Jump to content

Archived

This topic is now archived and is closed to further replies.

Cruz

Spam not detected by EMS for Linux

Recommended Posts

Hi, 

 

It's installed EMS for Linux 3.0.22, it's working fine but, recently, it has received some spam, apparently is coming from an email account, belonging to the organization, but the user of that email, is not sending them.

I know this is a brief description of the issue, but let me know if you need more details, EMS configuration seems to be fine, and also have some spam samples.

 

Thank you in advance for your attention and any help would be appreciated.

 

 

Share this post


Link to post
Share on other sites

Hi,

 

Any suggestions or advice to this issue?

Share this post


Link to post
Share on other sites

Hello Cruz,

 

In most cases this is due to the email address itself being compromised. Essentially someone has obtain the password for the account and is using it to send out spam. Please have the enduser, or yourself, change the password for this account. When creating a new password for this account please make sure to follow good guidelines. Some good guidelines can be found by clicking here.

 

Thank you

Share this post


Link to post
Share on other sites

Hello William,

 

Thank you for your help. I already advised the enduser, to change the password for this account, but the problem still remains, in fact, he is sending me new samples every day.

Share this post


Link to post
Share on other sites

Hello,

If the spam is originating from an IP address within the company's network, they may wish to further examine that computer.

Regards,

Aryeh Goretsky

Share this post


Link to post
Share on other sites

Hello Aryeh,

 

The spam is coming from IP addresses outside the company (like 118.36.221.189) but they seem to come from within the company, according to the sender that appears in the message (spoofing).

 

Thank you for your advice.

Share this post


Link to post
Share on other sites

I have seen instances where a password is changed and thus the outgoing spam continues...

A trojan or similar is resident on the user in question's workstation and is retaining the updated password as well.

Are you using ESET Endpoint solutions on the client workstations, or a different endpoint client ?

Recommend changing the password again and taking the computer off the network for cleanup involving a Full scan with ESET or similar tools targeting root kits and spyware.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...