Bizarre email conflict in small office LAN

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Bizarre email conflict in small office LAN

webfish

35 posts

Geek

#198892 27-Jul-2016 11:53

This is bizarre and a bit hard to describe.

We have a small office network (Modem and ethernet switch with about 5 devices networked).

My boss remotely logs into a PC on our network to use our quoting software as he lives in another town. He sends the quotes by email from the same PC using Outlook. In case it's relevant, we have a static IP that allows him to communicate.

Problem: Emails will not send from this PC when my PC (different machine on same network) is shut down. When I start my PC AND outlook in the morning, his Outlook wakes up and sends all queued messages.

What the heck is going on here???

Dynamic

3867 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#1599447 27-Jul-2016 11:58

What error messages are seen when trying to send?

What email system is in use - POP or Exchange or IMAP?

Which email program is being used on the machines?

Check his machine is using DHCP (for IP and DNS) https://youtu.be/QhpNEL2wOcE

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

Referral links to services I use, really like, and may be rewarded if you sign up:
PocketSmith for budgeting and personal finance management. A great Kiwi company.

webfish

35 posts

Geek

#1599456 27-Jul-2016 12:16

Thanks for the reply.

~ No error message, just sent email "stuck" in outbox. (until I start Outlook on my PC)

~ Using POP

~ Outlook 2007 on both machines (yes I know .... old!!)

~ Boss's machine does not have DHCP enabled as requires static IP to run software via remote desktop. Has worked fine for 12 years on this very machine.

We have installed a new modem recently as have upgraded to VDSL, not sure if that could be relevant.

Bosses machine is XP (please don't hit me I'm only IT dpt by default in a two person company!)

My PC is Win7

Dynamic

3867 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#1599462 27-Jul-2016 12:28

webfish:

Thanks for the reply.

~ No error message, just sent email "stuck" in outbox. (until I start Outlook on my PC)

~ Using POP

~ Outlook 2007 on both machines (yes I know .... old!!)

~ Boss's machine does not have DHCP enabled as requires static IP to run software via remote desktop. Has worked fine for 12 years on this very machine.

We have installed a new modem recently as have upgraded to VDSL, not sure if that could be relevant.

Bosses machine is XP (please don't hit me I'm only IT dpt by default in a two person company!)

My PC is Win7

lol 12 years? Wow.

Can he access the internet from his computer with yours turned off? Can it receive email with yours turned off? I was wondering whether your computer might be providing DNS for his computer for some reason when asking you about DHCP. Are his SMTP Server settings in the email account settings in Outlook the same as yours?

New modem in theory would not have an impact..... does the timing of the issue coincide with that or did it already exist?

If your email is POP, I would be concerned it is not being backed up. An Exchange-based solution like Office 365 takes care of this, but that would involve upgrades.

Ransomware is getting more and more prolific. Please please please think about your current backup strategy and how you can make it more effective.

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

Referral links to services I use, really like, and may be rewarded if you sign up:
PocketSmith for budgeting and personal finance management. A great Kiwi company.

timmmay

20578 posts

Uber Geek

Trusted

Lifetime subscriber

#1599469 27-Jul-2016 12:44

Traffic could be routing through your machine, or some dependent service running on it.

gehenna

8499 posts

Uber Geek

Moderator

Trusted

Lifetime subscriber

#1599471 27-Jul-2016 12:47

Sounds like the other machine is acting as the POP and SMTP server for your boss.

PS it's highly negligent for your business to be running such old software. Not just to yourselves but you become a threat vector to other organisations that you deal with. It's really not hard or expensive to get your infrastructure into a current state.

timmmay

20578 posts

Uber Geek

Trusted

Lifetime subscriber

#1599503 27-Jul-2016 13:56

Think about disaster recovery and backups. Sounds like the current setup is a recipe for disaster.

webfish

35 posts

Geek

#1599589 27-Jul-2016 16:15

Thanks for your concern. The PC in question does one thing and that is run quoting software (not updated beyond XP) and send quote emails. No email comes into that computer and no web browsing takes place. It gets accessed periodically via remote desktop which is probably the extent of our exposure.

Nothing on that machine needs backing up as the information in the sent emails resides elsewhere.

Sharesies

Trade NZ and US shares and funds with Sharesies (affiliate link).

Spyware

3761 posts

Uber Geek

Lifetime subscriber

#1599612 27-Jul-2016 16:22

SMTP account used on both machines uses same credentials??

Spark Max Fibre using Mikrotik CCR1009-8G-1S-1S+, CRS125-24G-1S, Unifi UAP, U6-Pro, UAP-AC-M-Pro, Apple TV 4K (2022), Apple TV 4K (2017), iPad Air 1st gen, iPad Air 4th gen, iPhone 13, SkyNZ3151 (the white box). If it doesn't move then it's data cabled.

noroad

949 posts

Ultimate Geek

Trusted

#1599617 27-Jul-2016 16:29

webfish:

Thanks for your concern. The PC in question does one thing and that is run quoting software (not updated beyond XP) and send quote emails. No email comes into that computer and no web browsing takes place. It gets accessed periodically via remote desktop which is probably the extent of our exposure.

Nothing on that machine needs backing up as the information in the sent emails resides elsewhere.

RDP over the public internet to a non-patchable XP host..... well now, that was always going to have a big issue at some point

1 minute google -

http://www.securebinary.co.za/remote-desktop-rdp-vulnerability/

https://www.youtube.com/watch?v=W_K0xzj4Q5c

http://www.securityfocus.com/bid/52353

I would assume more exploits have been found since XP ended support, if not being able to send email is your only issue you should be very happy.

wellygary

8315 posts

Uber Geek

#1599618 27-Jul-2016 16:33

The PC in question does one thing and that is run quoting software (not updated beyond XP) and send quote emails.

Where is its IP gateway pointed at?, it may be pointed at your machine?

gehenna

8499 posts

Uber Geek

Moderator

Trusted

Lifetime subscriber

#1600085 28-Jul-2016 10:41

The fact that it sends email is exactly the sort of risk to other parties that we're alluding to.

webfish

35 posts

Geek

#1600103 28-Jul-2016 11:11

Can I point out that I am not an IT department and none of this is in my job description - I was just trying to help my employer out with an email issue. I have, however, taken all your security concerns on board and advised my boss. It's up to him now.

Aaaand ..... I'm out.

Dynamic

3867 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#1600105 28-Jul-2016 11:13

Noooooooo you don't get off that lightly! It's all going to turn to custard and somehow it will become your fault! *chuckle*

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

Referral links to services I use, really like, and may be rewarded if you sign up:
PocketSmith for budgeting and personal finance management. A great Kiwi company.

deadlyllama

1262 posts

Uber Geek

Trusted

#1600140 28-Jul-2016 12:29

At the very least

Make sure you have good backups, on a device that spends most of its life not plugged in to your LAN or any device attached to your LAN.
Be prepared for someone to find a way to send enormous volumes of spam via your mailserver. Your ISP will not be happy, and when your legitimate mail starts getting blocked by people's mail filters, neither will you.
Be prepared for someone to break into that XP machine and steal your company's data / encrypt all your files and demand a ransom for the password / etc.
Be prepared for someone to break into that XP machine and use it as a jumping-off point to hack into someone else's systems, leaving a trail of log entries saying the attack originated from your company's network.

Yeah, doing proper IT security is hard, especially when you don't know how and no one has any time. Cleaning up after one of the above messes is also hard. You won't get to choose when it happens, and it could well cause significant financial or reputational damage to your company.