Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

I am Sinking with SPAM .. HEELP

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2003] >> Server Security >> I am Sinking with SPAM .. HEELP Page: [1]
Login
Message << Older Topic   Newer Topic >>
Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
I am Sinking with SPAM .. HEELP - 20.Dec.2006 3:59:30 PM   
farisnt

 

Posts: 383
Joined: 9.Jul.2006
Status: offline 		HI
my Network is sinking with SPAM every day there is more than 100 SPAM Email reach to my network

I have Windows 2003 Service Pack1 have Exchange Server 2003 Service Pack2
There is Windows 2003 Service Pack1 that had ISA 2004 Service Pack2
There is Windows 2003 Service pack1 that had POPcon that download the Emails from another webhsot

I have Intelligent Message Filter that is configured and Trend Mail Scan that have the SPAM Protection up to High

but I am still having problem with SPAM

SPAM are reaching from Several Account name and some mails are from other brunches .. but they are
SPAM


I thought that there is a SPAM Server that is sending a mails to the network...

I look in the Email Header and found that there are several Servers not one .. each message is comming from an IP

I have add some of these IP to the Deny List on the IMF .. I look for Spam servers on the internet and I found that there is more than 200 SPAM Server and I can not add every

thing. and make them as a SPAM ..

I hope that there is any one how can help me in this
These are some of the message header


--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Microsoft Mail Internet Headers Version 2.0
Received: from exchange-pop3-connector.com ([192.168.1.254]) by mserver.msc-sy.com with Microsoft SMTPSVC(6.0.3790.0);
Tue, 19 Dec 2006 01:58:12 +0200
Return-path: <pamphletflung@absincorp.com>
Envelope-to: telexrelease@msc-sy.com
Delivery-date: Mon, 18 Dec 2006 18:51:37 -0500
Received: from msc by satellite.dnsprotect.com with local-bsmtp (Exim 4.52)
id 1GwSGa-0004ON-B9
for telexrelease@msc-sy.com; Mon, 18 Dec 2006 18:51:36 -0500
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on
satellite.dnsprotect.com
X-Spam-Level: ***
X-Spam-Status: No, score=3.5 required=5.0 tests=BAYES_99 autolearn=no
version=3.1.7
Received: from [89.139.48.16] (helo=8bd68cc84d9b4b0)
by satellite.dnsprotect.com with esmtp (Exim 4.52)
id 1GwSGZ-0004Nb-Lx
for telexrelease@msc-sy.com; Mon, 18 Dec 2006 18:51:32 -0500
Received: from 70.103.241.142 (HELO smtp.absincorp.com)
by msc-sy.com with esmtp (DQ*)Y7L.4 @9UF3)
id -4H).9-T5='3)-P1
for telexrelease@msc-sy.com; Mon, 18 Dec 2006 23:51:45 -0120
From: "Lydia Kline" <pamphletflung@absincorp.com>
To: <telexrelease@msc-sy.com>
Subject: Lydia
Date: Mon, 18 Dec 2006 23:51:45 -0120
Message-ID: <01c722ff$7956e050$6c822ecf@pamphletflung>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478
Thread-Index: Aca6Q--,J95Q>T2'=0,034GT98L9T2==
X-OriginalArrivalTime: 18 Dec 2006 23:58:12.0890 (UTC) FILETIME=[60798FA0:01C72300]
X-TM-AS-Product-Ver: SMEX-7.0.0.1499-3.6.1039-14882.000
X-TM-AS-Result: Yes-11.650600-4.000000-31
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Microsoft Mail Internet Headers Version 2.0
Received: from exchange-pop3-connector.com ([192.168.1.254]) by mserver.msc-sy.com with Microsoft SMTPSVC(6.0.3790.0);
Tue, 19 Dec 2006 03:29:02 +0200
Return-path: <bounce@taggedmail.com>
Envelope-to: rsuleiman@msc-sy.com
Delivery-date: Mon, 18 Dec 2006 20:24:57 -0500
Received: from msc by satellite.dnsprotect.com with local-bsmtp (Exim 4.52)
id 1GwTiu-0005Kv-Gn
for rsuleiman@msc-sy.com; Mon, 18 Dec 2006 20:24:57 -0500
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on
satellite.dnsprotect.com
X-Spam-Level: *
X-Spam-Status: No, score=1.5 required=5.0 tests=BAYES_40,FORGED_YAHOO_RCVD,
HTML_90_100,HTML_IMAGE_ONLY_32,HTML_MESSAGE,MIME_HTML_ONLY,
RCVD_IN_BSP_TRUSTED,URIBL_OB_SURBL autolearn=ham version=3.1.7
Received: from [64.125.115.51] (helo=sfo-mta-05.taggedmail.com)
by satellite.dnsprotect.com with esmtp (Exim 4.52)
id 1GwTiu-0005KQ-6H
for rsuleiman@msc-sy.com; Mon, 18 Dec 2006 20:24:52 -0500
Received: from taggedmail.com (unknown [10.15.10.16])
by sfo-mta-05.taggedmail.com (Postfix) with ESMTP id 87B3DFC1D0
for <rsuleiman@msc-sy.com>; Mon, 18 Dec 2006 17:24:53 -0800 (PST)
Reply-to: Litton Yan <evertrust1999@yahoo.com>
X-Log-Id: 975032882
From: Litton Yan <evertrust1999@yahoo.com>
To: rsuleiman@msc-sy.com
Subject: Litton has Tagged you! :)
MIME-Version: 1.0
Accreditor: Habeas
X-Habeas-Report: Please report use of this mark in spam to <http://www.habeas.com/report/>
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <20061219012453.87B3DFC1D0@sfo-mta-05.taggedmail.com>
Date: Mon, 18 Dec 2006 17:24:53 -0800 (PST)
X-OriginalArrivalTime: 19 Dec 2006 01:29:03.0078 (UTC) FILETIME=[110A4060:01C7230D]
X-TM-AS-Product-Ver: SMEX-7.0.0.1499-3.6.1039-14882.000
X-TM-AS-Result: No--2.723700-4.000000-31
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


