Advertisement

04.23.2008 at 05:15AM PDT, ID: 23346171
[x]
Attachment Details

Tracking the source of internal spam

Asked by bvaccariello in Simple Mail Transfer Protocol (SMTP), Exchange Email Server, Email Servers

Tags: , , ,

Hello,

We are trying to isolate a spam issue where our users are recieving NDR messages from
mailer-daemon@companyXXX.com.  These original messages are obviously spam and the spammer is using our legitimate users as spoofed sender addresses.

Our firewall is configured to only allow outbound smtp messages from our mail server and I have verified that no other device is sending smtp packets.  Using ethereal I can see that there is no client sending smtp emails and relaying them off of our exchange server however is it possible for a virus or spam bot to be sending these messages via another protocol?

Any suggestions on troubeshooting further would be appreciated.  My believe is that this is originating outside of our network from an infected home machine or harvested email addresses however I am having difficulty proving.

Thank you,

brianStart Free Trial
[+][-]04.23.2008 at 05:34AM PDT, ID: 21419889

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Simple Mail Transfer Protocol (SMTP), Exchange Email Server, Email Servers
Tags: Microsoft, Exchange, 2000, mailer-daemon ndr messages from spoofed senders
Sign Up Now!
Solution Provided By: bmasincup
Participating Experts: 1
Solution Grade: A
 
 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628