Open Email Relay/Proxy

TheMSsForum.com: The Microsoft Software Forum

I have been alerted bt BT that my Internet account is
being used to host an Open/Email Relay/proxy causing
spam/unsolicited emails. I have a static IP address for my
broadband account. BT are threatening to suspend the
account unless I can take corrective action. I cannot find
the solution or cause and I have not reconfigured my
server software. Any ideas?

Thank you Neil
Top

Re: Open Email Relay/Proxy by Tom

Tom
Sun Jan 11 08:12:11 CST 2004

It depends on what mail server you are using to receive/send mail on your
computer/server. You'll need to read the documentation, or contact the
vendor about closing the open relay.

Tom
Unless you have a mail account with someone other than BT, in which case,
you will need to contact that account vendor.
"Neil" <neil@nwarecruitment.com> wrote in message
news:03ab01c3d848$5478be70$a601280a@phx.gbl...
| I have been alerted bt BT that my Internet account is
| being used to host an Open/Email Relay/proxy causing
| spam/unsolicited emails. I have a static IP address for my
| broadband account. BT are threatening to suspend the
| account unless I can take corrective action. I cannot find
| the solution or cause and I have not reconfigured my
| server software. Any ideas?
|
| Thank you Neil


Top

Re: Open Email Relay/Proxy by Kent

Kent
Sun Jan 11 10:56:21 CST 2004

Neil wrote:

> I have been alerted bt BT that my Internet account is
> being used to host an Open/Email Relay/proxy causing
> spam/unsolicited emails. I have a static IP address for my
> broadband account. BT are threatening to suspend the
> account unless I can take corrective action. I cannot find
> the solution or cause and I have not reconfigured my
> server software. Any ideas?
>
> Thank you Neil

If you are not deliberately running an email server that is accidentally
forwarding spam, then you have a trojan mailer, a common hijack for
broadband accounts.

It is appropriate that BT shut you down if you fail to remove the trojan
and secure your system and I applaud them for being proactive. Seek
professional help if necessary, but I would start by running some
anti-trojan software and securing your system.

Agnitum: Products: Tauscan: Home:
http://www.agnitum.com/products/tauscan/

DiamondCS TDS-3 - Trojan Defence Suite (TDS),
leading anti-trojan system for Windows:
http://tds.diamondcs.com.au/

Mischel Internet Security -
TrojanHunter?: Finds and removes trojans:
http://www.misec.net/trojanhunter.jsp

MooSoft Development Presents The Cleaner:
http://www.moosoft.com/thecleaner/

Hacker Eliminator. - Advanced Hacker Protection:
http://hacker-eliminator.com/

You should also be running a firewall, an up-to-date anti-virus program,
keep current on Windows Updates and run the Pivx Quik-Fix protection to
plug some IE vulnerabilities. Sophisticated firewalls can catch trojans
as they setup listening ports or try to send data on the Internet.

--
Kent W. England, Microsoft MVP for Windows Security
Top

Re: Open Email Relay/Proxy by Chuck

Chuck
Sun Jan 11 14:11:05 CST 2004

On Sun, 11 Jan 2004 05:39:26 -0800, "Neil" <neil@nwarecruitment.com>
wrote:

>I have been alerted bt BT that my Internet account is
>being used to host an Open/Email Relay/proxy causing
>spam/unsolicited emails. I have a static IP address for my
>broadband account. BT are threatening to suspend the
>account unless I can take corrective action. I cannot find
>the solution or cause and I have not reconfigured my
>server software. Any ideas?
>
>Thank you Neil

Neil,

I'm going to hope that you have already read the manual that came with
the server, and have verified all settings and made sure that there is
no server service capable of providing what BT is accusing you of.
Many mail server programs come configured by default as open relays, a
leftover setting from the days before spammers. If you're running a
mail server, disable it. Then read the manual. If not, continue.

Is your server, and the rest of your LAN, behind a router? If not,
get behind one. Immediately. If you have a proxy server that you're
using to provide internet service to the rest of your LAN, configure
it so it can only be accessed by your LAN.

Check for a parasite providing the open proxy / relay. There is a
known case of at least 5000 computers worldwide being infected with a
parasite which makes them into what you are describing.

Update and rerun your virus protection.

Run an online virus scan:
http://housecall.trendmicro.com/

Check for spyware trojans, which may not be detected as viruses. Use
HijackThis, and expert advice at SWI Forums (all free). Complete
instructions are at:
http://forums.spywareinfo.com/index.php?showtopic=5187

Find out what network traffic is running from your server. Get Port
Explorer (identify suspicious traffic)
<http://www.diamondcs.com.au/portexplorer/index.php?page=home> and
Process Explorer (identify suspicious processes)
<http://www.sysinternals.com/>. Both are free.

Cheers,

Chuck
I hate spam - PLEASE get rid of the spam before emailing me!
Paranoia comes from experience - and is not necessarily a bad thing.
Top