|
When using the SMTP server in V5R1, how can you trace the source of the mail? I have a client infected by the Fizzer virus earlier this week. They updated the virus definitions and cleaned each PC where they were aware it occured. But there is still a lot of outbound mail happening, or so it seems. Using NETSTAT *CNN, there are a few copies (typically 4) where the remote address is their ISP's mail server, the remote port is smtp, and the outbound byte counts just keep rising. But they can't figure out which PC(s) may be the culprit. The ones they knew were previously infected now test clean (per vendor tool reports anyway). Scrolling through the NETSTAT *CNN lists, none of the local PC's show up with smtp as the local port. Relay is blocked via Ops Navigator configuration. How can I find the IP address of the machine(s) sending the mail? I tried CHGSMTPA to turn on journaling, but QUSRSYS/QZMF doesn't seem to tell me much either. They are normally a real low volume mail environment, so the built-in SMTP server has been sufficient for them. But it doesn't keep logs (that I can find), and they can't figure out what PC(s) might still be infected. Any advice? Doug
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
