mailware
Hi all,
From time to time I am receiving emails which look like they were send from one of my users but I know that they didn’t send it.
--------------------------
-----Original Message-----
From: user1@mydomain.com
Sent: Thursday, 6 July 2006 10:33 a.m.
To: user1@mydomain.com
Cc: user2@mydomain.com; user3@mydomain.com
Subject: Diploma that you already earned!
Academic Qualifications available from prestigious NON-ACCREDITED universities.
Do you have the knowledge and the experience but lack the
qualifications?
Are you getting turned down time and time again for the job of your
dreams because you just don't have the right letters after your name?
Get the prestige that you deserve today!
Move ahead in your career today!
CALL +1-650-456-2500
Bachelors, Masters and PhD's available in your field!
No examinations! No classes! No textbooks!
Call to register and receive your qualifications within days!
24 hours a day 7 days a week!
Confidentiality assured!
+1-650-456-2500
--------------------------
im running windows 2003 SP1, and Exchange 2003 SP2.
I did a relay test on www.dnsreport.com and it says that i pass relay test and im not an open relay. i also did a telnet test for open relay with a positive result. so how come im getting those emails.
Any idea how can i track it and prevent my exchange?
From time to time I am receiving emails which look like they were send from one of my users but I know that they didn’t send it.
--------------------------
-----Original Message-----
From: user1@mydomain.com
Sent: Thursday, 6 July 2006 10:33 a.m.
To: user1@mydomain.com
Cc: user2@mydomain.com; user3@mydomain.com
Subject: Diploma that you already earned!
Academic Qualifications available from prestigious NON-ACCREDITED universities.
Do you have the knowledge and the experience but lack the
qualifications?
Are you getting turned down time and time again for the job of your
dreams because you just don't have the right letters after your name?
Get the prestige that you deserve today!
Move ahead in your career today!
CALL +1-650-456-2500
Bachelors, Masters and PhD's available in your field!
No examinations! No classes! No textbooks!
Call to register and receive your qualifications within days!
24 hours a day 7 days a week!
Confidentiality assured!
+1-650-456-2500
--------------------------
im running windows 2003 SP1, and Exchange 2003 SP2.
I did a relay test on www.dnsreport.com and it says that i pass relay test and im not an open relay. i also did a telnet test for open relay with a positive result. so how come im getting those emails.
Any idea how can i track it and prevent my exchange?
ASKER
i forgot to mantioned that i run a mailmarshal software aswell
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you look at the internet headers located at
View > Options > Internet Headers
you will see the source; if you got the same ones a few of my users did a couple of weeks ago from external associates; they were actually sent by those stated addresses (unbeknownst to the users themselves); Our SMTP logs showed that. I think our anti-virus app (Antigen) on Exchange may have stripped the payload off as there were no reports of my users being the source of these messages to other recipients (internal or external)
Otherwise; you may want to insure that the email server's anti-virus product is up to date; you don't allow attachements that are executable; VBS, JS, or anything that could be launched when the user open a message.
Spam guardwise; anti-spam product that can block messages from questionable sites/blacklisted sites
Regards,