P=esmtp
S=1055 [email protected]
T="\244\265\246~\263\314\273\305\252\272\246\250\244H\274v\244\371\244W\
263\365\253\243\241I" from <[email protected]> for
[email protected]
2005-11-10 07:28:32 1EaBXc-0006Pk-KA <= [email protected]
H=(net.gs-school.local) [69.15.95.70]:9802 I=[10.50.1.49]:25 P=esmtp
S=1012 [email protected]
T="\262\263\251\322\264\301\253\335\263n\305\351\246X\277\350" from
<[email protected]> for [email protected]
2005-11-10 07:27:14 1EaBWM-0005nh-3A <= [email protected]
H=(net.gs-school.local) [69.15.95.70]:9776 I=[10.50.1.49]:25 P=esmtp
S=1218 [email protected]
T="\244\255\252\341\244K\252\371\252\272\271C\300\270" from
<[email protected]> for [email protected]
Axman
I was, in the meanwhile, thinking of some port-management and firewall trickery to let us use Exchange while not giving the machine direct access to SMTP outbound.
However, that is not a solution. Any good ideas out there? If you want a log:
2005-11-10 07:30:57 1EaBZx-0007LJ-I9 <= [email protected]
H=(net.gs-school.local) [69.15.95.70]:9846 I=[10.50.1.49]:25 P=esmtp
S=1545 [email protected]
T="\241L~\266R\244F\244\243\245\316\301\331~\244\361\257\262\252\272\301
\331\253K\251ykmcdw" from <[email protected]> for
[email protected] [email protected] [email protected]
[email protected] [email protected] [email protected]
[email protected] [email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]
2005-11-10 07:28:33 1EaBXc-0006Pk-Vp <= [email protected]
H=(net.gs-school.local) [69.15.95.70]:9802 I=[10.50.1.49]:25 P=esmtp
S=987 [email protected]
T="\271\332\267Q\246V\253e\254\335" from <[email protected]> for
[email protected]
2005-11-10 07:28:32 1EaBXc-0006Pk-Py <= [email protected]
H=(net.gs-school.local) [69.15.95.70]:9802 I=[10.50.1.49]:25 P=esmtp
S=1055 [email protected]
T="\244\265\246~\263\314\273\305\252\272\246\250\244H\274v\244\371\244W\
263\365\253\243\241I" from <[email protected]> for
[email protected]
2005-11-10 07:28:32 1EaBXc-0006Pk-KA <= [email protected]
H=(net.gs-school.local) [69.15.95.70]:9802 I=[10.50.1.49]:25 P=esmtp
S=1012 [email protected]
T="\262\263\251\322\264\301\253\335\263n\305\351\246X\277\350" from
<[email protected]> for [email protected]
2005-11-10 07:27:14 1EaBWM-0005nh-3A <= [email protected]
H=(net.gs-school.local) [69.15.95.70]:9776 I=[10.50.1.49]:25 P=esmtp
S=1218 [email protected]
T="\244\255\252\341\244K\252\371\252\272\271C\300\270" from
<[email protected]> for [email protected]
Axman