This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ATP C2/Generic-A from out Mailserver

Hello,

today i found this on ATP log.

07:34:06 IPTables TCP C2/Generic-A
192.168.2.3 (Our Exchange Server) : 25

91.230.25.175 (Some Provider in Ukraine) : 56600
drop

same enty for 07:34:06 and 7:34:12

we checked our Windows2012R2 Exchange with Sophos Virus Removal Tool but found nothing.  

any suggestion what it could be an howe to troubleshoot it?

the 91.230.25.175 is in a Spam Database, so could it be some kind of Folse Positive because of spam? or can it be that someone has tried to send Spams from inside?

Firewall, SMTP, IPs logs have no Results about this IP...

thank you


This thread was automatically locked due to age.
Parents Reply Children
No Data