Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

constant mailer daemons


  • Please log in to reply

#1
demolishun1447

demolishun1447

    New Member

  • Member
  • Pip
  • 1 posts

This has been a long process in the making few things I have to state because of my situation, currently use Outlook 2016 as a client I was using MS Exchange 2003 but have recently upgraded to 2013 because of suspected script on the server that was maliciously placed there. PC is clean of viruses.

 

Detailed version, about a week and a half ago I started getting mailer daemons so I simply assumed it was a virus, popped in my homemade version of ubuntu (preinstalled antivirus stuff that I got to work on live cd) antivirus i used was Sophos as there is both a linux and windows version so it knows basic filestructure. Scan pulled several viruses which I promptly disconnected from the internet and fixed, after 3 consecutive scans with 0 results I felt safe that the computer was virus free, to my luck that very minute I get an email pushed to my phone for a mailer daemon (same account just easily accesable when on the road) so what I do is get Malwarebytes for phone as well as lookout (0 viruses on both). I call up Godaddy (they host the email server) and upgrade my account from the old version of exchange to the new one as well as change the password verbally over the phone so nothing on my end is typed (i can be overcautious some times), a week goes by with no mailer daemons or even suspicious looking email in my mailbox and just a few hours ago got several in my mailbox.

 

My orional thought process was, make sure no viruses on primary computer and switch servers to kill any running scripts that might be sending from the server on mybehalf and I should be good, now I don't know where else to turn.

 

------EDIT-------

What I'm asking is do you guys have suggestions what I can do as any AV scan I preform comes up empty (avira, norton, mbam, hitman (windows), sophos (linux), webroot, spybot)


Edited by demolishun1447, 08 March 2016 - 06:56 PM.

  • 0

Advertisements


#2
tallship

tallship

    Member

  • Member
  • PipPip
  • 14 posts

Hm.... GoDaddy. Okay, I guess. Not something that I would ever recommend but  let's work with what you've got.

 

You can get a VPS w/2 Gigs of RAM and between 80 and 180 Gigs of storage from excellent hosting providers for about $7.00/month. GoDaddy I think would charge about $55 or more per month for a virtual machine with only a gig of RAM and 30GB of space, or something along those lines, with a Plesk or WHM/cPanel control panel, if I'm not mistaken, but anyway, get a VPS and install OfflineIMAP and connect ALL of your email clients  to that. Have OfflineIMAP connect to all/any of your mail servers and apply your filtering, Antivirus scrubbing, and sorting of email messages into folders  there. This way, your clients will all have the exact same message boxes whether on a phone or laptop/desktop.

 

I Recommend Thunderbird and Lightning for  MUAs (email clients), and if you insist on directly connecting to Exchange services then here is the link to the Exchange Connector for Thunderbird: https://github.com/E...xchangecalendar- This will allow and provide for your bidirectional sync for Calendars. If you're also using any sort of Google Calendars, there is a Google Calendar provider you can search for in Tools ==> Addons in Thunderbird.

 

NOTE: The current  version of Thunderbird  has Lightning fully integrated and also with CalDAV and CardDAV suport.

 

Now, you like Ubuntu, Fair enough, although I prefer pure Debian or Slackware. Regardless, setting up OfflineIMAP should not  be any sort of issue  for you (And if you like, you can actually set it up on your workstation, if that is the only place you access your mail, if not, then put it up on a VPS in the cloud so all of your devices can connect to it.

 

On your local workstation (if it's windows), I recommend BitDefender in combination with MalwareBytes, but Bitdefender by itself does a pretty good job. If you want free, then Avast (not  as  good  as BitDefender) is decent and I would definitely install MalwareBytes (Premium trial is available, after that you need to manually scan periodically).

 

I'm not going to recommend any hosting providers for VPSes, since that's the business I'm in, but you can look over at https://lowendbox.com/and vet the providers yourself based on ratings, etc. - there are great, longstanding and solid providers and there are fly by night, here today, gone tomorrow providers - YMMV. I recommend that you purchase a VPS that is  either Xen HVM, Xen PV, or KVM - Stay away from any VPS that is OpenVZ or Parallels (Like  what you will get  from GoDaddy, by the way).

 

Since your already familiar with running Ubuntu Linux, I assume you're also familiar with the excellent antivirus offerings available to you under Linux for free.

 

Now, messages from the Mailer Daemon don't necessarily mean viruses - these can be messages for a myriad of SMTP situations including bounces, etc. Always inspect your headers, and on your MUA (mail client) disable remote images/content - Thunderbird does this by default, and if you know it's not malware then you can select to view the images, etc., on a per message basis - this  prevents a lot of the mailchimp/constant contact/other services from being able to confirm that you have actually opened the mail and prevents SPAMmers from knowing that they have reached a live email address too (by encoding the URLs of the images and cross referencing the email addresses they send to in a database).

 

On older versions of Windows, I also often recommend SuperAntiSpyware and cCleaner - but I'm not convinced this will provide any extra protection for you on a Windows 10 box at this time, and bear in mind that Win10 sometimes has a tendency to BSOD when you add additional protections - IMPORTANT: Make sure that your Windows Defender, at least, is completely disabled (It should  happen by default when you install Avast or BitDefender but make sure anyway) - this can wreak havoc on your performance if another AV is running on your box.

 

If you've got any other questions or concerns I'll be happy to give you my spin on them, but always STFW and read the manual too, and I'm sure you will, coz you already run a Linux workstation so kudos and good luck to you!

 

Kindest regards, 

 

.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP