Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 256
  • Last Modified:

Users maiboxes sending emails to themselves with series of numbers as subject. Users did not send mail

xchange 2003
Outlook 2003

As the title describes i have some users (about 5) who have just last night had the above happen....this is one of the internet headers from an email....note the subject line. The other users all have diffrent numbers in their subjects too. I dont know what to make of the below header? Virus? Exchange issue?

I am running symantec (i know im trying to get this changed!) and it has not reported anything neither has mcafee stinger. I have run this on our exchnage and the users machines?

Microsoft Mail Internet Headers Version 2.0
Received: from dbotmail4.nz.co.nz ([172.28.1.6]) by DBOTMAIL1.nz.co.nz with Microsoft SMTPSVC(6.0.3790.0);
       Tue, 6 Jun 2006 18:01:20 +1200
Received: from FIXE.com (unverified) by dbotmail4.nz.co.nz
 (Clearswift SMTPRS 5.1.7) with SMTP id <T78b6ea4113ac1c0106998@dbotmail4.nz.co.nz> for <jchuang@nz.co.nz>;
 Tue, 6 Jun 2006 18:01:20 +1200
Date: Tue, 06 Jun 2006 07:57:01 +0100
To: "Jchuang" <jchuang@nz.co.nz>
From: "Jchuang" <jchuang@nz.co.nz>
Subject: 1545453
Message-ID: <dcbyzhkuikzilynoagt@nz.co.nz>
MIME-Version: 1.0
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-Path: jchuang@nz.co.nz
X-OriginalArrivalTime: 06 Jun 2006 06:01:21.0084 (UTC) FILETIME=[A2491FC0:01C6892E]

0
comerro1
Asked:
comerro1
  • 4
  • 4
1 Solution
 
aa230002Commented:
Please check if these mails are coming from outside. Check the email headers. Right click on the message in the outlook and click on options. In case these messages are coming from outside, you need to check the IP addresses from where these messages are coming and block those IPs, if you are sure that these are not valid IP addresses.
Also scan your server for viruses.

Thanks,
Amit Aggarwal.
0
 
rakeshmiglaniCommented:
This is SPAM. nowadays a lot of cases are coming in Experts Exchange regarding the same issue that you have mentioned.
Check if the sender IP is the same in all the emails. you have the option to block the ip address from sending you email.

http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21876438.html
0
 
comerro1Author Commented:
where can i find the sender ip?
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
rakeshmiglaniCommented:
it would be in the smtp header of the email that the users have received. (header would only be present if the mail has come from outside)
0
 
comerro1Author Commented:
If i ping fixe.com i get this address but its un verified [64.246.40.125]
0
 
rakeshmiglaniCommented:
the ip should be in the smtp header. it would tell you from where you got the emai
0
 
comerro1Author Commented:
Isnt the header what ive included above?
0
 
rakeshmiglaniCommented:
correct

check this

http://www.dnsstuff.com/tools/lookup.ch?name=FIXE.com&type=MX

this link also tells me that the ip that you have mentioned belongs to a domain called Fixe.com
now, if you don't have any client by this name then you can block this ip address/domain name from sending you the email.
the steps are mentioned above in the link that i had posted earlier
0
 
comerro1Author Commented:
Great thanks
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now