MDaemon mail server outgoing spam

frozzz3n

New Email
I have an MDaemon mail server runing on XP SP 2 with ICS connection and my emploayee use Outlook Express and i have problems with outgoing spam...the spamhaus and spamcop block me every day :( , i scan all of my computers on the network with Malware Antimalware and i found some viruses (Backdoor.DNSchanger, Trojan.Bot) and now i don't know what to do next , because that spamhaus and spamcop blocked me agayn :(. please help me....what can i do to get out of that outgoing spam and to get delisted forever? :(
 

EQ Admin

EQ Forum Admin
Staff member
What is the outgoing IP address for your mail server?

We can help you check the blacklists, and come up with some suggestions after knowing the IP and can see some of the full headers from the spam emails.

Do you have any automated notifications that could be causing a problem?

For example, innocent 3rd parties receiving "Sorry, the email below was blocked as a spam/virus/ and not received by the intended recipient." warnings?

-Raymond
 

frozzz3n

New Email
if the innocent 3rd parties is the employees, i think that i have some that notification , because the employees receive an mail with subject " PERMANENT DELIVER FAILUARE " when the spamhaus or spamcop block the ip.....something like this :


The attached message had PERMANENT fatal delivery errors!

After one or more unsuccessful delivery attempts the attached message has
been removed from the mail queue on this server. The number and frequency
of delivery attempts are determined by local configuration parameters.

YOUR MESSAGE WAS NOT DELIVERED TO ONE OR MORE RECIPIENTS!

Failed address: sales@tnz.co.nz

--- Session Transcript ---
Thu 2009-07-09 11:27:53: [1898:1] Parsing Message <xxxxxxxxxxxxxxxxxxxxxxxx\pd35000038671.msg>
Thu 2009-07-09 11:27:53: [1898:1] From: it@coprint.ro
Thu 2009-07-09 11:27:53: [1898:1] To: sales@tnz.co.nz
Thu 2009-07-09 11:27:53: [1898:1] Subject: Expired MDaemon license key
Thu 2009-07-09 11:27:53: [1898:1] Message-ID: <WorldClient-F200907091127.AA27520004@coprint.ro>
Thu 2009-07-09 11:27:53: [1898:1] MX-record resolution of [tnz.co.nz] in progress (DNS Server: 192.168.10.254)...
Thu 2009-07-09 11:27:55: [1898:1] * P=010 S=000 D=tnz.co.nz TTL=(1440) MX=[sgw.tnz.co.nz] {60.234.34.119}
Thu 2009-07-09 11:27:55: [1898:1] * P=020 S=001 D=tnz.co.nz TTL=(1440) MX=[mail2.tnz.co.nz] {60.234.157.103}
Thu 2009-07-09 11:27:55: [1898:1] * P=100 S=002 D=tnz.co.nz TTL=(1440) MX=[sgw.tnz.co.nz] {60.234.34.119}
Thu 2009-07-09 11:27:55: [1898:1] Attempting MX: P=010 S=000 D=tnz.co.nz TTL=(1440) MX=[sgw.tnz.co.nz] {60.234.34.119}
Thu 2009-07-09 11:27:55: [1898:1] Attempting SMTP connection to [60.234.34.119 : 25]
Thu 2009-07-09 11:27:55: [1898:1] Waiting for connection...
Thu 2009-07-09 11:27:55: [1898:1] Connection established (85.204.224.156 : 3247 -> 60.234.34.119 : 25)
Thu 2009-07-09 11:27:55: [1898:1] Waiting for protocol initiation...
Thu 2009-07-09 11:27:56: [1898:1] <-- 220 sgw.tnz.co.nz ESMTP SecurityGateway 1.0.4; Thu, 09 Jul 2009 21:35:17 +1200
Thu 2009-07-09 11:27:56: [1898:1] --> EHLO mail2.coprint.ro
Thu 2009-07-09 11:28:28: [1898:1] <-- 250-sgw.tnz.co.nz Hello mail2.coprint.ro (may be forged), pleased to meet you
Thu 2009-07-09 11:28:28: [1898:1] <-- 250-8BITMIME
Thu 2009-07-09 11:28:28: [1898:1] <-- 250-AUTH LOGIN CRAM-MD5
Thu 2009-07-09 11:28:28: [1898:1] <-- 250-STARTTLS
Thu 2009-07-09 11:28:28: [1898:1] <-- 250 SIZE 50000000
Thu 2009-07-09 11:28:28: [1898:1] --> MAIL From:<it@coprint.ro> SIZE=2564
Thu 2009-07-09 11:28:28: [1898:1] <-- 250 <it@coprint.ro>, Sender ok
Thu 2009-07-09 11:28:28: [1898:1] --> RCPT To:<sales@tnz.co.nz>
Thu 2009-07-09 11:28:29: [1898:1] <-- 550 85.204.224.156 listed at spamhaus, see The Spamhaus Project
--- End Transcript ---
: Message contains [1] file attachments



