Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Spam from XYZPDQ@domain.com??

Status
Not open for further replies.
pkirill

pkirill

Technical User
Jun 15, 2002
134
US
We use GFI Mail Essentials to manage the spam on our Exchange 2K3 server. Until recently it has been doing a great job. However, we are now getting spam slipping through where the message ID, From and Reply *look* like they are from someone in our domain, however the user name is not someone in the GAL (or any other user on the system). The only real clue is in the return path. I've told Exchange (and GFI) to ignore users not in the directory. I've posted a sample header below (our server, domain, and IP have been changed to protect the innocent...)

Any ideas on how to stop this? Any help would be greatly appreciated!


Microsoft Mail Internet Headers Version 2.0
Received: from 67.12.12.123 ([222.73.247.127]) by SERVER.domain.local with Microsoft SMTPSVC(6.0.3790.1830);
Fri, 13 Apr 2007 06:11:03 -0400
X-Originating-IP: 151.193.215.94 by smtp.222.73.247.127; Fri, 13 Apr 2007 06:10:52 -0500
Message-ID: <eadtfvMVYXXmurriel@domain.com>
From: "Millie Carroll" <murriel@domain.com>
Reply-To: "Millie Carroll" <murriel@domain.com>
To: murriel@domain.com
Subject: Prest1ge Repl1cas startling repl1ca w4tches for you
Date: Fri, 13 Apr 2007 06:10:52 -0500
Content-Type: text/plain;
Content-Transfer-Encoding: 7Bit
Return-Path: contact@in2connect.net
X-OriginalArrivalTime: 13 Apr 2007 10:11:04.0746 (UTC) FILETIME=[0BB6C0A0:01C77DB4]

 
Sort by date Sort by votes
The emails are obviously spoofed, this is very common with spam.

I've used GFI's MailEssentials/MailSecurity for several years. Although I think it is one of the best products, it is not perfect. It misses some stuff, and because of that you should use other spam mitigation techniques along with GFI.

I've found that configuring your Exchange server to use RBLs can help out alot.

For some outstanding info on this, see talon121a's posting in the thread below:


MCSE CCNA CCDA
 
Upvote 0 Downvote
That's great info - much thanks! I also found out that our domain had been whitelisted. As in *@domain.com passed by all the other filters. I am also a big fan of GFI, so I'm hoping this fixed it. So far, so good...

Thanks again!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Brent Fletcher
  • Locked
  • Question
Exchange rule to remove &quot;✉&quot; icon when it appears in a subject title from a supplier
Replies
0
Views
3K
Brent Fletcher
Brent Fletcher
david jackson
  • Locked
  • Question
Extract only the subject and recipients from a mailbox
Replies
0
Views
2K
david jackson
david jackson
Rupinder Kaur
  • Locked
  • Question
How do you delete time from activity in QuickBooks?
Replies
3
Views
470
strongm
strongm
jmics
  • Locked
  • Question
Exchange 2010 spam filter
Replies
0
Views
262
jmics
jmics
rushej
  • Locked
  • Question
Spam on Exchange2010 Server
Replies
1
Views
249
Alex Robinson
Alex Robinson

Part and Inventory Search

Sponsor

Back
Top