Results 1 to 14 of 14
  1. #1
    New Lounger
    Join Date
    Feb 2004
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Mysterious attempts to send mail (OL2002) (OL2002 - SP2)

    Okay, so I have Norton Antivirus installed. You know how when you send mail, the NAV box pops up in the lower right-hand corner saying it's scanning outgoing mail? Well I noticed that it was doing that when I had no mail in my outbox. I scanned with NAV and couldn't find anything.

    A couple of days ago, I decided to turn off all the smtp servers in my Outlook email accounts and lo and behold I start getting messages about sent mail (that I didn't write) not being sent because of problems with the server.

    I've turned off receipts in my mail options and can't figure out what might be generating these mysterious outgoing emails. Any ideas?

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Mysterious attempts to send mail (OL2002) (OL2002 - SP2)

    <P ID="edit" class=small>(Edited by jscher2000 on 18-Feb-04 20:53. One more thing...)</P>Sounds bad. Would you mind trying the Housecall online scanner? There's a link at the top of the list of posts in each forum. Also, there is a star post on spyware scanners (there's an index to the star posts on the Lounge Matters forum.)

    Added: By the way, many rejection notices are generated by mail servers refusing messages generated by a virus on someone else's computer. Thus, those messages might be completely unrelated to your computer's issues. Often, it's difficult to know without studying them in great detail.

  3. #3
    New Lounger
    Join Date
    Feb 2004
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Mysterious attempts to send mail (OL2002) (OL2002 - SP2)

    Hi...okay I ran the online virus scanner, found some trojans in some very OLD zip files, trashed those, decided to attach all the removeable hard drives and scanned again. Didn't find anything, but tried it again a couple of days later. Still didn't find anything.

    I do run Ad-Aware 6 with the updates regularly and I always find dataminers, but not much else.

    Since I posted this Outlook has added a few more emails to the queue to be sent (I still have the smtp servers disabled) and yet, there is nothing to found in the outbox.

    Can you think of anywhere these mysterious messages might be stored?

    Thanks for the help.

  4. #4
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Canberra, Australian Capital Territory, Australia
    Posts
    339
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Mysterious attempts to send mail (OL2002) (OL2002 - SP2)

    This is symptomatic of the SWEN virus. You may also get HTML messages which look like Microsoft critical updates. It is not your computer that has the virus but rather someone with your name in their address book. I have had this happening for months - have even contacted my ISP to try and get them stopped at the server but to no avail - their only suggestion was that I change my email address <img src=/S/shrug.gif border=0 alt=shrug width=39 height=15> .

    Because the virus is not on your machine there is very little you can do about it.

    Just as an aside - I don't keep my contacts in the default contacts folder - rather I have other folder names as many viruses will scan the contacts folder to pick up addresses. So I am doing my best to protect others - only wish the obverse was true.

    Cheers

  5. #5
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Mysterious attempts to send mail (OL2002) (OL2002 - SP2)

    When you say you have the SMTP servers disabled, you replaced them with nonsense entries (like mailgoingnowhere.xxx)?

    It seems as though some other process is sending mail, not Outlook. Unless NAV can capture the name of the destination server, you might need to get some personal firewall software or packet sniffing software to track it down. You could try installing the free version of ZoneAlarm and setting it to stop every program from sending until you approve. Of course, if all mail goes through NAV, I guess this might only work once (until you approve NAV to contact the Internet). Hmmm... these things are so much easier to troubleshoot in person...

  6. #6
    New Lounger
    Join Date
    Feb 2004
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Mysterious attempts to send mail (OL2002) (OL2002 - SP2)

    Thanks jscher2000 and Karen for the replies.

    Jscher2000: you're right, the disabled SMTP servers have nonsense names. I've just finished running yet another Norton Anti-Virus scan with no results. I'm hoping that NAV cleaned any unauthorized email that went out before I caught this. I'm might be naive about this, but I also thought the firewall functions in my router were adequate. At least whenever I try an online scanner, it tells me my pc is fine. If some other process is doing this, why would would it show in OL's send/receive dialog?

