SPAM boss
Hello,
I use Exchange 2007 and MYBOSS is receiving spams.. I did block IPs and also block the content used in the subjet: "*** SPAM ***" and "SPAM" but The email below has gone through (see header).
I check the BypassedSenderDomains and have just an internal one. No outiside domains by passed.
I got stuck and don't know what to do now... I was about toblcok the IP 69.65.57.229 butr it seems like it will continue..
Would you have any better solution to stop the spams?
Received: from EDGE.Company.com (100.XXX.2.XX) by HUBCAS01.company.intra
(100.XXX.1.XX) with Microsoft SMTP Server (TLS) id 8.1.393.1; Wed, 29 Sep
2010 14:09:03 +0200
Received: from tany29.akitany.com (69.65.57.229) by EDGE.Company.com
(100.XXX.2.XX) with Microsoft SMTP Server id 8.1.263.0; Wed, 29 Sep 2010
14:07:31 +0200
Received: by tany29.akitany.com (PowerMTA(TM) v3.0c2) id hkclva01g74r; Wed, 29
Sep 2010 08:07:04 -0400 (envelope-from <Gary_John@akitany.com>)
Date: Wed, 29 Sep 2010 08:07:03 -0400
From: Ink-Toner 85pct-off 0-shipping-C-Detls <Gary_John@akitany.com>
Subject: *** SPAM ***Bulletin.-Product Ink and Toner 85pct off
To: <MYBOSS@company.com>
Message-ID: <xmWkopVjGd39zp0uo9nVMg@akitany.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Return-Path: Gary_John@akitany.com
X-MS-Exchange-Organization-PRD: akitany.com
Received-SPF: Pass (EDGE.Company.com: domain of Gary_John@akitany.com
designates 69.65.57.229 as permitted sender) receiver=EDGE.Company.com;
client-ip=69.65.57.229; helo=tany29.akitany.com;
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report: DV:3.3.8414.660;SV:3.3.8520.1261;SID:SenderIDStatus Pass;OrigIP:69.65.57.229
X-Spam-Flag: YES
X-Spam-Status: YES, hits=8 required=5,
ct-refid=[str=0001.0A3D0202.4CA32C0C.0098,ss=1,pt=R_F_5806796,fgs=0],
tests=CTENGINE_CONFIRMED
X-MS-Exchange-Organization-SCL: 8
X-MS-Exchange-Organization-SenderIdResult: PASS
September 29th, 2010 8:29am
Are you receivign the mail from the same domain address
IS your domain name akitany.com ?
Then your domain is open for spoofing.
Your server is accepting mail maybe a hub server ?
You need to enable only authenticated mails.
Free Windows Admin Tool Kit Click here and download it now
September 29th, 2010 9:11am
Please follow this ..
http://exchangepedia.com/2008/09/how-to-prevent-annoying-spam-from-your-own-domain.html
http://blogs.technet.com/b/trex/archive/2008/11/06/receive-connector-security-permissions.aspx
especially Receive Connectors have the ms-exch-smtp-accept-authoritative-domain-sender from first one,.
September 29th, 2010 9:35am
The domain name akitany.com is the one spaming us. The *@akitany.com addresses are sending email to authenticate users in my company.
We do not have only that domain and it is directed to my boss.. I don't receive any of these spams.
Graig
Free Windows Admin Tool Kit Click here and download it now
September 29th, 2010 10:00am
I can spam to you and your boss if I can get your e-mail address.
I would suggest to close the permission.
or better suggest to open a call with MS PSS.( it is just one command or using an Adsiedit).
MS PSS is microsoft product support services.
September 29th, 2010 10:08am
See http://www.ivasoft.biz/spammover2007.shtml
Free Windows Admin Tool Kit Click here and download it now
October 1st, 2010 7:23am
I would like to come up with an example of received spam:
as Per what I read it says that the IP 80.118.49.225 as permitted sender from my Edge 1 and I have no IP like that on the Edge 1.
I am considering to close the permission. But I would like to know how come that message can go through and why it is marked as permitted sender ??
From: Decision MD <envoi@info.medianet-25.com>
To: <boss@company.uk>
Date: Thu, 7 Oct 2010 10:45:00 +0200
Subject: =?ISO-8859-1?Q?***_SPAM_***Delivery?=
Return-Path: envoi@info.medianet-25.com
X-MS-Exchange-Organization-PRD: info.medianet-25.com
Received-SPF: Pass (EDGE01.COMPANY.com: domain of
envoi@info.medianet-25.com designates 80.118.49.225 as permitted sender)
receiver=EDGE01.COMPANY.com; client-ip=80.118.49.225;
helo=makronissos225.do05.net;
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report: DV:3.3.8414.660;SV:3.3.8520.1261;SID:SenderIDStatus Pass;OrigIP:80.118.49.225
X-Spam-Flag: YES
X-Spam-Status: YES, hits=6 required=5,
ct-refid=[str=0001.0A3D0202.4CAD88B6.0056,ss=1,fgs=0], tests=CTENGINE_UNKNOWN
X-MS-Exchange-Organization-SCL: 6
X-MS-Exchange-Organization-SenderIdResult: PASS
October 7th, 2010 5:38am
The permitted sender just means that the sender of the email has configured an SPF record. That isn't unusual. Spammers are always the first to use any new antispam techniques to try and get their messages delivered.
So if you have configured your server to an SPF record lookup, then it has passed that test.
There is no single solution to spam, and in many cases the antispam solutions that Exchange provides are ineffective. If spam could be blocked that easily then it wouldn't be a problem.
Simon.Simon Butler, Exchange MVP
Blog |
Exchange Resources
Free Windows Admin Tool Kit Click here and download it now
October 7th, 2010 7:32am
Hello,
I've got a user on the phone telling me that a user sent him an email onto our organization and his personal email address.
The user received the email on his personal email addres with the following subjet: INFORMATION
AND he received it as well on our organization but with the subject: *** SPAM *** INFORMATION
Could anyone explain me how come the subject has been rewritten?? I do not think I have any application set up taht would change the subject.. Any help would be very appreciated.
Graig
October 21st, 2010 6:36am
Let me add that the subject is sent as is from the edge to the hubcas in the tracking I did on the Edge.
But the message tracking from the Hubcas shows that the subject has been rewrite with the mention *** SPAM***.
And I wish to know why? please help.
G
Free Windows Admin Tool Kit Click here and download it now
October 21st, 2010 7:13am
That has to be a third party utility doing that, or something has been written in the transport rules. Exchange doesn't do that natively.
Simon.Simon Butler, Exchange MVP
Blog |
Exchange Resources
October 21st, 2010 7:19pm