Hi there.
I have been asked to look at a log of a Barracuda Spam Firewall 300 and am wondering if anyone here knows anything about a source IP. Three emails in it are from one place and then three other (rather dodgy looking) emails are from three differently numbered Outmail addresses. If someone could give their insight as well as a point of reference as to why this might happen (whether innocent or not) would be very helpful in my investigation.
Thanks,
Matt.
Is the server, "shudder" open for relay? That would be my first question.
Did you lookup the DNS on the odd outmail addresses to find the locations / origination information?
Are they pop3 or SMTP? IF pop3 could be coming from a off site company computer.
Jsut guessing here since I can't see the logs.