[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Am I really under attack?
Hi Today I saw that there are 3 mails in queue in Exchange server which are generated from postmaster@FW to someone else in net. I think it leacks FW information.I've checked for trojan horse using cleaner2. Pls help me.. Best Regards, Tika --- Dean Cunningham <[email protected]> wrote: > > I thought the SMTP security server on the firewall > could strip the headers? > Just forward all mail from exchange to the security > server and let it do > it's thing? > > See Page 123 to 128 of Managing FW1 with the windows > GUI User Guide > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > Sent: Tuesday, 9 January 2001 11:21 AM > To: Tika Mahata; > [email protected] > Subject: Re: [FW1] Am I really under attack? > > > > Yeah, SMTP headers are great aren't they!!! > > I have not seen too many ways to clean up the > headers that exchange > generates. > I don't know if there is a 3rd party product or > what, but I am considering > setting > up a sendmail box and doing some custom PERL-MX > scripting to replace all the > info I don't like with XXX's.... > > Anybody else have a solution to prevent exchange > from producing these > insightful > headers? Our exchange guru says there aren't any > nerd knobs to do it. > > ----- Original Message ----- > From: "Tika Mahata" <[email protected]> > To: <[email protected]> > Sent: Monday, January 08, 2001 10:14 AM > Subject: [FW1] Am I really under attack? > > > > > > Hi All, > > > > I think I'm under attack. > > > > Someone used my Exchange Server 5.5 as relay agent > for > > huge amount of mails produced from > > hotmail.com,yahoo.com,exite.com etc. > > After I came to know that someone used this I got > one > > mail from my ISP which was sent by someone who > > received it from my mailserver.I surprised when I > saw > > there is my FW NETBIOS name as well as its > internal > > interface's invalid IP address. > > > > > > > > In FW only there are following rules: > > > > 1. ANY MAILSRV SMTP ACCEPT > > 2. MAILSRV ANY SMTP ACCEPT > > 3. InternetGr@ANY ANY HTTP USER-AUTH > > 4. LocalNet ANY HTTPS ACCEPT > > 5. SecureUsr@NAY LocalNet ANY Client-Encrypt > > 6. ANY External-wks ANY ACCEPT > > 7. ANY ANY ANY REJECT > > > > And, > > > > Today I can't browse any internet sites.But after > long > > diagnosis, it is found that I can ping any sites > with > > its domain name (I refer DNS query from ISP's > DNS > > Server).And it is important to say that I can > browse > > only the unknown sites (i.e not used frequently) > only > > once.Then after I can't even browse this site also > > even from Gateway.I've no proxy server.I'm using > FW's > > proxy with dynamic NAT. > > > > FW-1 4.0 sp6 > > NT 4.0 sp6a > > > > Now I'm able to stop SMTP relay but internet > access > > can't be succeeded.There is no problem in my VPN. > > connection. > > > > Pls suggest me what to do next. > > > > Tika Mahata > > > > > > > > __________________________________________________ > > Do You Yahoo!? > > Yahoo! Photos - Share your holiday photos online! > > http://photos.yahoo.com/ > > > > > > > ============================================================================ > ==== > > To unsubscribe from this mailing list, please > see the instructions at > > > http://www.checkpoint.com/services/mailing.html > > > ============================================================================ > ==== > > > > > > ============================================================================ > ==== > To unsubscribe from this mailing list, please > see the instructions at > > http://www.checkpoint.com/services/mailing.html > ============================================================================ > ==== > *************************************************** > This e-mail is not an official statement of the > Waikato Regional Council unless otherwise stated. > Visit our website http://www.ew.govt.nz > *************************************************** > > > ================================================================================ > To unsubscribe from this mailing list, please > see the instructions at > > http://www.checkpoint.com/services/mailing.html > ================================================================================ __________________________________________________ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|