thelink12
asked on
Erroneous emails being sent from non existent users and self
I have a few people who are getting weird emails. They are usually either sent from old employees who no longer are here or themselves and they usually have a number as the subject and body of the email.
Example one...
Lets say John Doe works here. His email address is jdoe@email.com. He might receive an email at a time when he is not logged in with the subject of 545 with the message reading 1243 and being sent by jdoe@email.com
Example two...
John Doe left a year ago. Now some people are getting a new email from Jdoe@email.com sent at random hours. I cant find any trace of the account in Active Directory.
I just found this problem today so I have not done much diagnostic besides some Virus Scans. I am hoping to find someone who has seen this before and can point me in the right direction. Its an Exchange 2003 server running on a Cluster of Server 2003. Thanks!
Example one...
Lets say John Doe works here. His email address is jdoe@email.com. He might receive an email at a time when he is not logged in with the subject of 545 with the message reading 1243 and being sent by jdoe@email.com
Example two...
John Doe left a year ago. Now some people are getting a new email from Jdoe@email.com sent at random hours. I cant find any trace of the account in Active Directory.
I just found this problem today so I have not done much diagnostic besides some Virus Scans. I am hoping to find someone who has seen this before and can point me in the right direction. Its an Exchange 2003 server running on a Cluster of Server 2003. Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
do they all have a common ip in the internet header? if yes then you can block the ip address
Rakesh is right,
In exchange 2003 you can block the IP or the whole range of IP.
Get in to global settings / delivery options (properties) and you would find sender and connection filtering.
Sender filtering will deny a sender from sending email via SMTP.
Conenction filtering will deny based on DNS blocking or global block or grant access to set of IP's.
Set the addresses that you need to block and enable them in the default SMTP virtual server.
Restart routing engine and smtp service for the changes to take effect.
Raghu
In exchange 2003 you can block the IP or the whole range of IP.
Get in to global settings / delivery options (properties) and you would find sender and connection filtering.
Sender filtering will deny a sender from sending email via SMTP.
Conenction filtering will deny based on DNS blocking or global block or grant access to set of IP's.
Set the addresses that you need to block and enable them in the default SMTP virtual server.
Restart routing engine and smtp service for the changes to take effect.
Raghu
ASKER
Looks like three different IP Addresses in three different headers. Each email was from a separate account.
Received: from Rectory-Office.net (wsip-70-184-12-181.ri.ri.
Received: from 8C6638DCC80248A.com (173.151.100-84.rev.gaolan
Received: from CASSA02.com (host251-179.pool8173.inte
Received: from Rectory-Office.net (wsip-70-184-12-181.ri.ri.
Received: from 8C6638DCC80248A.com (173.151.100-84.rev.gaolan
Received: from CASSA02.com (host251-179.pool8173.inte
ASKER
Turns out they are spam. We have a third party company that does our spam control and is working on this issue. Thanks for the help.
ASKER