and my ip is 85.204.224.156
 

EQ Admin

EQ Forum Admin
Staff member
It's not just Spamhaus that you are listed with. I see listings with other RBL's such as Spamcop too.

SpamCop.net - checkblock

They used to provide full email headers usually with redacted recipients to not give away spam trap addresses.

Now they are directing you to try this tool: Malicious Software Removal Tool

Do you have a firewall that you can use to monitor the traffic leaving your network?

Does the traffic from computers in the network leave on the same IP as your mail server?

What I'm getting at is it possible that the problem is with another computer in your network and not the mail server?

Can you change the NAT of the mail server to a clean IP and see if it stays OK or just listed again?

What really needs to happen here is for you to figure out a way to monitoring the traffic leaving the network, and once the problem is identified and fixed you can submit the RBL delistings.

-Raymond
 

frozzz3n

New Email
i had installed an firewall but it wasn't enough, the spamhaus listed me again, and now i have only the windows firewall and that firewall log me some potential spam , but that spam is out from my external ip not from my inside ip...to know what is the computer that do the spam. And yes, my traffic from my computers network leave on the same IP as my mail server.
My Windows firewall log me this :

2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 195.182.71.241 62422 2978 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 79.115.86.246 62422 49213 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 70.26.61.116 62422 61255 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 58.34.39.198 62422 21440 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 95.37.189.235 62422 59039 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 216.163.188.57 62317 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 72.161.12.126 62422 63129 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.149.180.143 85.204.224.156 50005 62057 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 79.11.135.21 62422 13140 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 124.22.130.81 62422 6881 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 79.43.176.115 62422 41302 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 62.182.108.39 85.204.224.156 55523 62057 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 222.191.177.229 62422 23521 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 119.164.106.139 62422 16001 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 70.79.157.184 62422 44293 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 77.206.25.55 62422 42203 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 79.18.17.203 85.204.224.156 12227 62057 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 217.165.134.68 62433 52938 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 82.234.96.129 62433 42535 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 89.135.92.142 62435 25758 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 86.142.134.203 62433 18377 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 217.96.115.14 62433 27805 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 212.156.63.134 62433 37535 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 82.177.90.78 62433 51677 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 222.162.141.143 62440 11717 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 79.119.122.234 62443 22629 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 195.56.243.108 62440 17689 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 221.178.42.5 85.204.224.156 20246 62057 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 