OSX 10.5.8 sending out martian packets

I'm working on getting a vpn up and running on my work laptop(ubuntu 9.10) and while doing that I noticed this message in the syslog:
kernel: [12745.906572] martian source 192.168.1.255 from 192.168.1.208, on dev wlan0
192.168.1.208 is the wifes 10.5.8 OSX machine. Has it been compromised? why would it be sending out "Martian packets" it is connected to 192.168.1.107 NFS share on my file server. but i'm not seeing packets from that

Is that common with OSX? Is there a way to turn it off?
My initial google searches on zeroconf didn't yield much on that topic to explain why its happening.

Similar Messages

  • My MBP has started to send out TCP packets larger than the MTU on the NIC - is there any place that this can be overriden?

    Got a very weird issue here and wondering if anyone has any other ideas. Basically over the wired NIC only, my Mac has started to send out large HTTP/HTTPS packets from the browser (> 1500 bytes) Captures show packet sizes from 2000 all the way to 4000 sometimes. This happens in Firefox and Chrome so doesn't appear to be application related.
    This causes fragmentation issues and traffic drops which basically causes most of my websites and  tools to crash and burn (and I get all sorts of SSL errors from applications, etc).
    It appears to be limited to just TCP packets as pings with the DF bit set will not send any larger than 1500 bytes.
    However if I switch to wireless, everything works fine and captures show the correct maximum packet size of 1500 for all packets leaving my client.
    The MTU on the  en0 interface is 1500 as per ifconfig and I made sure that it was set to 1500 in Network config panel (because there is an option for jumbo frames there which bumps up the MTU).
    A packet capture also shows that during the three way handshake the TCP MSS is successfully sent and negotiated as 1480, but then it appears to ignore that when sending packets later in the TCP stream.
    I've rebooted, upgraded to 10.7.4, checked the "sysctl" outputs and matched against a Mac not having the issue.
    This is the newest MBP 15 inch model.
    Any other ideas on things to check?

    Have you used any sort of "tuner" software? You are obviously an advanced user. Sometimes we hack things up and forget about it later. If you are sure you didn't do that, maybe poke around with IPv6 settings. Supposedly people are trying to enable that and it is going to be a disaster.

  • OSX server sending out "spam?"

