Announcement

Collapse
No announcement yet.

Are we being spammed?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Are we being spammed?

    Please take a look at this and for the SMTP savvy individuals out there please help me work out whether we're being spammed or not::

    by ourdomainname with esmtp
    id yOdKXV-3FI655-18
    for myemailaddress; Sat, 12 Aug 2006 19:58:34 +0000
    Content-class: urn:content-classes:message
    Subject: Yours acce[S,s,$][S,s,$] download
    MIME-Version: 1.0
    Content-Type: multipart/related;
    boundary="----_=_NextPart_001_01C69139.51747150";
    Date: Sat, 12 Aug 2006 19:58:34 +0000
    X-MimeOLE: Produced By Microsoft Exchange V6.5
    Message-ID: <[email protected]>
    X-MS-Has-Attach: yes
    X-MS-TNEF-Correlator:
    Thread-Topic: Yours acce[S,s,$][S,s,$] download
    Thread-Index: UlZBJB1JVBz3CMdkewYUr1pA7V1LOi==
    From: "Nadine" <anotheremailaddressinmyorganisation>
    To: myemailaddress
    X-Return-Path: anotheremailaddressinmyorganisation
    X-MDaemon-Deliver-To: myemailaddress
    X-MDAV-Processed: ourdomainname, Sat, 12 Aug 2006 19:58:34 +0000
    X-Spam: Not detected

    ------_=_NextPart_001_01C69139.51747150
    Content-Type: multipart/alternative;
    boundary="----_=_NextPart_002_01C69139.51747150"


    ------_=_NextPart_002_01C69139.51747150
    Content-Type: text/plain;
    charset="us-ascii"
    Content-Transfer-Encoding: quoted-printable

    <http://yOdKXV.oem2007.net>=20

    (the above link is to a valid web address-which claims to sell software)

  • #2
    Re: Are we being spammed?

    Through the SMTP headers you can trace where a message has come from unless they've been altered which can easily be done. They don't necessarily tell you if a message is spam. In fact, spam is an arbitrary thing that, ultimately, people decide what is and isn't.
    http://www.google.com/search?hl=en&l...define%3A+spam
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: Are we being spammed?

      Thanks JeremyW, my suspicions are based on the fact that this email came from another user who I know is currently on holiday in Italy, the emails were sent from his account during the weekend, then there was one sent this morning from his email address which was a 'viagra' one.

      Comment


      • #4
        Re: Are we being spammed?

        OK, so it sounds like it's spam. It seems someone has spoofed that user's email address.
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment


        • #5
          Re: Are we being spammed?

          In this situation, what should I do? We run Exchange 2000 Server standard with SP3 and I've double-checked that we're not an open relay, which means accounts that are not valid in AD cannot send emails using our Email Server.

          1) Will deleting and recreating this user account solve the problem?
          2) Will changing our admin password do the trick? perhaps it's been compromised in some way..

          Any suggestions gladly welcome, thanks in advance folks!!

          Comment


          • #6
            Re: Are we being spammed?

            1) Will deleting and recreating this user account solve the problem?
            No
            2) Will changing our admin password do the trick? perhaps it's been compromised in some way..
            No

            The problem is an external one so doing anything internal, unless it's filtering things coming in, will have no affect.

            You will need to get some sort of third-party spam filter. I use a Trend Micro product but I'll be looking into others because I'm not getting the performance I want.
            I heard that Spam Marshall is a "top ranking anti-spam and mail filtering software".

            EDIT - Spam Marshall changed it's name to ITA Networks Inc.
            Last edited by JeremyW; 15th August 2006, 13:04.
            Regards,
            Jeremy

            Network Consultant/Engineer
            Baltimore - Washington area and beyond
            www.gma-cpa.com

            Comment


            • #7
              Re: Are we being spammed?

              I have knocked out 90% of spam on three servers now using the same technique.
              The technique is greylisting. It doesn't stop everything, but has made a massive difference.

              I have used two products for greylisting - ORF from Vamsoft and GFI Mail Essentials.

              Greylisting is such a simple concept that I am surprised that it still works, but it does.

              Simon.
              --
              Simon Butler
              Exchange MVP

              Blog: http://blog.sembee.co.uk/
              More Exchange Content: http://exchange.sembee.info/
              Exchange Resources List: http://exbpa.com/
              In the UK? Hire me: http://www.sembee.co.uk/

              Sembee is a registered trademark, used here with permission.

              Comment


              • #8
                Re: Are we being spammed?

                I forgot to mention that we use an external so called Spam filter - Net Intelligence and just like Trend Micro, it is a pile of crap. I've resorted to using Outlook 2003's junk email filter's Safe Sender's list, I imported the whole GAL into the safe sender's list, but if the spoofed address is one of ours? this is how I'm still getting SPAM....from 'my users email addresses',

                Comment

                Working...
                X