<div dir="ltr">Hey George,<div><br></div><div>I can help resolve this ASAP if you still need a security professional. I would optimally "bring on" an Intern from the DeVry University Outreach program. We would provide the following in report format on a sliding fee scale: </div>
<div><br></div><div>0) Attack vector analysis</div><div>1) Persistence [analysis of infection future re-infection installed attack vectors</div><div>2) Resolution Choices/recommendations (with estimates) [including convert to a virtual appliance, repair, rebuild, or configure as a trap]</div>
<div>3) Current risk analysis and potential encroachment for other internal machines. </div><div><br></div><div>Other recommendations to lock down your systems.</div><div><br></div><div>You can set us up with VPN or ssh and get going right now....</div>
<div><br></div><div>Give us a call:</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Apr 2, 2014 at 4:09 PM, Ed <span dir="ltr"><<a href="mailto:plug@0x1b.com" target="_blank">plug@0x1b.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Wed, Apr 2, 2014 at 11:34 AM, George Toft <<a href="mailto:george@georgetoft.com">george@georgetoft.com</a>> wrote:<br>
> Pretty far off topic, but there are lots of smart people here :)<br>
><br>
> I have a client that has an Exchange server that also is an open relay as<br>
> determined by <a href="http://www.mailradar.com/openrelay/" target="_blank">http://www.mailradar.com/openrelay/</a>. They route all their<br>
> incoming/outgoing email through mxlogic for anti-virus/phishing removal and<br>
> about 5 days ago, they started sending out 2000+ phishing emails per hour.<br>
> Needless to say, mxlogic shut down their outgoing email. I did an open<br>
> relay test (see above) and got back 3 failures out of 18 tests.<br>
><br>
> This is impacting their business and they need help NOW. Anyone care to<br>
> help out? Anyone know someone that can help? This is not a gratis gig -<br>
> they will pay.<br>
><br>
> --<br>
> Regards,<br>
><br>
> George Toft<br>
><br>
> ---------------------------------------------------<br>
> PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org">PLUG-discuss@lists.phxlinux.org</a><br>
> To subscribe, unsubscribe, or to change your mail settings:<br>
> <a href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss" target="_blank">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br>
<br>
1) Does the spam come from known_good addresses in your email system?<br>
2) are there any webservers or other services that route email through that box?<br>
3) Is the Exchange box on the Internet? the MX record? that's always a mistake.<br>
<br>
Exchange might not be your problem, but typically I put a postfix<br>
server in front of Exchange for access control and spam/virus<br>
filtering etc.<br>
---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss" target="_blank">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div><br></div>(503) 754-4452 Android<br>(623) 239-3392 Skype<br>(623) 688-3392 Google Voice<br>**<br><a href="http://it-clowns.com/c/" target="_blank">it-clowns.com</a><br>
Chief Clown<br><br><br><br><br><br><br><br><br><br><br><br><br><br>
</div>