    I'm a student at a technical college and am working part time for the Mac admin guy. We have about 400 macs in the art dept. Yesterday our sysadmin said our server was sending out spam.
    This server is not running mail but here are a couple of excerpts from our mail.log:
    Aug 7 06:40:38 servername postfix/pickup[14340]: 547BE6B7AB8: uid=1032 from=<image>
    Aug 7 06:40:38 servername postfix/cleanup[14552]: 547BE6B7AB8: message-id=<20070807114037.547BE6B7AB8@servername>
    Aug 7 06:40:38 servername postfix/qmgr[14556]: 547BE6B7AB8: from=<[email protected]>, size=1675, nrcpt=1 (queue active)
    Aug 7 06:40:45 servername postfix/smtp[14557]: 547BE6B7AB8: host g.mx.mail.yahoo.com[206.190.53.191] said: 421 Message temporarily deferred - 4.16.51. Please refer to http://help.yahoo.com/help/us/mail/defer/defer-06.html (in reply to end of DATA command)
    Aug 7 06:40:45 servername postfix/smtp[14557]: 547BE6B7AB8: to=<[email protected]>, relay=d.mx.mail.yahoo.com[216.39.53.2], delay=8, status=sent (250 ok dirdel)
    Aug 7 06:40:45 servername postfix/qmgr[14556]: 547BE6B7AB8: removed
    Aug 7 06:44:23 servername postfix/pickup[14340]: C0F876B7AC2: uid=1032 from=<image>
    Aug 7 06:44:23 servername postfix/cleanup[14600]: C0F876B7AC2:message-id=<20070807114423.C0F876B7AC2@servername>
    Aug 7 06:44:23 servername postfix/qmgr[14556]: C0F876B7AC2: from=<[email protected]>, size=1626, nrcpt=1 (queue active)
    Aug 7 06:44:23 servername postfix/pickup[14340]: C8D2C6B7AC4: uid=1032 from=<image>
    Aug 7 06:44:23 servername postfix/cleanup[14600]: C8D2C6B7AC4: message-id=<20070807114423.C8D2C6B7AC4@servername>
    Aug 7 06:44:23 servername postfix/pickup[14340]: CEC0B6B7AC6: uid=1032 from=<image>
    Aug 7 06:44:23 servername postfix/cleanup[14600]: CEC0B6B7AC6:message-id=<20070807114423.CEC0B6B7AC6@servername>
    Aug 7 06:44:23 servername postfix/qmgr[14556]: C0F876B7AC2: to=<[email protected]>, relay=none, delay=0, status=bounced (invalid recipient syntax: "[email protected]")
    Aug 7 06:44:23 servername postfix/qmgr[14556]: C8D2C6B7AC4: from=<[email protected]>, size=1624, nrcpt=1 (queue active)
    Aug 7 06:44:23 servername postfix/cleanup[14600]: DA8706B7AC9: message-id=<20070807114423.DA8706B7AC9@servername>
    and
    Aug 8 10:11:57 servername postfix/qmgr2338: DADE98C3EB9: to=<[email protected]>, relay=none, delay=14040, status=deferred (delivery temporarily suspended: host ironport1.chron.comhttp://130.80.29.15 refused to talk to me: 554 ironport1.chron.com)
    Aug 8 10:11:57 servername postfix/qmgr2338: E89098C1C03: to=<[email protected]>, relay=none, delay=14082, status=deferred (delivery temporarily suspended: host ironport1.chron.comhttp://130.80.29.15 refused to talk to me: 554 ironport1.chron.com)
    Aug 8 10:11:57 servername postfix/qmgr2338: EEE378C2CB3: to=<[email protected]>, relay=none, delay=14231, status=deferred (delivery temporarily suspended: host ironport1.chron.comhttp://130.80.29.15 refused to talk to me: 554 ironport1.chron.com)
    Aug 8 10:11:57 servername postfix/smtp13748: 2C26E8979B3: to=<[email protected]>, relay=mx-nj-2.pobox.comhttp://208.210.124.72, delay=39263, status=deferred (host mx-nj-2.pobox.comhttp://208.210.124.72 said: 450 <[email protected]>: Sender address rejected: Domain not found (in reply to RCPT TO command))
    Aug 8 10:11:57 servername postfix/smtp13748: 2BC7D8C61AC: to=<[email protected]>, relay=mail.cyberscope.nethttp://64.95.223.22, delay=13796, status=deferred (host mail.cyberscope.nethttp://64.95.223.22 said: 451 unable to accept non-FQDN HELO (#4.3.0) (in reply to MAIL FROM command))
    Aug 8 10:11:57 servername postfix/smtp13748: connect to cluster9.us.messagelabs.comhttp://216.82.253.115: Connection refused (port 25)
    Aug 8 10:11:57 servername postfix/smtp13748: connect to cluster9.us.messagelabs.comhttp://216.82.250.99: Connection refused (port 25)
    Aug 8 10:11:57 servername postfix/smtp13748: connect to cluster9.us.messagelabs.comhttp://216.82.250.115: Connection refused (port 25)
    We set up VirusBarrier and scanned the server. This is a copy of our console.log:
    Mac OS X Version 10.4.9 (Build 8P135)
    2007-08-08 10:20:50 -0500
    2007-08-08 10:20:55.538 SystemUIServer486 lang is:en
    Aug 8 10:22:39 servername authexec: executing /Library/Intego/netupdated.bundle/Contents/Resources/NetUpdate Installer.app/Contents/MacOS/NetUpdate Installer
    Aug 8 10:49:43 servername servermgrd: servermgr_dns: no name available via DNS for our IP addy
    Aug 8 10:49:43 servername servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly
    virus OSX.Botch.Gen found in file: /Volumes/Startup OS X/private/var/tmp/ /mech/kupdateb
    virus OSX.Botch.Gen found in file: /Volumes/Startup OS X/private/var/tmp/ /mech/src/mech
    virus OSX.PsyBot.232 found in file: /Volumes/Startup OS X/private/var/tmp/psybnc/psybnc
    Aug 8 11:19:43 servername servermgrd: servermgr_dns: no name available via DNS for our IP addy
    Aug 8 11:19:43 servername servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly
    virus OSX.Botch.Gen found in file: /Volumes/Startup OS X/private/var/tmp/ /mech/kupdateb