    Karen: Are you saying what I'm seeing is the result of someone else who knows my email addresses is infected with the Swen virus? I looked at the description of W32.Swen.A@mm on the Symantec site and it doesn't quite sound like what's happening here. Could you confirm that what's happening on your machine is: outgoing email that is not stored in the outbox before sending and doesn't show up in the sent mail folder after sending. As I said, the only way I noticed this is that NAV showed that it was processing outgoing email when I knew hadn't sent any. By the way, I like the idea of putting all the contacts in a subfolder. I'll do that as soon as I can figure out how to get my Palm to sync to a subfolder.

    I tried the following. Since I check mail on 7 accounts on this machine, I noted that this behaviour was only happening with two of the accounts. I deleted the two accounts completely, did another send/receive, and the behaviour didn't occur. When I re-created the accounts, using different info except for the server, login and password, the old behaviour came back.

    I'm thinking of doing the following:
    - moving the contents of my pst to a new pst
    - uninstalling and reinstalling Outlook

    Oh, and I hope this isn't important: the only plugin I use is the Cloudmark SpamNet beta.

    Thanks for the help, folks!

  7. #7
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Mysterious attempts to send mail (OL2002) (OL2002 - SP2)

    Oh, I completely missed that the errors are in Outlook's Send/Receive window. Hmmm... The fact that it only happens on selected accounts suggests that you are sending receipts on those accounts (even though you have done your best to turn that off). Frankly, it's hard to think of any other kind of mail traffic that uses SMTP but wouldn't appear in the Outbox.

    Regarding the in-router firewall, it typically would allow all outbound connections. If you have the option to block outbound connections on TCP port 25, and log the destinations that were blocked, it would be worth trying.

    > Oh, and I hope this isn't important: the only plugin I use is the Cloudmark SpamNet beta.

    It appears from online documentation that this software does not use SMTP transport, but instead TCP port 2073, but I haven't verified that and "When an unwanted spam message is reported to SpamNet, the entire message is sent to the central computer." (Security page) Since that's under you control, it should be easy to test.

  8. #8
    New Lounger
    Join Date
    Feb 2004
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Mysterious attempts to send mail (OL2002) (OL2002 - SP2)

    It most likely isn't SpamNet. Given that I click "block" on a couple of hundred emails a day (aargh), it couldn't be that activity generates this few messages if they were going through smtp.

    I like your idea of blocking port 25. I can't quite figure out how to do it. I see how to forward a port to a particular pc. Maybe sending it a nonexistent address would work? I do see how to turn on logging. (I have a Linksys router in case you happen to have their settings memorized [img]/forums/images/smilies/smile.gif[/img]

    My original thought was that it had to be receipts, but I thought I had turned it off by going to Tools-Options-E-mail Options-Advanced E-mail Options-Tracking Options-Requests for Read Receipts-Ask Me First.

    Could it be that delivery receipt requests are being processed on my computer? Or is there some other kind of receipt that is being sent? (I've noticed another kind like 'x@x.com has requested notification when this message is deleted. confirm?')

    Further info: the error message I get in the send/receive dialog is:

    Task '<email account name> - Sending and Receiving' reported error (0x800CCC0D) : 'Unable to find the e-mail server. Please verify the server information in your account properties.'

  9. #9
    New Lounger
    Join Date
    Feb 2004
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Mysterious attempts to send mail (OL2002) (OL2002 - SP2)

    Oh boy. I couldn't figure out how to block port 25 in the router, but I did turn on port logging, enabled the smtp server on one of the affected email accounts, did a send/receive. Nothing showed up for that port or for SMTP. I could see POP activity, http activity and traffic to the SpamNet server.

