Highlighted
Absent Member.
Absent Member.
1185 views

GW2012 - ton of mail in Defer

Still on GW2012 for various reasons

I have about 65K emails in GWIA Defer folder

Looking at several dozen these seem to come from Outside - external IP

with sender being sales@mydomain.com
Sending client seems to be Outlook Express!

The Server is NOT open relay
Both IMAP and POP are NOT enabled

Only GW and Webaccess

any ideas / where to look would be appreciated
Labels (1)
0 Likes
3 Replies
Highlighted
Knowledge Partner
Knowledge Partner

Re: GW2012 - ton of mail in Defer

In article <bhrt60.8i2rio@no-mx.forums.microfocus.com>, Bhrt60 wrote:
> Still on GW2012 for various reasons

You aren't the only one, I have one client left on it, so I still have
to limit myself to that level of client, sigh

> I have about 65K emails in GWIA Defer folder

Step one is to move them all to somewhere else for evaluation. You may
have some legit mail tucked in there that we will need to find.

> with sender being sales@mydomain.com
> Sending client seems to be Outlook Express!

Likely filters to extract the bad ones from the collection you moved out
of deferred so that you can then find any legit ones to move them back
in to defer.

> The Server is NOT open relay

It is possible that one of your user passwords was compromised and those
were all sent via authenticated relay. Make sure your GWIA logs are at
least at verbose and look for those authentication requests, then you
will likely find the ID to change the PW on.

Do you have an antiBadStuff filter in front of your GWIA? If so, then
it is a good thing to set your GWIA to only see incoming from that
filter and not from everywhere else.


Andy of
http://KonecnyConsulting.ca in Toronto
Knowledge Partner
http://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!

___
“i’ve sworn an oath of solitude til the blight is purged from these lands”
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: GW2012 - ton of mail in Defer

Andy,

On 30.05.2018 18:58, Andy Konecny wrote:
> It is possible


95% likely..

> that one of your user passwords was compromised and those
> were all sent via authenticated relay. Make sure your GWIA


....POA...

> logs are at
> least at verbose and look for those authentication requests, then you
> will likely find the ID to change the PW on.


The logins along with the userid will be recorded in the POA logs, not GWIA.

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: GW2012 - ton of mail in Defer

In article <L4_PC.1658$VM7.1159@novprvlin0913.provo.novell.com>, Massimo Rosen
wrote:
> The logins along with the userid will be recorded in the POA logs, not GWIA.


Thank you my friend
So shows how my head is still not fully back in the game, her staples came out
today. The value of several of us helping in here.


Andy of
http://KonecnyConsulting.ca in Toronto
Knowledge Partner
http://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please show
your appreciation by clicking on the star below. Thanks!

___
“i’ve sworn an oath of solitude til the blight is purged from these lands”
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.