    virus OSX.Botch.Gen found in file: /Volumes/Startup OS X/private/var/tmp/ /mech/src/mech
    <CFURL 0x62bd440 0xa07bc150>{type = 15, string = file://localhost/Library/Contextual%20Menu%20Items/PortfolioCM.plugin/, base = (null)}
    Finder tool: request to change uid to 501 gid to -1 for /private/tmp/vbx4smail_6v97Qz
    virus Resource structure error found in file: /Volumes/Image Backup Drive/Old Labs Images/345 iMacs/Macintosh HD/System Folder/Help/HP LaserJet Printer Help/Help/Graphics/printer_word.JPG
    Aug 8 11:49:43 servername servermgrd: servermgr_dns: no name available via DNS for our IP addy
    Aug 8 11:49:43 servername servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/animations/flahsbathtub/WS_FTP.LOG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/animations/WS_FTP.LOG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/contact/WS_FTP.LOG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/illustrations/photomontage/WS_FTP.LOG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/illustrations/WS_FTP.LOG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/images/WS_FTP.LOG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/greennotes/WS_FTP.LOG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/madisonframes/ARTWORK/WS_FTP.LOG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/makingcrepes/crepesjpeg/WS_FTP.LOG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/WS_FTP.LOG
    virus Resource structure error found in file: /Volumes/Image Backup Drive/.Trashes/501/printer_word.JPG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-08-37.LOG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-08-41.LOG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-08-45.LOG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-09-01.LOG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-09-15.LOG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-09-22.LOG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP.LOG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/greennotes/WS_FTP.LOG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/madisonframes/ARTWORK/WS_FTP.LOG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/makingcrepes/crepesjpeg/WS_FTP.LOG
    Aug 8 12:19:43 servername servermgrd: servermgr_dns: no name available via DNS for our IP addy
    Aug 8 12:19:43 servername servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly
    <CFURL 0x5004b0 0xa07bc150>{type = 15, string = file://localhost/Library/Contextual%20Menu%20Items/PortfolioCM.plugin/, base = (null)}
    <CFURL 0x3a5c30 0xa07bc150>{type = 15, string = file://localhost/Library/Contextual%20Menu%20Items/PortfolioCM.plugin/, base = (null)}
    Aug 8 12:26:21 servername ARDAgent 320: no multicast
    virus Resource structure error found in file: /Volumes/Image Backup Drive/.Trashes/501/printer_word.JPG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-08-37.LOG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-08-41.LOG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-08-45.LOG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-09-01.LOG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-09-15.LOG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-09-22.LOG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP.LOG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/greennotes/WS_FTP.LOG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/madisonframes/ARTWORK/WS_FTP.LOG
    virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/makingcrepes/crepesjpeg/WS_FTP.LOG
    Aug 8 12:29:49 servername cyrus-quota1693: DBERROR: reading /var/imap/db/skipstamp, assuming the worst: No such file or directory
    at which point we rebooted.
    So we have changed all are passwords, are reimaging everything and had the sysadmin block all outgoing messages on port 25. In addition we have sent copies of the logs to Intego.
    That all happened Wednesday. Unfortunately this mornings system log had:
    Aug 10 02:58:45 servername VirusBarrierServer[461]: File infected: /private/var/tmp/.blan/.bot/rom by OSX.Botch.302
    Aug 10 02:59:08 servername VirusBarrierServer[461]: File infected: /private/var/tmp/.ou/.bot/ru by OSX.Botch.302
    Aug 10 02:59:28 servername VirusBarrierServer[461]: File infected: /private/var/tmp/.tmp/ /.bot/darwin by OSX.Botch.302
    Aug 10 02:59:49 servername VirusBarrierServer[461]: File infected: /private/var/tmp/.tmp/.bot/crond by OSX.Botch.302
    I know that this is an incredibly vague question but what would you suggest I do now?
    Is there a way to find out where these "virus'" came from?
    It is not impossible they were put on by a student as we recently found out that a number of the help desk students had the Mac admin password. I've looked at the install logs and the only things I see are the Apple software updates and apps we installed ourselves.
    I realize that no mac virus' or worms have been found in the wild so it is unclear what VirusBarrier is reporting but it seems that ummm "something" is hiding somewhere and "infecting" these files and I'd like to get rid of it.
    thanks for your time and help )
    lex
    Message was edited by: LexaniG

