cberinger
asked on
Email spoofing issue
We have an issue with someone apparently sending email to our internal users posing as our actual exchange server. Below is the header of an email. Note that the email looks like it is coming from our mail server (pti-nj.com) but the IP address (58.10.84.86) is not ours. The email is sent with a from address of one of our internal users and sent to other users in our company. We have relay restrictions on our Exchange server (only allowing the IP address of our Exchange server to relay but does allow any authenticated user to relay), this is set on the Relay restrictions tab of the SMTP virtual server. HELP! We are getting a lot of these type of emails.
Microsoft Mail Internet Headers Version 2.0
Received: from pti-nj.com ([58.10.84.86]) by mailserver.pti-nj.com with Microsoft SMTPSVC(5.0.2195.6713); Thu, 4 May 2006 08:12:34 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0
From: <register@pti-nj.com>
To: <mktg@pti-nj.com>
Subject: Members Support
Date: Thu, 4 May 2006 19:11:47 +0700
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_0 00_0000_96 1632E8.767 635F9"
X-Priority: 3
X-MSMail-Priority: Normal
Return-Path: <register@pti-nj.com>
Message-ID: <MAILSERVERVY5jVkjA2000005 1a@mailser ver.pti-nj .com>
X-OriginalArrivalTime: 04 May 2006 12:12:34.0818 (UTC) FILETIME=[06D57620:01C66F7 4]
------=_NextPart_000_0000_ 961632E8.7 67635F9
Content-Type: text/html;
charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
------=_NextPart_000_0000_ 961632E8.7 67635F9
Content-Description: warning.htm
Content-Type: text/html;
name="warning.htm"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="warning.htm"
------=_NextPart_000_0000_ 961632E8.7 67635F9--
Microsoft Mail Internet Headers Version 2.0
Received: from pti-nj.com ([58.10.84.86]) by mailserver.pti-nj.com with Microsoft SMTPSVC(5.0.2195.6713); Thu, 4 May 2006 08:12:34 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0
From: <register@pti-nj.com>
To: <mktg@pti-nj.com>
Subject: Members Support
Date: Thu, 4 May 2006 19:11:47 +0700
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_0
X-Priority: 3
X-MSMail-Priority: Normal
Return-Path: <register@pti-nj.com>
Message-ID: <MAILSERVERVY5jVkjA2000005
X-OriginalArrivalTime: 04 May 2006 12:12:34.0818 (UTC) FILETIME=[06D57620:01C66F7
------=_NextPart_000_0000_
Content-Type: text/html;
charset="ISO-8859-1"
Content-Transfer-Encoding:
------=_NextPart_000_0000_
Content-Description: warning.htm
Content-Type: text/html;
name="warning.htm"
Content-Transfer-Encoding:
Content-Disposition: attachment;
filename="warning.htm"
------=_NextPart_000_0000_
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.