Microsoft Mail Internet Headers Version 2.0
Received: from exchange-pop3-connector.com ([192.168.1.254]) by mserver.msc-sy.com with Microsoft SMTPSVC(6.0.3790.0);
Tue, 19 Dec 2006 00:30:22 +0200
Return-path: <tvandykeehek@centerforlivingart.com>
Envelope-to: dtx@msc-sy.com
Delivery-date: Mon, 18 Dec 2006 17:24:03 -0500
Received: from msc by satellite.dnsprotect.com with local-bsmtp (Exim 4.52)
id 1GwQtr-0004NQ-53
for dtx@msc-sy.com; Mon, 18 Dec 2006 17:24:03 -0500
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on
satellite.dnsprotect.com
X-Spam-Level: ****
X-Spam-Status: No, score=4.9 required=5.0 tests=BAYES_99,EXTRA_MPART_TYPE,
HTML_30_40,HTML_MESSAGE autolearn=no version=3.1.7
Received: from [212.166.233.29] (helo=centerforlivingart.com)
by satellite.dnsprotect.com with smtp (Exim 4.52)
id 1GwQth-0004F7-FJ; Mon, 18 Dec 2006 17:23:58 -0500
Message-ID: <d62501c722cf$95c8d4d0$e4241856@tvandykeehek>
Reply-To: "Shonda Carr" <tvandykeehek@centerforlivingart.com>
From: "Shonda Carr" <tvandykeehek@centerforlivingart.com>
To: "Larry Watkins" <dtx@msc-sy.com>
Cc: "Enoch Phillips" <claim@msc-sy.com>,
"Cherlyn" <cptn.suleiman@msc-sy.com>,
"Lorita Mcdonald" <a-hajabdulkader@msc-sy.com>,
"Darnell Clark" <export@msc-sy.com>,
"Joline" <rsuleiman@msc-sy.com>
Subject: Im sorry
Date: Mon, 18 Dec 2006 18:08:56 -0400
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_33A_4C96_E3241B7A.8AF49380"
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4922.1500
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4922.1500
X-OriginalArrivalTime: 18 Dec 2006 22:30:22.0890 (UTC) FILETIME=[1B4F60A0:01C722F4]
X-TM-AS-Product-Ver: SMEX-7.0.0.1499-3.6.1039-14882.000
X-TM-AS-Result: No-3.872700-4.000000-31

------=_NextPart_33A_4C96_E3241B7A.8AF49380
Content-Type: multipart/alternative;
boundary="----=_NextPart_2CE_57FC_2AC4544D.546D6545"

------=_NextPart_2CE_57FC_2AC4544D.546D6545
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

------=_NextPart_2CE_57FC_2AC4544D.546D6545
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


------=_NextPart_2CE_57FC_2AC4544D.546D6545--
------=_NextPart_33A_4C96_E3241B7A.8AF49380
Content-Type: image/gif;
name="mogite.gif"
Content-Transfer-Encoding: base64
Content-ID: <db51201c722cf495c48f10203d25b1@tvandykeehek>