    What appears to be happening is that something is installing the IRC bot EnergyMech in hidden files on our server.
    Aug 10 02:59:28 servername VirusBarrierServer461: File infected: /private/var/tmp/.tmp/ /.bot/darwin by OSX.Botch.302
    When I checked the contents of the .tmp file with ls -Rla I found:
    .tmp/ :
    otal 1320
    drwxr-xr-x 4 image wheel 136 Jun 24 19:44 .
    drwxr-xr-x 5 image wheel 170 Jun 24 19:44 ..
    drwx------ 16 image wheel 544 Jun 24 20:00 .bot
    -rw-r--r-- 1 image wheel 675159 Jun 24 19:44 sclavi.tar
    .tmp/ /.bot:
    total 2144
    drwx------ 16 image wheel 544 Jun 24 20:00 .
    drwxr-xr-x 4 image wheel 136 Jun 24 19:44 ..
    -rw-r--r-- 1 image wheel 351 Jun 28 10:00 1
    -rw-r--r-- 1 image wheel 351 Jun 28 10:00 2
    -rw-r--r-- 1 image wheel 351 Jun 28 07:00 3
    -rwx------ 1 image wheel 412095 Jul 8 2005 bash
    -rwxr-xr-x 1 image wheel 0 Aug 10 02:59 darwin
    -rw-r--r-- 1 image wheel 354306 Oct 19 2005 freebsd
    -rw------- 1 image wheel 22465 Jun 13 2001 mech.help
    -rw-r--r-- 1 image wheel 1015 Jun 28 10:00 mech.levels
    -rw------- 1 image wheel 6 Jun 24 19:44 mech.pid
    -rw-r--r-- 1 image wheel 1457 Jun 28 10:00 mech.session
    -rw-r--r-- 1 image wheel 5365 May 4 11:34 mech.set
    -rwxr-xr-x 1 image wheel 178908 Sep 20 2005 pico
    -rw-r--r-- 1 image wheel 87673 Jun 27 2006 pico.tgz
    drwx------ 10 image wheel 340 May 27 2004 randfiles
    After chmoding the files so that they were non-excecutable mech.set contained this:
    # Zei`s EnergyMech configuration file
    # v2.9.3 - CristofoR
    ##### Linking #####
    #ENTITY emech
    #LINKPASS abc123
    #LINKPORT 49152
    #LINK hismech a1b2c3 mech.host.net 49152
    #LINK hermech abcdefg 0 0
    AUTOLINK
    ##### Server List ####
    SERVER LosAngeles.CA.US.Undernet.org 6665
    SERVER LosAngeles.CA.US.Undernet.org 6668
    SERVER LosAngeles.CA.US.Undernet.org 7000
    Unfortunately as a student I theoretically don't have access to the server again until Monday... But I'll go in tomorrow and try and find someone to turn it off. heh (I suppose one way to find out who's on call is to shut it down and see who shows up...) In any case I'll try and delete any of these files I can find.
    My boss is out of town and I'm over my head here so any and all suggestions will be gratefully received.
    thanks
    lex
    Message was edited by: LexaniG
    Message was edited by: LexaniG

