Jump to content

Spam not detected by EMS for Linux

Cruz

By Cruz
in ESET Products for Linux Servers

 Share

Recommended Posts

Cruz

Cruz 0

Posted
Posted

Hi, 

 

It's installed EMS for Linux 3.0.22, it's working fine but, recently, it has received some spam, apparently is coming from an email account, belonging to the organization, but the user of that email, is not sending them.

I know this is a brief description of the issue, but let me know if you need more details, EMS configuration seems to be fine, and also have some spam samples.

 

Thank you in advance for your attention and any help would be appreciated.

 

 

Link to comment
Share on other sites
WilliamT

WilliamT 21

Posted
Posted

Hello Cruz,

 

In most cases this is due to the email address itself being compromised. Essentially someone has obtain the password for the account and is using it to send out spam. Please have the enduser, or yourself, change the password for this account. When creating a new password for this account please make sure to follow good guidelines. Some good guidelines can be found by clicking here.

 

Thank you

Link to comment
Share on other sites
Cruz

Cruz 0

Posted
  • Author
Posted

Hello William,

 

Thank you for your help. I already advised the enduser, to change the password for this account, but the problem still remains, in fact, he is sending me new samples every day.

Link to comment
Share on other sites
Cruz

Cruz 0

Posted
  • Author
Posted

Hello Aryeh,

 

The spam is coming from IP addresses outside the company (like 118.36.221.189) but they seem to come from within the company, according to the sender that appears in the message (spoofing).

 

Thank you for your advice.

Link to comment
Share on other sites
Arakasi

Arakasi 549

Posted
Posted (edited)

I have seen instances where a password is changed and thus the outgoing spam continues...

A trojan or similar is resident on the user in question's workstation and is retaining the updated password as well.

Are you using ESET Endpoint solutions on the client workstations, or a different endpoint client ?

Recommend changing the password again and taking the computer off the network for cleanup involving a Full scan with ESET or similar tools targeting root kits and spyware.

Edited by Arakasi
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...