216.163.188.57 62450 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 89.35.206.204 62451 44828 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 72.178.113.202 62452 19969 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 78.107.215.233 62440 30841 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 95.66.41.244 62440 31391 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 216.163.188.57 62453 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 92.84.205.164 62440 10471 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 187.12.186.163 62440 6881 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 88.45.41.232 62440 23163 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 76.172.51.253 62440 9377 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 95.57.232.220 62440 25971 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 213.164.121.216 62440 27463 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 219.85.158.210 62440 26731 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 173.60.218.107 62440 47469 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 222.139.94.84 85.204.224.156 27654 62057 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 91.206.218.51 85.204.224.156 25150 62057 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 123.110.84.8 62440 18020 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 92.43.6.146 62440 51413 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 86.96.226.93 62462 34960 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 112.142.90.6 62440 15286 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 190.93.99.42 62440 53104 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 187.32.17.254 62440 39495 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 86.122.93.37 62468 6000 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 116.20.82.179 85.204.224.156 15740 62057 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 63.85.20.7 62472 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 216.163.188.57 62475 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 69.86.191.204 62440 43491 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 192.168.0.1 192.168.10.21 53 50854 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 68.50.162.18 62564 19843 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 93.107.20.56 62422 13989 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 85.204.224.156 84.100.9.7 62564 47305 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 60.51.114.130 85.204.224.156 20026 62057 - - - - - - - - -
2009-07-08 16:10:07 CLOSE UDP 86.158.236.151 85.204.224.156 38700 62057 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 217.117.26.22 62929 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 80.255.4.200 62931 80 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 210.242.9.122 62937 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 66.196.65.174 62946 80 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 210.138.174.69 62948 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 61.222.143.178 62950 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 192.168.10.66 92.84.131.19 3327 21 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 123.100.1.199 62953 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 61.63.20.135 62955 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 211.75.146.156 62958 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 202.27.187.236 62960 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 81.29.75.188 62961 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 216.163.188.58 62965 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 72.52.144.184 62966 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 64.69.66.140 62971 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 207.97.242.4 62973 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 88.96.103.28 62976 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 202.138.0.44 62978 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 193.252.22.186 62981 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 209.177.145.164 62982 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 137.189.109.17 62983 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 69.46.238.251 62984 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 66.45.57.101 62985 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 195.5.163.212 62986 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 193.93.253.2 62987 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 122.165.1.133 62988 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 216.127.84.7 62989 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 195.14.170.14 62990 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 89.233.45.37 62992 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 194.109.24.132 62994 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 194.145.224.11 62996 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 209.85.218.22 62997 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 209.85.218.22 62998 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 76.237.245.90 62999 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 209.85.218.155 63000 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 209.150.147.96 63001 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 209.85.218.22 63002 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 64.12.222.197 63003 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 212.241.176.247 63004 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 66.235.112.64 63005 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 216.163.188.60 63006 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 209.85.218.22 63008 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 68.65.40.50 63010 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 208.15.91.57 63012 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 207.178.96.18 63013 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 76.79.44.124 63014 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 202.191.112.131 63015 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 202.188.0.213 63016 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 82.194.66.111 63017 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 67.212.165.98 63018 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 4.79.181.18 63020 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 195.186.19.144 63021 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 209.85.218.22 63022 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 200.234.222.116 63023 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 12.151.118.99 63025 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 209.166.161.227 63026 25 - - - - - - - - -
2009-07-08 16:10:07 CLOSE TCP 85.204.224.156 63.118.11.50 63027 25 - - - - - - - - -
2009-07-08 16:10:06 OPEN TCP 85.204.224.156 200.164.43.198 63113 25 - - - - - - - - -
2009-07-08 16:10:06 OPEN TCP 85.204.224.156 82.187.231.123 63114 25 - - - - - - - - -
2009-07-08 16:10:07 OPEN UDP 85.204.224.156 98.212.143.70 63115 60021 - - - - - - - - -
2009-07-08 16:10:07 OPEN TCP 85.204.224.156 84.232.187.253 63116 30665 - - - - - - - - -
2009-07-08 16:10:07 OPEN TCP 85.204.224.156 204.117.197.227 63117 25 - - - - - - - - -
2009-07-08 16:10:07 OPEN TCP 85.204.224.156 209.85.218.22 63118 25 - - - - - - - - -
2009-07-08 16:10:07 DROP TCP 99.32.178.226 85.204.224.156 3184 30040 40 AR 3554542810 0 0 - - - RECEIVE
2009-07-08 16:10:07 OPEN TCP 85.204.224.156 62.146.106.39 63119 25 - - - - - - - - -
2009-07-08 16:10:07 OPEN-INBOUND UDP 202.22.137.236 85.204.224.156 8558 62057 - - - - - - - - -
2009-07-08 16:10:07 OPEN-INBOUND UDP 71.239.83.118 85.204.224.156 18756 62057 - - - - - - - - -
2009-07-08 16:10:07 OPEN UDP 85.204.224.156 65.92.136.55 63120 26042 - - - - - - - - -
2009-07-08 16:10:07 DROP UDP 192.168.10.200 192.168.10.255 137 137 96 - - - - - - - RECEIVE
2009-07-08 16:10:07 DROP UDP 192.168.10.66 192.168.10.255 137 137 78 - - - - - - - RECEIVE
2009-07-08 16:10:07 OPEN TCP 85.204.224.156 66.96.212.214 63121 25 - - - - - - - - -
2009-07-08 16:10:07 DROP TCP 85.4.153.247 85.204.224.156 64189 113 60 S 3665463170 0 65535 - - - RECEIVE
2009-07-08 16:10:07 DROP UDP 192.168.0.192 192.168.0.255 138 138 236 - - - - - - - RECEIVE
2009-07-08 16:10:07 OPEN TCP 85.204.224.156 81.82.241.41 63122 25 - - - - - - - - -
2009-07-08 16:10:07 DROP TCP 192.168.10.66 85.204.224.156 3347 30040 48 S 2102734661 0 65535 - - - RECEIVE
2009-07-08 16:10:07 OPEN UDP 85.204.224.156 74.13.211.112 63120 53672 - - - - - - - - -
2009-07-08 16:10:07 OPEN-INBOUND UDP 96.23.195.99 85.204.224.156 25454 62057 - - - - - - - - -
2009-07-08 16:10:07 OPEN-INBOUND UDP 220.235.11.134 85.204.224.156 14284 62057 - - - - - - - - -
2009-07-08 16:10:07 OPEN UDP 85.204.224.156 67.70.152.27 62648 27435 - - - - - - - - -
2009-07-08 16:10:07 DROP TCP 64.18.6.14 85.204.224.156 25 63076 61 AP 468798365 2731341054 17520 - - - RECEIVE
2009-07-08 16:10:07 DROP TCP 64.18.6.14 85.204.224.156 25 63076 40 FA 468798386 2731341054 17520 - - - RECEIVE
2009-07-08 16:10:07 OPEN TCP 85.204.224.156 121.213.248.1 63123 25 - - - - - - - - -
2009-07-08 16:10:08 OPEN UDP 85.204.224.156 24.22.26.87 63124 11872 - - - - - - - - -
2009-07-08 16:10:08 OPEN UDP 85.204.224.156 202.138.240.241 63124 24218 - - - - - - - - -
2009-07-08 16:10:08 OPEN TCP 85.204.224.156 193.92.77.78 63125 25 - - - - - - - - -
2009-07-08 16:10:08 OPEN TCP 85.204.224.156 216.163.188.57 63126 25 - - - - - - - - -
2009-07-08 16:10:08 DROP UDP 192.168.10.200 192.168.10.255 137 137 96 - - - - - - - RECEIVE
2009-07-08 16:10:08 DROP UDP 192.168.10.66 192.168.10.255 137 137 78 - - - - - - - RECEIVE
2009-07-08 16:10:08 DROP TCP 81.149.173.120 85.204.224.156 1687 30040 48 S 1263956059 0 65535 - - - RECEIVE
2009-07-08 16:10:08 DROP TCP 94.52.90.67 85.204.224.156 50891 30040 52 S 2792002834 0 8192 - - - RECEIVE
2009-07-08 16:10:08 OPEN TCP 85.204.224.156 82.194.66.111 63127 25 - - - - - - - - -
2009-07-08 16:10:08 OPEN TCP 85.204.224.156 84.16.243.234 63128 25 - - - - - - - - -
2009-07-08 16:10:08 OPEN UDP 85.204.224.156 95.78.206.172 63124 40688 - - - - - - - - -
2009-07-08 16:10:08 OPEN TCP 85.204.224.156 207.58.136.215 63129 25 - - - - - - - - -
2009-07-08 16:10:08 OPEN TCP 85.204.224.156 65.61.209.107 63130 25 - - - - - - - - -
2009-07-08 16:10:08 OPEN TCP 85.204.224.156 65.61.209.10 63131 25 - - - - - - - - -
2009-07-08 16:10:08 DROP TCP 79.119.126.57 85.204.224.156 2340 30040 48 S 3622180344 0 65535 - - - RECEIVE
2009-07-08 16:10:08 DROP TCP 74.208.77.237 85.204.224.156 56658 113 44 S 4065721547 0 5840 - - - RECEIVE
2009-07-08 16:10:08 OPEN TCP 85.204.224.156 201.15.107.4 63132 25 - - - - - - - - -
2009-07-08 16:10:08 DROP TCP 79.113.221.110 85.204.224.156 2672 30040 48 S 431788430 0 65535 - - - RECEIVE
2009-07-08 16:10:08 OPEN TCP 85.204.224.156 208.237.178.30 63133 25 - - - - - - - - -
2009-07-08 16:10:08 OPEN TCP 85.204.224.156 195.147.123.130 63134 25 - - - - - - - - -
2009-07-08 16:10:08 OPEN TCP 85.204.224.156 212.94.209.218 63135 25 - - - - - - - - -
2009-07-08 16:10:08 OPEN UDP 85.204.224.156 124.121.10.74 63124 57616 - - - - - - - - -
2009-07-08 16:10:08 OPEN UDP 85.204.224.156 213.3.83.101 63124 17808 - - - - - - - - -
2009-07-08 16:10:08 OPEN TCP 85.204.224.156 72.32.252.27 63136 25 - - - - - - - - -
2009-07-08 16:10:08 OPEN TCP 85.204.224.156 64.18.4.10 63137 25 - - - - - - - - -
2009-07-08 16:10:08 OPEN TCP 85.204.224.156 75.147.48.194 63138 25 - - - - - - - - -
2009-07-08 16:10:08 OPEN TCP 85.204.224.156 66.201.105.130 63139 25 - - - - - - - - -
2009-07-08 16:10:08 DROP UDP 192.168.10.200 192.168.10.255 137 137 96 - - - - - - - RECEIVE
2009-07-08 16:10:09 DROP UDP 79.95.94.83 85.204.224.156 6999 30040 95 - - - - - - - RECEIVE
2009-07-08 16:10:09 DROP UDP 192.168.10.66 192.168.10.255 137 137 78 - - - - - - - RECEIVE
2009-07-08 16:10:09 DROP TCP 92.82.69.20 85.204.224.156 11460 30040 52 S 323317295 0 65535 - - - RECEIVE
2009-07-08 16:10:09 OPEN TCP 85.204.224.156 78.41.233.164 63140 25 - - - - - - - - -
2009-07-08 16:10:09 OPEN TCP 85.204.224.156 216.82.241.83 63141 25 - - - - - - - - -
2009-07-08 16:10:09 OPEN UDP 85.204.224.156 216.232.177.137 63124 65535 - - - - - - - - -
2009-07-08 16:10:09 OPEN TCP 85.204.224.156 216.163.188.60 63142 25 - - - - - - - - -
2009-07-08 16:10:09 OPEN TCP 85.204.224.156 64.92.122.105 63143 25 - - - - - - - - -
2009-07-08 16:10:09 DROP TCP 87.220.22.169 85.204.224.156 55029 30040 48 S 4058594393 0 65535 - - - RECEIVE
2009-07-08 16:10:09 OPEN TCP 85.204.224.156 216.82.254.195 63144 25 - - - - - - - - -
2009-07-08 16:10:09 OPEN TCP 85.204.224.156 63.217.87.11 63145 25 - - - - - - - - -
2009-07-08 16:10:09 OPEN TCP 85.204.224.156 211.125.95.177 63146 25 - - - - - - - - -
2009-07-08 16:10:09 OPEN UDP 85.204.224.156 82.103.79.63 63124 10155 - - - - - - - - -
2009-07-08 16:10:09 DROP TCP 94.0.8.162 85.204.224.156 62371 30040 48 S 2082178205 0 8192 - - - RECEIVE
2009-07-08 16:10:09 OPEN-INBOUND UDP 72.135.225.56 85.204.224.156 50521 62057 - - - - - - - - -
2009-07-08 16:10:09 DROP TCP 120.67.230.134 85.204.224.156 35322 30040 48 S 236345261 0 65535 - - - RECEIVE
2009-07-08 16:10:09 DROP TCP 81.164.72.226 85.204.224.156 41504 30040 52 S 4223287822 0 65535 - - - RECEIVE
2009-07-08 16:10:09 DROP TCP 84.90.45.1 85.204.224.156 64113 30040 48 S 1476737644 0 8192 - - - RECEIVE
2009-07-08 16:10:09 OPEN UDP 85.204.224.156 96.15.157.168 63124 51936 - - - - - - - - -
2009-07-08 16:10:09 OPEN TCP 85.204.224.156 84.232.187.211 63147 30665 - - - - - - - - -
2009-07-08 16:10:09 OPEN UDP 85.204.224.156 85.70.180.6 63124 14266 - - - - - - - - -
2009-07-08 16:10:09 DROP UDP 192.168.10.200 192.168.10.255 137 137 96 - - - - - - - RECEIVE
2009-07-08 16:10:09 OPEN UDP 85.204.224.156 116.233.170.64 63124 6881 - - - - - - - - -
2009-07-08 16:10:09 DROP TCP 202.64.193.114 85.204.224.156 4449 30040 48 S 1872602295 0 65535 - - - RECEIVE
2009-07-08 16:10:09 OPEN-INBOUND UDP 97.96.69.104 85.204.224.156 10920 62057 - - - - - - - - -
2009-07-08 16:10:09 OPEN TCP 85.204.224.156 85.158.138.131 63148 25 - - - - - - - - -
2009-07-08 16:10:09 OPEN UDP 85.204.224.156 67.171.164.134 63124 55334 - - - - - - - - -
2009-07-08 16:10:10 OPEN UDP 85.204.224.156 77.88.66.2 63124 17165 - - - - - - - - -
2009-07-08 16:10:10 OPEN TCP 85.204.224.156 219.88.243.72 63149 25 - - - - - - - - -
2009-07-08 16:10:10 OPEN TCP 85.204.224.156 168.61.70.16 63150 25 - - - - - - - - -
2009-07-08 16:10:10 DROP UDP 220.136.65.58 85.204.224.156 20497 63045 126 - - - - - - - RECEIVE
2009-07-08 16:10:10 DROP UDP 119.100.10.124 85.204.224.156 16881 62541 126 - - - - - - - RECEIVE
2009-07-08 16:10:10 DROP UDP 119.100.10.124 85.204.224.156 16881 62541 126 - - - - - - - RECEIVE
2009-07-08 16:10:10 OPEN-INBOUND UDP 85.70.180.6 85.204.224.156 20223 63124 - - - - - - - - -
2009-07-08 16:10:10 OPEN UDP 85.204.224.156 75.170.28.191 63124 16840 - - - - - - - - -