  • Help sending a Magic Packet through to WOL

    I'm trying to set up my Airport Extreme to send a magic packet through. It successfully wakes up my computer if I do it immediately after it goes to sleep, but if I try after its been asleep a few hours it doesn't work.
    I would think it may be a computer issue, but if I WOL over the network without going over the internet I can wake it up no matter how long it's been asleep. This leads me to believe it's an issue with the Airport Extreme "forgetting" my desktop after it's been asleep for a few minutes.
    I've already set it up to port forward correctly, but is there something else I need to do?

    Unfortunately this seems to be the common experience.
    I did read somewhere that 'routers flush out ARP tables' after a period of inactivity meaning, after 5 mins or so-you cant wake up your sleeping computer remotely. I have no idea what that means or how to fix it, have been looking constantly since Snow Leopard came out.
    As you say, can do it from the home network, outside of that-it only works for about 5 mins.

  • How do I get rid of a "bot" on my Mac that is sending out erroneous emails to everyone in our address book?

    How do I get rid of a "bot" on my Mac that is sending out erroneous emails to everyone in our address book? 

    You will have to look around your machine & figure out the name of the program.
    try /application/utilities/activity monitor
    I recommend that you get a littlesnitch. littlesnitch will track your Web traffic and tell you which applications are sending data from your computer. Be sure to run it awhile because it will trigger a number of alerts. In trail mode, it will run for three hours per boot for a about a month.
    http://www.obdev.at/products/littlesnitch/index.html
    This list maybe different in your release of X.
    Check System Preferences>Accounts (Users & Groups in later OSX versions)>Login Items window to see if it or something relevant is listed.
    Check the System Preferences>Other Row, for 3rd party Pref Panes.
    Also look in these if they exist, some are invisible...
    /private/var/run/StartupItems
    /Library/StartupItems
    /System/Library/StartupItems
    /System/Library/LaunchDaemons
    /Library/LaunchDaemons

  • App imitates sending out a virus over the network

    The last time I ran the Classic App called "Farallon Ping" which came with my old Farallon NC I bought years ago was back in 2003 or 2004 and I was told by IS of the University I was attending not to run it again as the app makes it appear to be sending out viruses over the network. The app is useful as it tells me my IP address and the IP address of every computer in my domain and offers many other features some of which that are lacking in the built in OSX utilities.
    I am at a much larger University these days and I was wanting to run this app for the features but not sure if I should.
    Is this post appropriate for this group and if so what do you say?
    Thanks

    Know nothing about Farallon Ping. Would MacPing at http://74.125.93.104/translate_c?hl=en&sl=nl&u=http://dartware.com/downloads/leg acy.html do the same thing?
     Cheers, Tom

  • All my send out email lost in cyberspace! Pls Help!

    Hi pp,
    Pls help me! I believe my Mail started to behave strangely when I update the latest security patch or OSX to 10.4.5 ... am using Mail 2.0.7 now...
    Everything look and work fine for my mail server... I can download all email that people send to me, and it's seems like I can send out email to my friends too...
    **** No! Mail seems to work fine when I try sending out email. No error msg, no blockage... everything looks just alright. But my friends have complained to me that they didnt received a single email from me...
    1.feeling something wrong, I called up my Mail server hosting company to check my mail and they say nothing is wrong.
    2. I do a roundtrip testing, by sending email from my own account to my own account. I send out about 10 over mail... nothing was received.
    3. I do a disk verification using Disk Utility. No error detected.
    4. Decided to download a third-party email client program to test, IT'S WORK!
    I can use other email client program to send out and able to receive!
    Conclusion is, if I use Mail to send out my email, it will send out but eventually disappear before reaching the recipient. Something must be wrong with my System or Mail... but I've run out of idea on how to solve it...am getting very desperate at the current situation... hopefully there are some genius or knowledgable kind soul fellow that can help me on this mystery error... hereby, thanks alot fto anyone who offer their help to me. greatly appreciated.
    Powerbook G4 12"   Mac OS X (10.4.5)  

    Nothing in any update should have caused this, and clearly has not for most people -- therefore we should seek an answer aside from waiting for some unknown update.
    What type of account do you have -- POP, IMAP or .mac. In Mail Preferences, what are the selections in Mailbox Behaviors for this account?
    In the Finder, open Home/Library/Mail/Mailboxes -- is there an Outbox.mbox folder, and is it represented by a blue Icon? At Home/Library/Mail/this account folder, are there both a Drafts.mbox folder, and Sent Messages.mbox folder, and are both blue icons?
    More info, please.
    Ernie

  • How can I stop what appears to be a virus in my e-mail sending out e-mails

    Hi,
    I keep getting undeliverable messages from my service provider. It seems I have some virus that keeps sending out some spam about winning money. It is going out to addresses I do not have in my address book or have ever dealt with. I'm not sure what to do or what software I can use to make these stop. Any help would be appreciated.

