• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SPAM or HACKING?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2000] >> Server Security >> SPAM or HACKING? Page: [1]
Login
Message << Older Topic   Newer Topic >>
SPAM or HACKING? - 26.Jul.2002 4:21:00 PM   
Gandalf

 

Posts: 9
Joined: 16.May2002
From: UK
Status: offline
Hi,

I've setup "message tracking" within exchange system manager. All is OK, but I see a few strange messages inbound to my server that are NOT addressed to my domain.

I'm getting messages addressed to unkown users, but I think they are not being routed to the recipient. Is someone trying to route SPAM from my Exchange server or find a way in????

Here is a typical delivery report: e.g
--------------------------------------------------------------------------------

To: fred_flintstone2001@yahoo.com
Subject: hey!
Sent: Thu, 11 Jul 2002 18:04:19 +0100

did not reach the following recipient(s):

fred_flintstone2001@yahoo.com on Thu, 25 Jul 2002 17:58:46 +0100
There was a SMTP communication problem with the recipient's email
server. Please contact your system administrator.
<exchange.bedrock.com #5.5.0 smtp;550 Recipient Not
Authorised [recipient rejected due to no authorised destination groups]>
----------------------------------------------------------------------------------

Message was from:

5645ytghbn@flashmail.com <5645ytghbn@flashmail.com>

with content:

what's up?
MAILINFO:[73/7/332/3:xpqk
MAILINF2:[313/:/265/75xpqj

IS someone trying to route SPAM????
Post #: 1
RE: SPAM or HACKING? - 6.Sep.2002 11:23:00 AM   
koggen

 

Posts: 980
Joined: 31.Oct.2001
From: Göteborg - Sweden
Status: offline
I think it looks like someone tried to send spam to a non-existing user at your organization. Many spam messages are sent to random addresses, like joe@domain, mike@domain, lisa@domain etc. Sooner or later they will actually reach an existing user. Most of these messages are sent with a bogus return adress. When your server fails to deliver the inbound message (because there is no such recipient) the system will return a NDR. But as spammers often use bogus addresses these will bounce back to you. In the same way many free email providers have lists of accounts that have been used for spam and therefore will not accept messages to that account.

If you want to make sure your server does not accept relay of email you can test it at http://www.ordb.org.

// Johan

(in reply to Gandalf)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2000] >> Server Security >> SPAM or HACKING? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter