News Stay informed about the latest enterprise technology news and product updates.

3. Intruders spamming network through internal addresses

The no. 3 Ask the Expert question of 2002, based on page views.



An unknown intruder has been able to spam our network and send users to pornography sites. I don't know how the intruder got my company's internal addresses. The e-mail appears to be sent to ourselves as "," where "" is the name of any organization. There is no mailbox in our network called "data." Further, there appears to be nothing outstanding within the headers or components of the messages. We're stumped. Do you have any idea how the intruder is doing this?

This question posed on 19 June 2002

This sounds like one of the fun Klez-like worms that have been making the rounds of the Web in recent months. Nasty buggers that spoof their "From" headers and proliferate their destinations from the Address Books and even entire hard drives of their unfortunate victims. Some simply deliver a mass-mailer payload, while others exhibit the behavior you describe of directing users to pornographic Web sites. The best technical explanations of the inner workings of e-mail viruses ("how the intruder is doing this") can be found at, or at the vendor site for Symantec, Network Associates, etc.

As is the case with any e-mail-borne virus, your first and best line of defense is a properly-functioning and frequently-updated antivirus program. Further, if you are maintaining your own e-mail server, ensure that your message transit agents (MTAs) are sufficiently configured to NOT allow spam or mail-relaying. This is a good practice to follow even if you weren't facing this difficulty.

Using MS Exchange as an example, the Exchange Internet Mail Service must be manually configured to "reject any e-mail message that does not have a valid recipient on this server." It's a quick configuration to make, but one that must be manually set nonetheless. If your e-mail is outsourced to an external provider, call them up and bug them to ensure that they are doing likewise.

Click here to read more of Laura Hunter's answers to network management questions or ask her a question.

Editor's note: You can sign up to have free security administration tips delivered to your inbox every Tuesday morning.

Dig Deeper on Windows Server and Network Security

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.