    My machine sends them immediately with a prefix in the Subject line saying <RE: hi > then the original email title.
    And you have verified that they are indeed being sent by your computer based on an analysis of tcpdump logs or Wireshark logs running on another "believed clean"computer on the same LAN? I would strongly encourage you to submit excerpts of these logs to the likes of Intego, MacScan, etc., if so. You haven't downloaded any freeware from sites of unverifiable integrity, right? Is your DNS settings directing you to the DNS servers that you think they are (perhaps rerouting your sent mail to a rogue smtp server)? In Terminal, type scutil⏎ then type show State:/Network/Global/DNS⏎ and make sure you recognize the IP addresses of the reported DNS servers. (type exit⏎ to exit scutil)
    Spammers in Africa can't send their results immediately. Looking at the long headers of a spam returned to me, it's got the same routing info as me and was sent at the same time.
    Why not? I doubt that there is some guy sitting there manually doing this with email messages, it is automated, and would probably take milliseconds to duplicate your email, append the canned spam message, and shotgun it back out onto the internet. I live in Colorado and I picked a random server in New Zealand and pinged it (don't trust even pinging anything in some locales). The results?
    myOldMac:~ jv$ ping {hidden}.org.nz
    PING {hidden}.org.nz (202.6.116.6): 56 data bytes
    64 bytes from NNN.NNN.NNN.NNN: icmp_seq=0 ttl=52 time=168.514 ms
    64 bytes from NNN.NNN.NNN.NNN: icmp_seq=1 ttl=52 time=167.807 ms
    64 bytes from NNN.NNN.NNN.NNN: icmp_seq=2 ttl=52 time=167.624 ms
    64 bytes from NNN.NNN.NNN.NNN: icmp_seq=3 ttl=52 time=167.954 ms
    --- {hidden}.org.nz ping statistics ---
    4 packets transmitted, 4 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 167.624/167.975/168.514/0.333 ms
    That's only one-sixth of one second ... that's pretty fast.

  • Mail will not send out e-mails from my gmail smtp server

    I am using Mail to send and receive e-mails. I have 3 different accounts that I use, of which two are GMail acounts. These two acounts receive e-mails as normal, but upon replying or otherwise sending out e-mail it refuses to send. It appears that the SMTP server is offline. I have re-entered my credentials etc, but this did not fix the problem. Can anyone help me to get over this annoying issue?
    I am running OSX 10.10.1 Yosemite

    I am experiencing the same issue. All has been working fine & it just suddenly started today. OSX 10.10.1 Exactly as you describe. I have the same email account settings on my iPad & have no problems there, only on my Mac with 10.10.1
    HELP!

  • I might have a virus sending out e-mails.

    Is there a free virus program for Mac OSX 10.9.2 ? I might have a virus sending out e-mails.

    What makes you think that? What behaviour have you observed?
    There are no viruses as such on OS X -- programs that can enter the computer from the network, install themselves, do bad things and pass themselves on to others.
    There are trojans and other forms of malware. These usually require you to have downloaded and installed something.
    OS X includes its own list of malware that it will not run. This is updated from time to time.
    If you want to run a malware check, then ClamXav is the most common one.

  • Mac Mail sending out multiple e-mails

    Dear All,
    My friend reports that today he is receiving 3 copies of every e-mail message that I send him.  I'm working on a Mac Pro, Lion 10.7.5, using Mac Mail through Yahoo, and I have only one account.  I have an iPod touch, but I have never sent e-mail through that device nor signed up for it on the iPod -- I only use my Mac desktop for sending and receiving e-mails.  Anyone else having this recent problem?  I never had it before today!  Thanks.

