Subj : RE: smpt server sending 65,000 emails
To   : All
From : BILLY SCHWARZ
Date : Thu Jan 31 2019 19:18:38

Date: Thu, 03 May 2012 12:54:08 -0400
From: BILLY SCHWARZ
To: HECTOR SANTOS
Subject: RE: smpt server sending 65,000 emails
Newsgroups: win.server.smtp.&.avs
Message-ID: <1336064048.46.1336057893@winserver.com>
References:  <1336057893.46.1335884642@winserver.com>
X-WcMsg-Attr: Rcvd
X-Mailer: Wildcat! Interactive Net Server v7.0.454.5
Lines: 57

Hi Hector

The open relay is off and shoud not allow anyone to relay.  I will turn on 
the trace/send logs and turn the smpt server back on.

I have changed internet service providers and now have different Ip's and 
the problem is still there.  I will send you some of the logs

billy

On 5/3/2012 11:11 AM, HECTOR SANTOS wrote to BILLY SCHWARZ:

-> Hi Billy,
-> 
-> Please be more specific if you can of whats happening, perhaps with 
small
-> snippets of the wcsmtp logs.  Turn on the SESSION TRACE logs under 
WCCONFIG
-> | MAIL SERVER | SMTP options and restart WCSMTP.
-> 
-> The wcSMTPSendTrace*.log will give you a complete session level trace of
-> the outgoing mail.
-> 
-> In general, if you were smacked by a email spammer with this volume of 
out
-> going mail, then either you have CHECKED On [X] Allow Open Relay which
-> SHOULD 100% off all the time (why its colored red) or there is an 
insider
-> on the computer or maybe compromised user that is allowed to relay mail 
to
-> the outside world.   No one should be allowed to relay unless they
-> authenticated (logged in via SMTP) and if relay is allowed without
-> authentication then anyone can use your site as an OPEN RELAY.  If this
-> option is off, then without more information, someone already inside 
your
-> network is compromised.
-> 
-> See the trace logs.  Read WCSMTPTRACE for whats coming in and
-> WCSMTPSENDTRACE for whats going out.
-> 
-> 
-> On 5/1/2012 11:04 AM, BILLY SCHWARZ wrote to HECTOR SANTOS:
-> 
-> > Hector
-> > 
-> > I happen to be by the server and the smpt server was pounding the web 
-> > sending a massive amount of emails.
-> > 
-> > I have cleared all the spooling and it continues.  I have taken this 
serve 
-> > off line.  
-> > 
-> > Do you have any idea whats going on. and how to stop it.
-> > 
-> > Billy Schwar 
->  
 
--- Platinum Xpress/Win/WINServer v3.1
 * Origin: Prison Board BBS Mesquite Tx  //telnet.RDFIG.NET www. (1:124/5013)

.