[Gllug] Help With Virus

will will at hellacool.co.uk
Fri Nov 5 11:31:17 UTC 2004


wendy carr wrote:
> Hi All,
> I would be grateful if you can help me to solve this.
> I am running a small network with Linux server.Linux
> server is used to pop emails from the demon.net using
> fetchmail and distributed by sendmail to the local
> users (windows clients).All outgoing mail is relay
> through the relay.plus.net.
> The problem is that i am getting loads of junk emails
> and the worse is all my contacts get junk emails with
> our address as the sender.Whats more W32Beagle virus
> is seems to be in them.
> I have set up sendmail relaying only for the local
> domain.I check my /var/log/maillog but cant find any
> mail sent out of the local domain.
> I guess the W32Beagle is spread in only windows and
> someone else is sending the mail bombs.Is there anyway
> i can find these are generated from inside?
> I appriciate any sugesstions.

Most modern Windows email viruses seem to have their own SMTP engine 
built in, so they would be making connections out through your firewall 
to the remote SMTP server themselves, bypassing the relay you have set 
up.  To prevent this block any connections *outbound* from your firewall 
with a destination port of 25 other than those originating at your relay.

Will.
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list