Users maiboxes sending emails to themselves with series of numbers as subject. Users did not send mail

xchange 2003
Outlook 2003

As the title describes i have some users (about 5) who have just last night had the above happen....this is one of the internet headers from an email....note the subject line. The other users all have diffrent numbers in their subjects too. I dont know what to make of the below header? Virus? Exchange issue?

I am running symantec (i know im trying to get this changed!) and it has not reported anything neither has mcafee stinger. I have run this on our exchnage and the users machines?

Microsoft Mail Internet Headers Version 2.0
Received: from dbotmail4.nz.co.nz ([172.28.1.6]) by DBOTMAIL1.nz.co.nz with Microsoft SMTPSVC(6.0.3790.0);
       Tue, 6 Jun 2006 18:01:20 +1200
Received: from FIXE.com (unverified) by dbotmail4.nz.co.nz
 (Clearswift SMTPRS 5.1.7) with SMTP id <T78b6ea4113ac1c0106998@dbotmail4.nz.co.nz> for <jchuang@nz.co.nz>;
 Tue, 6 Jun 2006 18:01:20 +1200
Date: Tue, 06 Jun 2006 07:57:01 +0100
To: "Jchuang" <jchuang@nz.co.nz>
From: "Jchuang" <jchuang@nz.co.nz>
Subject: 1545453
Message-ID: <dcbyzhkuikzilynoagt@nz.co.nz>
MIME-Version: 1.0
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-Path: jchuang@nz.co.nz
X-OriginalArrivalTime: 06 Jun 2006 06:01:21.0084 (UTC) FILETIME=[A2491FC0:01C6892E]

comerro1Asked:
Who is Participating?
 
rakeshmiglaniConnect With a Mentor Commented:
correct

check this

http://www.dnsstuff.com/tools/lookup.ch?name=FIXE.com&type=MX

this link also tells me that the ip that you have mentioned belongs to a domain called Fixe.com
now, if you don't have any client by this name then you can block this ip address/domain name from sending you the email.
the steps are mentioned above in the link that i had posted earlier
0
 
aa230002Commented:
Please check if these mails are coming from outside. Check the email headers. Right click on the message in the outlook and click on options. In case these messages are coming from outside, you need to check the IP addresses from where these messages are coming and block those IPs, if you are sure that these are not valid IP addresses.
Also scan your server for viruses.

Thanks,
Amit Aggarwal.
0
 
rakeshmiglaniCommented:
This is SPAM. nowadays a lot of cases are coming in Experts Exchange regarding the same issue that you have mentioned.
Check if the sender IP is the same in all the emails. you have the option to block the ip address from sending you email.

http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21876438.html
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
comerro1Author Commented:
where can i find the sender ip?
0
 
rakeshmiglaniCommented:
it would be in the smtp header of the email that the users have received. (header would only be present if the mail has come from outside)
0
 
comerro1Author Commented:
If i ping fixe.com i get this address but its un verified [64.246.40.125]
0
 
rakeshmiglaniCommented:
the ip should be in the smtp header. it would tell you from where you got the emai
0
 
comerro1Author Commented:
Isnt the header what ive included above?
0
 
comerro1Author Commented:
Great thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.