------=_NextPart_33A_4C96_E3241B7A.8AF49380--
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Microsoft Mail Internet Headers Version 2.0
Received: from exchange-pop3-connector.com ([192.168.1.254]) by mserver.msc-sy.com with Microsoft SMTPSVC(6.0.3790.0);
Mon, 18 Dec 2006 21:40:59 +0200
Return-path: <campgroundsgentrified@abg.ru>
Envelope-to: dtx@msc-sy.com
Delivery-date: Mon, 18 Dec 2006 14:38:23 -0500
Received: from msc by satellite.dnsprotect.com with local-bsmtp (Exim 4.52)
id 1GwOJS-0005JV-Ge
for dtx@msc-sy.com; Mon, 18 Dec 2006 14:38:22 -0500
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on
satellite.dnsprotect.com
X-Spam-Level: ***
X-Spam-Status: No, score=4.0 required=5.0 tests=BAYES_99,DATE_IN_PAST_03_06
autolearn=no version=3.1.7
Received: from [66.97.203.99] (helo=saddleup-ddi9fm)
by satellite.dnsprotect.com with esmtp (Exim 4.52)
id 1GwOJS-0005Iy-29
for dtx@msc-sy.com; Mon, 18 Dec 2006 14:38:14 -0500
Received: from 217.16.16.81 (HELO mx1.masterhost.ru)
by msc-sy.com with esmtp (PWK=I21>S7 .Q4-8)
id G)H(,,-..Z6.0-R?
for dtx@msc-sy.com; Mon, 18 Dec 2006 19:38:19 +0480
From: "Brain Lloyd" <campgroundsgentrified@abg.ru>
To: <dtx@msc-sy.com>
Subject: Brain
Date: Mon, 18 Dec 2006 19:38:19 +0480
Message-ID: <01c722dc$11e29540$6c822ecf@campgroundsgentrified>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Thread-Index: Aca6QV6+Q@4.(0--7RK83A9?6T5+5O==
X-OriginalArrivalTime: 18 Dec 2006 19:41:00.0125 (UTC) FILETIME=[71D480D0:01C722DC]
X-TM-AS-Product-Ver: SMEX-7.0.0.1499-3.6.1039-14880.002
X-TM-AS-Result: Yes-15.744800-4.000000-31
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


These are some of the header .. Hopfully some one can help

NOTE THAT THAT THE EXCHANGE IS NOT OPEN RELAY
Post #: 1
RE: I am Sinking with SPAM .. HEELP - 21.Dec.2006 3:44:17 AM   
Zinfandel

 

Posts: 66
Joined: 12.Jul.2005
From: UK
Status: offline 		Hi,

We use GFI MailEssentials which uses a combination of filters to block spam emails. More info at: www.gfi.com

_____________________________

Another Month Ends; All Targets Met; All Systems Working;
All Customers Satisfied; All Staff Eager and Enthusiastic.
All Pigs Fed and Ready to fly!

(in reply to farisnt)
Post #: 2
RE: I am Sinking with SPAM .. HEELP - 21.Dec.2006 6:41:04 AM   
farisnt

 

Posts: 383
Joined: 9.Jul.2006
Status: offline 		Isn't there any better sulotion for this .. I did not try this software and I am fraid that the Spam be more ..
I have ISA .. will it help in this ..
?????
and what the diffirten between Trend Mail Scan and GFI
is there any real compare

(in reply to Zinfandel)
Post #: 3
RE: I am Sinking with SPAM .. HEELP - 23.Dec.2006 3:36:39 AM   
banawit

 

Posts: 2
Joined: 23.Dec.2006
Status: offline 		OMG!?!

_____________________________

Plz visit http://ms-antispam.blogspot.com/ & http://www.thaifix.com/
Plz visit http://ms-antispam.blogspot.com/ & http://www.thaifix.com/

(in reply to farisnt)
Post #: 4
RE: I am Sinking with SPAM .. HEELP - 29.Dec.2006 3:14:59 AM   
Zinfandel

 

Posts: 66
Joined: 12.Jul.2005
From: UK
Status: offline 		hi farisnt,

Check the following link on the MSExchange.org site containing information about anti-spam software and a comparison between products. http://antispam.msexchange.org/

_____________________________

Another Month Ends; All Targets Met; All Systems Working;
All Customers Satisfied; All Staff Eager and Enthusiastic.
All Pigs Fed and Ready to fly!

(in reply to banawit)
Post #: 5
RE: I am Sinking with SPAM .. HEELP - 31.Dec.2006 1:57:31 PM   
cdub

 

Posts: 26
Joined: 11.Feb.2004
From: LA
Status: offline 		Most of my customers use my free spam filter:

http://www.castellan.net/spamfilter_download.htm

It is a virtual machine running a bunch of spam control solutions.

_____________________________

Chris
Manager & SE, Castellan
http://www.castellan.net

(in reply to Zinfandel)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2003] >> Server Security >> I am Sinking with SPAM .. HEELP Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts