1. Forum
  2. Fidonet
  3. SCANRADIO

  • smpt server sending 65,000 emails

    From BILLY SCHWARZ@1:124/5013 to All on Thu Jan 31 19:18:38 2019
    Date: Tue, 01 May 2012 11:04:02 -0400
    From: BILLY SCHWARZ
    To: HECTOR SANTOS
    Subject: smpt server sending 65,000 emails
    Newsgroups: win.server.smtp.&.avs
    Message-ID: <1335884642.46.0@winserver.com>
    X-WcMsg-Attr: Rcvd
    X-Mailer: Wildcat! Interactive Net Server v7.0.454.5
    Lines: 11

    Hector

    I happen to be by the server and the smpt server was pounding the web
    sending a massive amount of emails.

    I have cleared all the spooling and it continues. I have taken this serve
    off line.

    Do you have any idea whats going on. and how to stop it.

    Billy Schwar
    --- Platinum Xpress/Win/WINServer v3.1
    * Origin: Prison Board BBS Mesquite Tx //telnet.RDFIG.NET www. (1:124/5013)
  • From HECTOR SANTOS@1:124/5013 to All on Thu Jan 31 19:18:38 2019
    Date: Thu, 03 May 2012 11:11:33 -0400
    From: HECTOR SANTOS
    To: BILLY SCHWARZ
    Subject: RE: smpt server sending 65,000 emails
    Newsgroups: win.server.smtp.&.avs
    Message-ID: <1336057893.46.1335884642@winserver.com>
    References: <1335884642.46.0@winserver.com>
    X-WcMsg-Attr: Rcvd
    X-Mailer: Wildcat! Interactive Net Server v7.0.454.5
    Lines: 37

    Hi Billy,

    Please be more specific if you can of whats happening, perhaps with small snippets of the wcsmtp logs. Turn on the SESSION TRACE logs under WCCONFIG
    | MAIL SERVER | SMTP options and restart WCSMTP.

    The wcSMTPSendTrace*.log will give you a complete session level trace of
    the outgoing mail.

    In general, if you were smacked by a email spammer with this volume of out going mail, then either you have CHECKED On [X] Allow Open Relay which
    SHOULD 100% off all the time (why its colored red) or there is an insider
    on the computer or maybe compromised user that is allowed to relay mail to
    the outside world. No one should be allowed to relay unless they authenticated (logged in via SMTP) and if relay is allowed without authentication then anyone can use your site as an OPEN RELAY. If this
    option is off, then without more information, someone already inside your network is compromised.

    See the trace logs. Read WCSMTPTRACE for whats coming in and
    WCSMTPSENDTRACE for whats going out.


    On 5/1/2012 11:04 AM, BILLY SCHWARZ wrote to HECTOR SANTOS:

    Hector

    I happen to be by the server and the smpt server was pounding the web sending a massive amount of emails.

    I have cleared all the spooling and it continues. I have taken this serve off line.

    Do you have any idea whats going on. and how to stop it.

    Billy Schwar

    --- Platinum Xpress/Win/WINServer v3.1
    * Origin: Prison Board BBS Mesquite Tx //telnet.RDFIG.NET www. (1:124/5013)
  • From BILLY SCHWARZ@1:124/5013 to All on Thu Jan 31 19:18:38 2019
    Date: Thu, 03 May 2012 12:54:08 -0400
    From: BILLY SCHWARZ
    To: HECTOR SANTOS
    Subject: RE: smpt server sending 65,000 emails
    Newsgroups: win.server.smtp.&.avs
    Message-ID: <1336064048.46.1336057893@winserver.com>
    References: <1336057893.46.1335884642@winserver.com>
    X-WcMsg-Attr: Rcvd
    X-Mailer: Wildcat! Interactive Net Server v7.0.454.5
    Lines: 57

    Hi Hector

    The open relay is off and shoud not allow anyone to relay. I will turn on
    the trace/send logs and turn the smpt server back on.

    I have changed internet service providers and now have different Ip's and
    the problem is still there. I will send you some of the logs

    billy

    On 5/3/2012 11:11 AM, HECTOR SANTOS wrote to BILLY SCHWARZ:

    Hi Billy,

    Please be more specific if you can of whats happening, perhaps with
    small
    snippets of the wcsmtp logs. Turn on the SESSION TRACE logs under
    WCCONFIG
    | MAIL SERVER | SMTP options and restart WCSMTP.

    The wcSMTPSendTrace*.log will give you a complete session level trace of
    the outgoing mail.

    In general, if you were smacked by a email spammer with this volume of
    out
    going mail, then either you have CHECKED On [X] Allow Open Relay which SHOULD 100% off all the time (why its colored red) or there is an
    insider
    on the computer or maybe compromised user that is allowed to relay mail
    to
    the outside world. No one should be allowed to relay unless they authenticated (logged in via SMTP) and if relay is allowed without authentication then anyone can use your site as an OPEN RELAY. If this option is off, then without more information, someone already inside
    your
    network is compromised.

    See the trace logs. Read WCSMTPTRACE for whats coming in and WCSMTPSENDTRACE for whats going out.


    On 5/1/2012 11:04 AM, BILLY SCHWARZ wrote to HECTOR SANTOS:

    Hector

    I happen to be by the server and the smpt server was pounding the web sending a massive amount of emails.

    I have cleared all the spooling and it continues. I have taken this
    serve
    off line.

    Do you have any idea whats going on. and how to stop it.

    Billy Schwar


    --- Platinum Xpress/Win/WINServer v3.1
    * Origin: Prison Board BBS Mesquite Tx //telnet.RDFIG.NET www. (1:124/5013)