Results 1 to 6 of 6

Thread: QuickMail Pro

  1. #1
    Junior Member
    Join Date
    Jan 2002
    Posts
    11

    QuickMail Pro

    Anyone using QMP or know of any possible exploits in the wild?
    I have a client using it and it is locking up on a daily basis - we
    have done all of the maintenance suggested by CESoft, installed
    new OS (9.2.2), re-installed QM software - I am suspecting
    something malicious??? The firewall in use has SNORT integrated
    but SNORT logs and FW logs show nothing interesting.

    Any ideas?

  2. #2
    Senior Member
    Join Date
    Nov 2003
    Posts
    247
    Check for any back-ground processes that are running. Duplicate processes can easily cause the problem, or something that is conflicting with it.

    Other than that, I don't know.
    www.ADigitalPimp.com
    There is a ghost in the machine, and he is my friend.

  3. #3
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    I wouldn't necessarily associate that with something malacious. Do what SonofGalen said and check for wierd processes. I would lean more towards a conflict with another piece of software that you are running on the machine. You could try exiting all programs but the QMP client and see if you don't lockup anymore. Is this person running many programs when they are using the client?

  4. #4
    Senior Member
    Join Date
    Nov 2003
    Posts
    247
    If none of this pans out, I would suggest switching the software that you are using. If the problem persists after that--let us know. That would probably be a sign of something malicious going on.
    www.ADigitalPimp.com
    There is a ghost in the machine, and he is my friend.

  5. #5
    Junior Member
    Join Date
    Jan 2002
    Posts
    11
    Thanks for the replies, to clarify, this is QM Server not client
    and running on OS9 - not X so as far as duplicate processes
    goes - QM is the only App running - on a clean machine.
    What makes me think malicious activity is that even though
    SMTP relaying is turned off in the configuration and I have
    verified that I don't seem to be able to relay but tons of stuff
    that appears to be relay attempts still shows up in the queues.
    Can someone direct me to a good resource for reading about
    how spammers use relaying?

  6. #6
    Senior Member
    Join Date
    Nov 2003
    Posts
    247
    That makes things a lot more clear. It sounds to me like you've either got spammers, a specific kind of DOS attack (see the link below), or a fuzzy router somewhere.

    In all likely-hood, it is just spammers trying to use your mail server. If you can figure out that its all coming from the same place, you could configure the router to just block that IP Address/Range.

    Addresses about spam/relays:
    http://www.ccs.neu.edu/howto/howto-relaying.html
    http://www.hermes.net.au/web/relaying.htm

    It could also be a relay authorization attack, a weird version of DOS:
    http://www.vamsoft.com/orf/authattack.asp

    If you have anymore questions, don't hesitate to ask.
    www.ADigitalPimp.com
    There is a ghost in the machine, and he is my friend.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •