I've been reading a lot of the threads regarding SPAM mail, spoofed addressed, and the like trying to find a solution to this problem and I haven't found anything yet.
Some users in my organization (including myself) have been receiving e-mails not addressed to them. I've searched through the message headers and there's no reference to the valid e-mail address. Below is an example message header (I've only changed my domain info, the rest is the actual header) and some info about our configuration. I've seen this behavior for both MAPI and POP clients. How can this happen? Shouldn't Exchange reject mail to bogus e-mail addresses? I'm worried that I've been compromised.
*********
Microsoft Mail Internet Headers Version 2.0
Received: from mail pickup service by exchange.mydomain.com with Microsoft SMTPSVC;
Fri, 11 Jun 2004 01:32:31 -0700
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Description: discrete arduous69.faun
x-pp-spamblocker-id: 1001
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Received: from 69.37.234.206.adsl.snet.net ([69.37.234.206]) by exchange.mydomain.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 11 Jun 2004 01:32:24 -0700
X-Message-Info: N341AKC44LBUsbj0lyFIaBOY333JS445ybjRXkXH478
Received: from 232.196.200.74 by ip-298-8-2-9.cp.lilly@mydomain.com (AppleMailServer 60.2.4.0) id 77931161165 via NDR; Fri, 11 Jun 2004 08:30:32 -0100
Reply-To: "James Mathis" <lilly@mydomain.com>
From: "James Mathis" <lilly@mydomain.com>
To: "Lilly" <lilly@mydomain.com>
Subject: Need affordable phentermine or other drugs - Purchase online here
Date: Fri, 11 Jun 2004 02:28:32 -0700
MIME-Version: 1.0
Return-Path: <lilly@mydomain.com>
Message-ID: <exchangeiPrWzGI6dme00000318@exchange.mydomain.com>
X-OriginalArrivalTime: 11 Jun 2004 08:32:26.0584 (UTC) FILETIME=[A041E580:01C44F8E]
***************
Our config: Exchange 2000 SP3 on Windows 2K SP4 and all latest patches. Also on this machine, IIS and PolicyPatrol 3.0 (anti-spam), NAVMSE 2.5.
Thank you in advance for any help.
Some users in my organization (including myself) have been receiving e-mails not addressed to them. I've searched through the message headers and there's no reference to the valid e-mail address. Below is an example message header (I've only changed my domain info, the rest is the actual header) and some info about our configuration. I've seen this behavior for both MAPI and POP clients. How can this happen? Shouldn't Exchange reject mail to bogus e-mail addresses? I'm worried that I've been compromised.
*********
Microsoft Mail Internet Headers Version 2.0
Received: from mail pickup service by exchange.mydomain.com with Microsoft SMTPSVC;
Fri, 11 Jun 2004 01:32:31 -0700
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Description: discrete arduous69.faun
x-pp-spamblocker-id: 1001
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Received: from 69.37.234.206.adsl.snet.net ([69.37.234.206]) by exchange.mydomain.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 11 Jun 2004 01:32:24 -0700
X-Message-Info: N341AKC44LBUsbj0lyFIaBOY333JS445ybjRXkXH478
Received: from 232.196.200.74 by ip-298-8-2-9.cp.lilly@mydomain.com (AppleMailServer 60.2.4.0) id 77931161165 via NDR; Fri, 11 Jun 2004 08:30:32 -0100
Reply-To: "James Mathis" <lilly@mydomain.com>
From: "James Mathis" <lilly@mydomain.com>
To: "Lilly" <lilly@mydomain.com>
Subject: Need affordable phentermine or other drugs - Purchase online here
Date: Fri, 11 Jun 2004 02:28:32 -0700
MIME-Version: 1.0
Return-Path: <lilly@mydomain.com>
Message-ID: <exchangeiPrWzGI6dme00000318@exchange.mydomain.com>
X-OriginalArrivalTime: 11 Jun 2004 08:32:26.0584 (UTC) FILETIME=[A041E580:01C44F8E]
***************
Our config: Exchange 2000 SP3 on Windows 2K SP4 and all latest patches. Also on this machine, IIS and PolicyPatrol 3.0 (anti-spam), NAVMSE 2.5.
Thank you in advance for any help.
