• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Help with sudden spam

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2003] >> Server Security >> Help with sudden spam Page: [1]
Login
Message << Older Topic   Newer Topic >>
Help with sudden spam - 20.Feb.2012 5:13:51 PM   
FabFab

 

Posts: 44
Joined: 29.Jul.2005
From: italy
Status: offline
Hello i'm getting some flooding of spam messages and it seems i can't stop them all. I've enabled everything on the server, if i check with external tools it's reported not to be an open relay but it act like it was. I get messages like this:

(i have replaced my FE server name with YYYY ip address with xxxx and mydomain fo our public domain name)

2012-2-20 15:3:52 GMT 62.87.111.252 User service102.mimecast.com YYYYY 195.xxx.xxx.xxx a.e.rouse@gmail.com 1031 YYYYYYwY6YHkid0000000e@mail.mydomain.com 3 0 3942 50 2012-2-20 15:1:32 GMT 0 Version: 6.0.3790.4675 - FROM MRS. MARIA PACKER mr.mariapacker@rocketmail.com -

or:

2012-2-20 15:4:20 GMT 62.87.111.252 User and/or YYYYY 195.xxx.xxx.xxx a1aaa1azzzz1zaaaaa@watson1.karoo.co.uk 1031 YYYYYeFUtLch900000041@mail.my domain.com 3 0 3942 50 2012-2-20 15:4:8 GMT 0 Version: 6.0.3790.4675 - FROM MRS. MARIA PACKER mr.mariapacker@rocketmail.com -


basically changes the partner server with different names (in this case is and/or

How can this happen if this server is not an oper relay??
Post #: 1
RE: Help with sudden spam - 21.Feb.2012 12:25:38 AM   
listers@live.com

 

Posts: 138
Joined: 13.Jun.2009
Status: offline
Are u using any POP3 service? is your desktop environment updated with patches?

(in reply to FabFab)
Post #: 2
RE: Help with sudden spam - 21.Feb.2012 2:01:53 AM   
FabFab

 

Posts: 44
Joined: 29.Jul.2005
From: italy
Status: offline
Yes POP3 is enabled and most users are using XP with most of the patches. I'm not 100% sure it's everything updated. Do you think is a forged address?? If so how can i discover which one?

(in reply to listers@live.com)
Post #: 3
RE: Help with sudden spam - 16.Mar.2012 4:35:17 PM   
uemurad

 

Posts: 8232
Joined: 7.Jan.2004
From: California, USA
Status: offline
An Open Relay is what it sounds like. It's an intermediate system that indiscriminately forwards messages. For example, if it were possible for me to send a message to your server addressed from gmail.com and addressed to yahoo.com and have it delivered, your system would be an Open Relay.

What you are experiencing is Spam - pure and simple. Without some sort of filtering in front of or on top of Exchange, there's nothing you can do about it. The mail comes to you because it's addressed to your domain.

_____________________________

Regards,

Dean T. Uemura
Microsoft MVP - Exchange (2007-2011)
exchangeguy.blogspot.com
uemurad@yahoo.com

(in reply to FabFab)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2003] >> Server Security >> Help with sudden spam Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter