Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

External IPs showing on email activity - Do I need to worry?

Status
Not open for further replies.

Designware

Technical User
Sep 24, 2002
202
Hi,

We have a Sonicwall NSA 2400 firewall. We also utilize Viewpoint. When I look at Viewpoint, I see external IP addresses as the "Users" inside the "Top Users of Mail" screen (along with mostly internal IPs). These external IPs usually have many more connections recorded than the internal IPs. I have used some of the free web services to see if we are an open relay, and we are not. I have researched some of the IP addresses and they are located overseas (China, Austria). This doesn't give me any encouragement.

I have run anti-Malware programs and Root-kit detectors on our MS Exchange server, and they have found nothing. The Exchange server does have Vipre anti-virus and software firewall on it.


1) How can I determine if I actually have an issue
2) How can I determine how they are accessing / using our system and shut their access off
3) Other steps I should take

TIA
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top