On Tue, Sep 26, 2006 at 04:33:53PM -0700, Carlos A. Garcia G. wrote:
> knitti escribis:
> >[I reordered the text, so your answer is below my question, I think this
> >is more readable]
Seconded.
> >On 9/26/06, Carlos A. Garcia G. <[EMAIL PROTECTED]> wrote:
> >>knitti escribis:
> >>> On 9/26/06, Carlos A. Garcia G. <[EMAIL PROTECTED]> wrote:
> >>>> can someone external to the network get a copy of all the mail
> >>that are
> >>>> getting to a mail server???
> >>>> ??
> >>>
> >>> short answer: no
> >>> long answer: yes
> >>>
> >>> please clarify your question. also, why sould this be related to
> >>openbsd?
> >>>
> >>becose i use an obsd server and i need for help
> >
> >I you need help, *please* take some minutes and describe your problem.
> >AFAIK there's no one on this list who has truly telepathic abilities, so
> >you have to *tell* whats wrong. Based upon everything you said so far
> >I can only suggest you grab a local copy of yellow pages (or equivalent)
> >and hire a unix consultant. but that's probably not what you wanted by
> >asking here.
> ;)
> Sorry ok the problem it is this someone told my boss that the email
> messages has been readed by someone else this information came from our
> isp we have a e1 connection its like a t1 connection so with that
> information they said that the "hacker" redirect the messages before
> they get to the mail server and after being read it the massage hit the
> mail server, so the question that if someone can do that its becose this
> information.
>
> now what i think its that it is probably that the hacker its inside my
> local network but if this was the case how it is that my isp now that i
> have a hacker inside my network getting a copy of the mails, send the
> mails to his destination ?
>
> ill give more information for the time beign i have just installed the
> stunnel and activate it for the pop3 and smtp, im thinking in auditing
> the my mail server and auditing my network, do you know of tools that
> help to check the information above?
How your ISP knows this, is up to your ISP to tell you. I certainly
don't know - it's not impossible, but it's also possible that the mail
server is compromised, or that the client is compromised, or even that
the password is known (possibly by brute-force attacks), and the
attacker can read a specific mailbox.
Checking the log files is almost always a good idea, though it can be a
daunting task. This might give you an idea about who accessed the
mailbox, provided the server and log server are not compromised (and
it's likely that they are useful even in that case).
Presuming the client used most often is a Windows box, run some (free or
paid) antivirus and -spyware programs. For instance, AVG Free and Hitman
Pro (really a wrapper around a lot of other programs).
The mail server itself would probably be the trickiest part. The above
procedure can be repeated with things like rkhunter; but AV packages
are, frankly, better than the offerings for *NIX [1].
You probably know best; there are a lot of Windows exploits out in the
wild (for instance, MS patched a IE hole this evening), so that's not an
unlikely vector. However, your ISP thinks otherwise, and they might have
a good reason.
However, if your traffic can be redirected willy-nilly, it might be time
to either get some real routing hardware or have a good talk with your
ISP...
Joachim
[1] Whether this is actually a point for Windows is open to debate,
though.
