Hello, I use Exchange 200 and I received from a DG an email that I would consider as a spam...Find below the DG detail: GroupType : Universal, SecurityEnabled SamAccountName : G_List ExpansionServer : ReportToManagerEnabled : False ReportToOriginatorEnabled : True SendOofMessageToOriginatorEnabled : False ManagedBy : AcceptMessagesOnlyFrom : {Graig, Henry} AcceptMessagesOnlyFromDLMembers : {} HiddenFromAddressListsEnabled : False MaxSendSize : unlimited MaxReceiveSize : unlimited PoliciesIncluded : {{1B6CB9-A1AE-4FA-83D-32843090CFE},{2649FC-950-487-81B-0CB822B5D7}} PoliciesExcluded : {} EmailAddressPolicyEnabled : True RecipientType : MailUniversalSecurityGroup RecipientTypeDetails : MailUniversalSecurityGroup RejectMessagesFrom : {} RejectMessagesFromDLMembers : {} RequireSenderAuthenticationEnabled : False SimpleDisplayName : UMDtmfMap : {} IsValid : True ExchangeVersion : 0.1 (8.0.535.0) Name : G_List And also the HEADER from the email received: Received: from EDGE.company.com (10.10.20.90) by HUBCAS.company.intra (10.20.1.1) with Microsoft SMTP Server (TLS) id 8.1.393.1; Fri, 3 Sep 2010 09:55:58 +0200 Received: from LINUXSERVER1.company.com (82.11.10.22) by EDGE.company.com (10.10.20.90) with Microsoft SMTP Server (TLS) id 8.1.263.0; Fri, 3 Sep 2010 09:54:54 +0200 Received: from company.com by company.com (x.x.x/x.x.x) with ESMTP id o837slDX009309 for <Graig@server.company.com>; Fri, 3 Sep 2010 09:54:48 +0200 Received: from company.com by london.company.com (x.x.x/x.x.x) with ESMTP id o838N8V4002818 for <GRAIG>; Fri, 3 Sep 2010 10:23:08 +0200 Date: Fri, 3 Sep 2010 10:22:59 +0200 Message-ID: <20930822.o838Mx4I002733@me-ml2.company.fr> Subject: Please repeat your mail : G_List@company.com ...not authorized To: G_List@company.com References: <2010090822.o83MeL002728@me-ml2.company.fr> In-Reply-To: <201009022.o83v002728@me-ml2.company.fr> from G_List on Fri, 3 Sep 2010 12:54:38 +0500 From: Administrateur de la messagerie <admin@company.com> Sender: Administrateur de la messagerie <admin@company.com> X-Mailer: Perl5 Mail::Internet v1.67 MIME-Version: 1.0 Content-Type: text/plain Return-Path: admin@company.com X-MS-Exchange-Organization-Antispam-Report: IPOnAllowList X-MS-Exchange-Organization-SCL: -1 As per the header it is really complicated to find out who sent the email as admin@company.com is not a user and is not even allowed to send the email. Anyway, is that normal that when a user is not allowed to send an email to the DG an email will be sent to all the members?? because it is what happened. Can we remove that message sent to all the members if it is normal or how could I block that type of "spam" ? Tanks in advnce, Graig

If UserA is not having rights to send Email to DG. When he tries to send an email, it will say you dont have permissions to send email. So looks like this is something else. Can you track the message by message id and see frmo where it originated? Thiyagu | MCTS/MCITP - Exchange 2007 | MCSE 2003[Messaging] | http://www.myExchangeWorld.com. This posting is provided "AS IS" with no warranties, and confers no rights.

Change the group to require authentication. It is currently turned off. That will stop spam in its tracks. Simon.Simon Butler, Exchange MVP. http://blog.sembee.co.uk , http://exbpa.com/

Did it come from: AcceptMessagesOnlyFrom : {Graig, Henry}?

On Fri, 3 Sep 2010 08:37:50 +0000, Graiggoriz wrote: [ snip ] >Anyway, is that normal that when a user is not allowed to send an email to the DG an email will be sent to all the members?? because it is what happened. Can we remove that message sent to all the members if it is normal or how could I block that type of "spam" ? You're restricting the set of authenticated users to just this: AcceptMessagesOnlyFrom : {Graig, Henry} But you allow ANONYMOUS users to send to the group: RequireSenderAuthenticationEnabled : False Change that so only authenticated users are permitted to send to the group and you won't get any more spam (unless Graig or Henry send it). --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Such a wonderful topic for me.......[url=http://purehoodiawarning.com/]Pure Hoodia[/url]

Hi, This issue may occur if the Graig or Henry send as the admin@company.com You need to use Protocol Logging on the Receive Connector to check this issue, confirm the P1 address is not others user. Thanks Allen

Hello, @ sembee: I do apologize for the delay!! I turned on the group to require authentication. And I am wondering if as long as you have on a DG properties: "only sender in the following list" activated. Then the option "require that all senders are authenticate" should be also actived. If it should be, do you know any shell command that would activate that option from a list of DGs? @ AndyD: non @ allen: will try that out