    Are you sure it's the Mac sending out the spam, or just spam masquerading as coming from your email account (the From: line is ridiculously simple to forge)?
    While it's clearly possible to devise a system to cause a Mac to send out spam email (or any other computer for that matter), it wouldn't be terribly efficient for the spammer.  Even when they take over zombie machines (and unpatched Windows XP systems are the favorites there) the spammer would prefer to use the machine to send out all kinds of email *AND* would attempt not to draw attention to the actual machine sending out the stuff.
    That is, where it *appears* to be coming from will generally not be where it is coming from. 
    What malware prefers to do is "harvest" an address book from a user's computer (or, more often these days, from an online address book after phishing the credentials from the user) and then using that to send out emails to your contacts that look like they come from you so that they are more likely to be opened.  If that's what has happened, there's nothing you could do to the Mac at this point to get that data back. 
    Again, while it is clearly possible to harvest that data under either OSX or Windows 7 from your address book in either platform, it is considerably more difficult to do that than to go after your credentials for an online site using a phishing attack and then make use of the contact information.

  • I can't get my mail to send out anymore. Using both ICLOUD AND GMAIL HELP

    Apple software installed now I can't send out any of my emails. I used Gmail prior to wonderful update now I need to get instructions on how to make my operating system allow me to use my email account again and get my emails as I did before

    your product list states an iMac (desktop computer) but no OSX version AND iOS 8.1.2 (an iDevice operating system) but no iDevice (iPad, iPhone.etc.)
    Also include what "Apple software installed..." on what device(s)
    ÇÇÇ

  • Does ACE send a RST packet when it reach inactivity timeout?

    Hi experts
    I have some questions about ace's behavier.
    1st one is, Does ACE send a RST packet when it reach to inactivity timeout?
    2nd, Does half-closed timeout works properly with "no normalization"?
    3rd, How does ACE treat the packets there is no flows in conn table? Drop or forwarding?
    Thanks

    Hi Kilsoo,
    1st one is, Does ACE send a RST packet when it reach to inactivity timeout?
    ----yes, the ACE is going to send a RST if the client or server tries to do something over a connection that was already timed out
    3rd, How does ACE treat the packets there is no flows in conn table? Drop or forwarding?
    drops the connection
    Let me do some research for your second question
    Cesar R
    ANS Team

  • SharePoint Foundation 2013 installed on Windows Server 2012 not sending out email notification

    I have a server where i installed SP Foundation 2013 on top of Windows Server 2012. I have configured the SMTP as well as the outgoing SMTP in Central Administration
    of SharePoint. When i create an alert on a document library, its did not sent any email notification on the changes made to the document in the document library. So, i created a workflow to send out email using SPD2013. The workflow run, but it cannot sent
    out email with error saying that outgoing email is not configured correctly. I have checked with another server which i installed SP foundation 2013 on top of Windows Server 2008 R2 - its sending out email just fine using same configuration and outgoing SMTP.
    I need help to resolve this issue or at least the cause of the problem.
    Any help is greatly appreciated.