2009-07-08 16:10:10 DROP TCP 92.86.233.153 85.204.224.156 53136 30040 48 S 3423121822 0 65535 - - - RECEIVE
2009-07-08 16:10:10 OPEN TCP 85.204.224.156 209.85.218.22 63151 25 - - - - - - - - -
2009-07-08 16:10:10 DROP TCP 76.30.194.159 85.204.224.156 1456 30040 48 S 1370163985 0 16384 - - - RECEIVE
2009-07-08 16:10:10 OPEN TCP 85.204.224.156 208.80.204.33 63152 25 - - - - - - - - -
2009-07-08 16:10:10 DROP TCP 85.4.153.247 85.204.224.156 64189 113 60 S 3665463170 0 65535 - - - RECEIVE
2009-07-08 16:10:10 DROP TCP 84.226.110.136 85.204.224.156 11536 30040 48 S 4035265912 0 65535 - - - RECEIVE
2009-07-08 16:10:10 OPEN-INBOUND UDP 60.240.88.161 85.204.224.156 7932 63179 - - - - - - - - -
2009-07-08 16:10:10 OPEN TCP 85.204.224.156 203.125.220.180 63153 25 - - - - - - - - -
2009-07-08 16:10:10 OPEN TCP 85.204.224.156 64.18.6.14 63154 25 - - - - - - - - -
2009-07-08 16:10:10 OPEN TCP 85.204.224.156 69.73.190.215 63155 25 - - - - - - - - -
2009-07-08 16:10:10 DROP UDP 187.40.99.137 85.204.224.156 23835 63045 90 - - - - - - - RECEIVE
2009-07-08 16:10:11 OPEN TCP 85.204.224.156 216.82.241.131 63156 25 - - - - - - - - -
2009-07-08 16:10:11 DROP TCP 85.241.165.210 85.204.224.156 64557 30040 52 S 1696088484 0 8192 - - - RECEIVE
2009-07-08 16:10:11 DROP TCP 86.106.47.146 85.204.224.156 2707 30040 48 S 1133782874 0 65535 - - - RECEIVE
2009-07-08 16:10:11 OPEN-INBOUND UDP 61.229.25.10 85.204.224.156 1076 62057 - - - - - - - - -
2009-07-08 16:10:11 DROP TCP 81.149.173.120 85.204.224.156 1687 30040 48 S 1263956059 0 65535 - - - RECEIVE
2009-07-08 16:10:11 OPEN TCP 85.204.224.156 62.97.115.114 63157 25 - - - - - - - - -
2009-07-08 16:10:11 DROP TCP 89.45.56.117 85.204.224.156 2260 30040 48 S 621993621 0 65535 - - - RECEIVE
2009-07-08 16:10:11 OPEN-INBOUND TCP 66.197.131.247 85.204.224.156 54975 2078 - - - - - - - - -
2009-07-08 16:10:11 OPEN-INBOUND UDP 71.177.241.137 85.204.224.156 49132 63192 - - - - - - - - -
2009-07-08 16:10:11 DROP TCP 94.52.90.67 85.204.224.156 50891 30040 52 S 2792002834 0 8192 - - - RECEIVE
2009-07-08 16:10:11 OPEN TCP 85.204.224.156 195.234.63.2 63158 25 - - - - - - - - -
2009-07-08 16:10:11 OPEN TCP 85.204.224.156 213.9.179.12 63159 25 - - - - - - - - -
2009-07-08 16:10:11 OPEN TCP 85.204.224.156 195.4.92.9 63160 25 - - - - - - - - -
2009-07-08 16:10:11 DROP TCP 217.216.61.132 85.204.224.156 2983 30040 48 S 131198103 0 65535 - - - RECEIVE
2009-07-08 16:10:11 OPEN TCP 85.204.224.156 82.103.215.67 63161 64433 - - - - - - - - -
2009-07-08 16:10:11 DROP UDP 195.117.223.123 85.204.224.156 14873 62669 131 - - - - - - - RECEIVE
2009-07-08 16:10:11 OPEN-INBOUND UDP 201.229.37.2 85.204.224.156 43781 62422 - - - - - - - - -
2009-07-08 16:10:11 OPEN TCP 85.204.224.156 211.218.127.30 63162 25 - - - - - - - - -
2009-07-08 16:10:11 OPEN TCP 85.204.224.156 212.247.173.82 63163 25 - - - - - - - - -
2009-07-08 16:10:11 OPEN TCP 85.204.224.156 69.38.179.4 63164 25 - - - - - - - - -
2009-07-08 16:10:11 DROP UDP 67.216.161.22 85.204.224.156 19223 33435 32 - - - - - - - RECEIVE
2009-07-08 16:10:11 DROP UDP 192.168.10.200 192.168.10.255 137 137 96 - - - - - - - RECEIVE
2009-07-08 16:10:12 DROP TCP 85.186.183.126 85.204.224.156 1550 30040 48 S 1817879441 0 65535 - - - RECEIVE
2009-07-08 16:10:12 OPEN UDP 85.204.224.156 58.63.194.200 63165 2356 - - - - - - - - -
2009-07-08 16:10:12 DROP TCP 79.117.151.70 85.204.224.156 2813 30040 48 S 1161810361 0 65535 - - - RECEIVE
2009-07-08 16:10:12 OPEN-INBOUND UDP 80.102.169.97 85.204.224.156 13515 62057 - - - - - - - - -
2009-07-08 16:10:12 OPEN-INBOUND UDP 63.118.221.69 85.204.224.156 56335 62057 - - - - - - - - -
2009-07-08 16:10:12 DROP UDP 117.35.63.85 85.204.224.156 16881 62541 126 - - - - - - - RECEIVE
2009-07-08 16:10:12 DROP TCP 80.83.24.254 85.204.224.156 58399 30040 52 S 1872224546 0 8192 - - - RECEIVE
2009-07-08 16:10:12 OPEN TCP 85.204.224.156 89.123.27.121 63166 10407 - - - - - - - - -
2009-07-08 16:10:12 OPEN TCP 85.204.224.156 207.217.125.16 63167 25 - - - - - - - - -
2009-07-08 16:10:12 OPEN TCP 85.204.224.156 209.191.89.172 63168 25 - - - - - - - - -
2009-07-08 16:10:12 OPEN TCP 85.204.224.156 83.145.59.130 63169 25 - - - - - - - - -
2009-07-08 16:10:12 OPEN TCP 85.204.224.156 64.18.4.10 63170 25 - - - - - - - - -
2009-07-08 16:10:12 OPEN TCP 85.204.224.156 74.205.70.128 63171 25 - - - - - - - - -
2009-07-08 16:10:12 DROP TCP 79.103.41.148 85.204.224.156 1609 30040 48 S 3404413030 0 65535 - - - RECEIVE
2009-07-08 16:10:12 DROP UDP 72.193.208.84 85.204.224.156 45930 30040 61 - - - - - - - RECEIVE
2009-07-08 16:10:12 DROP UDP 192.168.10.200 192.168.10.255 137 137 96 - - - - - - - RECEIVE
2009-07-08 16:10:12 OPEN-INBOUND UDP 93.185.245.110 85.204.224.156 38088 62057 - - - - - - - - -
2009-07-08 16:10:12 DROP TCP 114.240.94.11 85.204.224.156 4217 30040 48 S 2904269194 0 65535 - - - RECEIVE
2009-07-08 16:10:12 OPEN-INBOUND TCP 192.168.0.192 85.204.224.156 1833 110 - - - - - - - - -
2009-07-08 16:10:13 OPEN UDP 85.204.224.156 125.34.220.221 63172 6881 - - - - - - - - -
2009-07-08 16:10:13 OPEN TCP 85.204.224.156 66.76.35.104 63173 25 - - - - - - - - -
2009-07-08 16:10:13 OPEN TCP 85.204.224.156 202.93.33.213 63174 25 - - - - - - - - -
2009-07-08 16:10:13 OPEN TCP 85.204.224.156 208.67.177.42 63175 25 - - - - - - - - -
2009-07-08 16:10:13 DROP TCP 68.196.104.31 85.204.224.156 4941 30040 48 S 2649802417 0 16384 - - - RECEIVE
2009-07-08 16:10:13 DROP TCP 222.177.15.225 85.204.224.156 7715 30040 52 S 2317361789 0 65535 - - - RECEIVE
2009-07-08 16:10:13 OPEN-INBOUND UDP 195.167.65.111 85.204.224.156 12271 62057 - - - - - - - - -
2009-07-08 16:10:13 OPEN-INBOUND TCP 192.168.0.193 85.204.224.156 3588 110 - - - - - - - - -
2009-07-08 16:10:13 DROP TCP 84.226.110.136 85.204.224.156 11536 30040 48 S 4035265912 0 65535 - - - RECEIVE
2009-07-08 16:10:13 DROP UDP 90.61.235.44 85.204.224.156 21200 61825 131 - - - - - - - RECEIVE
2009-07-08 16:10:13 DROP UDP 192.168.10.200 192.168.10.255 137 137 96 - - - - - - - RECEIVE
2009-07-08 16:10:13 CLOSE TCP 85.204.224.156 192.168.0.192 110 1833 - - - - - - - - -
2009-07-08 16:10:13 OPEN-INBOUND TCP 192.168.0.192 85.204.224.156 1835 110 - - - - - - - - -
2009-07-08 16:10:14 OPEN-INBOUND UDP 83.4.183.60 85.204.224.156 18720 63179 - - - - - - - - -



it's just a part of log file....but can you tell me where is the spam in this log and what is the port that the spam get through? And, do you know a software that block that ports from were the spam go?
 

EQ Admin

EQ Forum Admin
Staff member
Outbound spams (all smtp connections ) would be going to destination port 25/tcp, for example this line:

2009-07-08 16:10:12 OPEN TCP 85.204.224.156 83.145.59.130 63169 25

Is moving the mail server to a different IP address than the other computers not an option?

Can you move the mail server and turn off all of the computers?

When things are clear turn on the computers one by one until you find the one generating the outgoing connections on port 25.

-Raymond
 

frozzz3n

New Email
ok, that i will go to do...to turn on all computers one by one, or just unplug the network cable from all computers one by one....but that i will go to do tomorrow now i'm going to sleep, i'm so tired :( ....thank you very much, i'll return tomorrow with results.
 

frozzz3n

New Email
i've done it...i've resolve the problem...i've installed Wireshark on server and i put on filter "port 25 " and i discover the computer that make spam...i formatted the HDD on that computer and now it's fine ...peace and quiet :D

Thanks you very much for helping me.
 
Top