Advertisement

02.14.2008 at 09:08AM PST, ID: 23163602
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
7.7

How to Issolate source IP of Spam in the Exchange 2003 queue.

Asked by collegeit in Exchange Email Server, Anti-Spam Email Software, Email Servers

Tags: , ,

Hello fellow sys admins,

A couple days ago we receive an email that our mail server was sending out Spam so I check the email queues and I did find 2000 to 3000 emails still stuck in the queue sent by "eBay" (which is not our users). They were not NDR but actually emails going to external sources.  Please see attachment for the emails in question.

1. I have checked our exchange server and it is not an open relay.
2. The email header suggests an external source sent the email to our mail server.
3. The email header bellow is from recipient of the spam who was kind enough to report it back to us.
________________________________________________________________________
http://www.actioncouriers.com/wml_old/eBayISAPI.dll%20SignIn&RemoveItemStrike.htm
Return-Path: <eBay-US@dispute.e-bay.com>
Received: from rly-db03.mx.aol.com (rly-db03.mail.aol.com [172.19.130.78]) by air-db06.mail.aol.com (v121.4) with ESMTP id MAILINDB062-ab947b2180321f; Tue, 12 Feb 2008 17:05:02 -0500
Received: from mail.mydomain.com (fe02.mydomain.com [69.46.180.90]) by rly-db03.mx.aol.com (v121.4) with ESMTP id MAILRELAYINDB037-ab947b2180321f; Tue, 12 Feb 2008 17:04:51 -0500
Received: from User ([69.77.184.26] RDNS failed) by mail.mydomain.com with Microsoft SMTPSVC(6.0.3790.1830);
  Tue, 12 Feb 2008 17:09:35 -0500
From: "eBay"<eBay-US@dispute.e-bay.com>
Subject: eBay Unpaid Item Strike Received: #120160502431 -- Response Required
Date: Tue, 12 Feb 2008 17:04:24 -0500
MIME-Version: 1.0
Content-Type: text/html;
 charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2800.1081
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081
Message-ID: <FE02hm8Ua8d9Ee4zadT000010d7@mail.mydomain.com>
X-OriginalArrivalTime: 12 Feb 2008 22:09:35.0934 (UTC) FILETIME=[F3F9BDE0:01C86DC3]
X-AOL-IP: 69.46.180.90
X-AOL-SCOLL-SCORE:1:2:435547968:9395240
X-AOL-SCOLL-URL_COUNT:
X-AOL-SCOLL-AUTHENTICATION: listenair ; SPF_helo : n
X-AOL-SCOLL-AUTHENTICATION: listenair ; SPF_822_from : n
________________________________________________________________________

Here are my questions

1. How do I see the source IP of the emails still in the queue to confirm that indeed the spam originated from a external source and not a PC infect in my environment?
2. Does anyone have any idea how the Spammer sent these email from our Exchange Server?

Any assistance would be much appreciated.

Start Free Trial
Attachments:
 
screencap.JPG (59 KB) (File Type Details) 
Screen Cap of emails in the queue
Screen Cap of emails in the queue
 
[+][-]02.14.2008 at 03:52PM PST, ID: 20898123

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Exchange Email Server, Anti-Spam Email Software, Email Servers
Tags: Miscosoft, Exchnage, 2003
Sign Up Now!
Solution Provided By: jasonwebb2006
Participating Experts: 1
Solution Grade: B
 
 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628