         
    Try below:
    http://social.technet.microsoft.com/wiki/contents/articles/13771.troubleshooting-steps-for-sharepoint-alert-email-does-not-go-out.aspx
    Go to Central Admin ---->Operations----->outgoing email settings and verify that SMTP server is mentioned correctly 
    2) Test the connectivity with the SMTP server.
    In order to do that follow these steps:
      Open  cmd
      telnet <SMTP server name> 25 ( We connect smtp server to the port 25)  
                     you should see a response  like this 220 <servername> Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at date and time
                     Beware that different servers will come up with different settings but you will get something
                     If you dont get anything then there could be 2 possible reasons, either port 25 is blocked or 
                     the smtp server is not responding.
      For testing response from your server
                       For testing response say ehlo to it.
                            Type :
                                        ehlo <servername>
                            output:
                                        250 <servername> Hello [IP Address]
      Now a test mail can be sent from that SharePoint server. 
                          Now we need to enter the From address of the mail.
                          Type :
                           mail from: [email protected]
                           output:
                           250 2.1.0 [email protected]….Sender OK
     It's time to enter the recepient email address.
    Type : rcpt to: [email protected]
    output:
    250 2.1.5 [email protected]
     Now we are left with the data of the email. i.e. subject and body.
    Type : data
    output:
    354 Start mail input; end with <CRLF>.<CRLF>
    Type:
    subject: this is a test mail
    Hi
    This is test mail body
    I am testing SMTP server.
    Hit Enter, then . and then Enter.
    output:
    250 2.6.0 <<servername>C8wSA00000006@<servername>> Queued mail for delivery
    Type: quit
    output:
    221 2.0.0 <servername> Service closing transmission channe
    3)  Check alerts are enabled for your web application
          verify if the windows timer service is running or not.
          Run this stsadm command to check that
          Stsadm.exe -o getproperty -url http://SharePoint-web-App-URL -pn alerts-enabled
         This should return <Property Exist="Yes" Value="yes" />
         If you don’t get this, Enable alerts by:
         stsadm.exe -o setproperty -pn alerts-enabled -pv "true" -url http://SharePoint-web-App-URL
          If its already enabled, try turn off and turn on it back.
    4)  Check the Timer job and Properties
           Go to
           MOSS 2007:  Central Administration > Operations > Timer Job Definitions (under Global Configuration)
           In SharePoint 2010: Central Administration > Monitoring > Review Job Definitions 
           Check whether the "Immediate Alerts" job is enabled for your web application. check these properties:
                       job-immediate-alerts
                       job-daily-alerts 
                       job-weekly-alerts
           stsadm.exe -o getproperty -url "http://Your-SharePoint-web-App-URL" -pn job-immediate-alerts
           The expected output is:
           <Property Exist="Yes" Value="every 5 minutes between 0 and 59"/>.  
           If you don’t get this, run the following command to set its value.
           stsadm.exe -o setproperty -pn job-immediate-alerts -pv “every 5 minutes between 0 and 59" -url http://Your-SharePoint-web-App-URL
    5)  Check whether the account is subscribed for alerts and it has a valid email account. This should be the first thing to check if the problem persists for some users not for      all.
    6)  Then check if at all those users have at least read permission for the list. Because the first mail should go out for every user without security validation but the next ones       won't be delivered unless the user has at least read
    permission.
    7)  If it is happening for one user, can also try to delete and re add the user in the site.
    8)  Most importantly , you should try this one.
          Run this SQL query to the content db < Select * from Timerlock>
          This will give you the name of the server which is locking the content database and since when.
          In order to get rid of that lock 
          Go to that server which is locking the content db and then restart the windows timer service.
          within some time it should release the lock from content db, if not then at the most stop the timer job for some time
          Once the lock will be released then try to send some alerts
          You will surely get the email alert.
    I found this is the most probable reason for alert not working most of the time. We should start troubleshooting with above steps before coming to this step for any alert email issue but from step 1 to step 7 are best for new environments or new servers.
    If the issue is like this ,alert was working before and suddenly stopped working without any environmental change then above conditions in step 1-7 should be ideally fine.
    Even after this if it is not working, then you can try these few more steps too
    9)  Try re-registering the alert template:
    stsadm -o updatealerttemplates -url http://Your-SharePoint-Web-App-URL -f  "c:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\XML\alerttemplates.xml" -LCID 1033
    10)  Try to clear the configuration cache
    If this helped you resolve your issue, please mark it Answered

  • My Itunes wont open and windows will send out an error message

    Hello
    I was working with Itunes for a long time with no problem what so ever until suddenly yesterday when I opened it I recived an error message from windows saying the process has to close and will I want to send out an error report to windows.
    I went on to move my Itunes library and repair the Itunes via the downloaded installation file but when it did not work I uninstalled it completly and reinstalled it with no effect...
    If any one have any idea as to how to solve this pls help....
    thank you

    windows installer has stopped working
    a problem caused the program to stop working correctly.
    windows will close the program and notify you if a solution is avabilable.
    ... and that's one that I wasn't thinking of ...
    Head into your Windows Update. Are there any new updates available for you? If so, and you install, does that clear up the error message?

Maybe you are looking for