Designware
Technical User
- Sep 24, 2002
- 202
Hi,
We have a Sonicwall NSA 2400 firewall. We also utilize Viewpoint. When I look at Viewpoint, I see external IP addresses as the "Users" inside the "Top Users of Mail" screen (along with mostly internal IPs). These external IPs usually have many more connections recorded than the internal IPs. I have used some of the free web services to see if we are an open relay, and we are not. I have researched some of the IP addresses and they are located overseas (China, Austria). This doesn't give me any encouragement.
I have run anti-Malware programs and Root-kit detectors on our MS Exchange server, and they have found nothing. The Exchange server does have Vipre anti-virus and software firewall on it.
1) How can I determine if I actually have an issue
2) How can I determine how they are accessing / using our system and shut their access off
3) Other steps I should take
TIA
We have a Sonicwall NSA 2400 firewall. We also utilize Viewpoint. When I look at Viewpoint, I see external IP addresses as the "Users" inside the "Top Users of Mail" screen (along with mostly internal IPs). These external IPs usually have many more connections recorded than the internal IPs. I have used some of the free web services to see if we are an open relay, and we are not. I have researched some of the IP addresses and they are located overseas (China, Austria). This doesn't give me any encouragement.
I have run anti-Malware programs and Root-kit detectors on our MS Exchange server, and they have found nothing. The Exchange server does have Vipre anti-virus and software firewall on it.
1) How can I determine if I actually have an issue
2) How can I determine how they are accessing / using our system and shut their access off
3) Other steps I should take
TIA