Hey George,

I can help resolve this ASAP if you still need a security professional.  I would optimally "bring on" an Intern from the DeVry University Outreach  program.  We would provide the following in report format on a sliding fee scale: 

0) Attack vector analysis
1) Persistence [analysis of infection  future re-infection installed attack vectors
2) Resolution Choices/recommendations (with estimates) [including convert to a virtual appliance, repair, rebuild, or configure as a trap]
3) Current risk analysis and potential encroachment for other internal machines. 

Other recommendations to lock down your systems.

You can set us up with VPN or ssh and get going right now....

Give us a call:


On Wed, Apr 2, 2014 at 4:09 PM, Ed <plug@0x1b.com> wrote:
On Wed, Apr 2, 2014 at 11:34 AM, George Toft <george@georgetoft.com> wrote:
> Pretty far off topic, but there are lots of smart people here :)
>
> I have a client that has an Exchange server that also is an open relay as
> determined by http://www.mailradar.com/openrelay/.  They route all their
> incoming/outgoing email through mxlogic for anti-virus/phishing removal and
> about 5 days ago, they started sending out 2000+ phishing emails per hour.
> Needless to say, mxlogic shut down their outgoing email.  I did an open
> relay test (see above) and got back 3 failures out of 18 tests.
>
> This is impacting their business and they need help NOW.  Anyone care to
> help out?  Anyone know someone that can help?  This is not a gratis gig -
> they will pay.
>
> --
> Regards,
>
> George Toft
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

1) Does the spam come from known_good addresses in your email system?
2) are there any webservers or other services that route email through that box?
3) Is the Exchange box on the Internet? the MX record? that's always a mistake.

Exchange might not be your problem, but typically I put a postfix
server in front of Exchange for access control and spam/virus
filtering etc.
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss



--

(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com
Chief Clown