    A few seconds later I did another send/receive for that account and I got a bounced mail message, which was spam was attempted to be delivered to a nonexistant host. I checked the sending dns and dammit if it wasn't mine! I mean, it was my dns.

    I know this is playing with fire, but I went ahead and opened the returned message which had a spam subject line. When I looked, the original subject line was preceded by "Not read:".

    Does it make sense that one of the following is happening:
    (1) my pc has become one of the spam zombies. if so, how do I find out for sure and fix it? or
    (2) OL is insisting on sending read receipts even though I've tried to disallow that. If that's the case, would uninstalling/reinstalling OL take care of it or is it time to reformat the hard drive?

  10. #10
    New Lounger
    Join Date
    Feb 2004
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Mysterious attempts to send mail (OL2002) (OL2002 - SP2)

    Hmm. After that last send/receive session, I googled 'outlook "not read" receipt'. Apparently OL2002 will still send read receipts even if you tell it not to. This was supposed to have been fixed in SP-1, but didn't. There's an old KB article on this: OL2002: Deleted Items Still Generate a Read Receipt Even If the "Never Send a Response" Option Is Selected (Q304848) , but it's no longer available. The subject also showed up on an old debian-list discussion.

    Unless you can think of something more sinister that's going on, I'm going to decide that what's been happening is that Outlook is sending read receipts on deleted spam.

  11. #11
    Plutonium Lounger Leif's Avatar
    Join Date
    Dec 2000
    Location
    U.K.
    Posts
    14,010
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Mysterious attempts to send mail (OL2002) (OL2002 - SP2)

    >>>...I'm going to decide that what's been happening is that Outlook is sending read receipts on deleted spam

    But didn't you say the subject was prefixed "Not read"?
    Perhaps the flakiness in the reliability of read receipt handling extends to deleteing-without-reading emails that request a read receipt, but are deleted before Outlook can decide whether or not it should honour the request, and just sends it anyway....?

    I'll see if I can test that theory later.

  12. #12
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Mysterious attempts to send mail (OL2002) (OL2002 - SP2)

    <big>Yes!</big> If you use VBA code to delete a message, and by delete I mean move it out of the Inbox to another folder, Outlook can send a "Not Read" receipt regardless of your "interactive" settings. See my <post#=326505>post 326505</post#>, complaining about this very problem. Currently I've rigged my Move-To-Spam-Folder macro to warn me if this is going to happen (that is, if the message has a read receipt request). I'm not sure whether this is an option for you, since you are using a third party product. Perhaps they can think of a brilliant solution for all of us. <img src=/S/grin.gif border=0 alt=grin width=15 height=15>

  13. #13
    New Lounger
    Join Date
    Feb 2004
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Mysterious attempts to send mail (OL2002) (OL2002 - SP2)

    Oh boy. So I guess what was triggering these return receipts was my moving Cloudmark's Spam folder to the Deleted Items folder periodically and then deleting it completely. Hmmm. It would be nice if they fixed this, wouldn't it?

    Since I don't send out nearly as much email as I receive, I've disabled the smtp servers in all the accounts, enabling them only when I need them for the time being. That way I can see if this behavior is occurring. Since the "read/not read receipts" aren't stored in the outbox and I can't find them anywhere to get rid of them, I may have found a roundabout way of killing the pesky ######s: delete the email profile for Outlook. Now it is troublesome for sure to have to recreate all the accounts, but the receipts seem to have disappeared.

    By the way, I let the mysterious email out one day to what would happen. A few seconds later I got back just as many bounced messages containing the "Not Read:" email subject header.

  14. #14
    Plutonium Lounger Leif's Avatar
    Join Date
    Dec 2000
    Location
    U.K.
    Posts
    14,010
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Mysterious attempts to send mail (OL2002) (OL2002 - SP2)

    Just as a follow up, I was mucking about today and sent a test message which I deleted without reading. When I tried to empty the 'Deleted items' I got this message which I've never seen before.....

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •