[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

mailware

Posted on 2006-07-06
5
Medium Priority
?
256 Views
Last Modified: 2010-03-06
Hi all,

From time to time I am receiving emails which look like they were send from one of my users but I know that they didn’t send it.

--------------------------------------------------------------------------------------------------------------------------

-----Original Message-----
From: user1@mydomain.com
Sent: Thursday, 6 July 2006 10:33 a.m.
To: user1@mydomain.com
Cc: user2@mydomain.com; user3@mydomain.com
Subject: Diploma that you already earned!


Academic Qualifications available from prestigious NON-ACCREDITED universities.

Do you have the knowledge and the experience but lack the
qualifications?

Are you getting turned down time and time again for the job of your
dreams because you just don't have the right letters after your name?

Get the prestige that you deserve today!

Move ahead in your career today!

CALL +1-650-456-2500

Bachelors, Masters and PhD's available in your field!

No examinations! No classes! No textbooks!

Call to register and receive your qualifications within days!

24 hours a day 7 days a week!

Confidentiality assured!

+1-650-456-2500
--------------------------------------------------------------------------------------
im running windows 2003 SP1, and Exchange 2003 SP2.

I did a relay test on www.dnsreport.com and it says that i pass relay test and im not an open relay. i also did a telnet test for open relay with a positive result. so how come im getting those emails.

Any idea how can i track it and prevent my exchange?
0
Comment
Question by:aucklandnz
  • 2
3 Comments
 
LVL 14

Expert Comment

by:ECNSSMT
ID: 17055923
at least you got the tamed ones..

If you look at the internet headers located at

View > Options > Internet Headers

you will see the source; if you got the same ones a few of my users did a couple of weeks ago from external associates; they were actually sent by those stated addresses (unbeknownst to the users themselves);   Our SMTP logs showed that.  I think our anti-virus app (Antigen) on Exchange may have stripped the payload off as there were no reports of my users being the source of these messages to other recipients (internal or external)

Otherwise; you may want to insure that the email server's anti-virus product is up to date; you don't allow attachements that are executable; VBS, JS, or anything that could be launched when the user open a message.

Spam guardwise; anti-spam product that can block messages from questionable sites/blacklisted sites

Regards,
0
 
LVL 3

Author Comment

by:aucklandnz
ID: 17055941
i forgot to mantioned that i run a mailmarshal software aswell
0
 
LVL 14

Accepted Solution

by:
ECNSSMT earned 2000 total points
ID: 17062982
the mailmarshall app looks like its all encompassing so between maintaining the blacklist and whitelist; it appears to be context based also.

The war on spam is a constant and active process; it looks like the mailmarshal may be able to permit the manual addition of strings to look for;

add the phrase "Diploma that you already earned!" to be blocked; if you are able to do so, it will solve your problem.  

We use a product from Tumbleweed to do the exact same thing and we do periodically manually update the filtering engine with phrases to filter out.

Regards
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
If you have come across a situation where you need to find some EDB mailbox recovery techniques, then here you will find the same. In this article, we will take you through three techniques using which you will be able to perform EDB recovery. You …
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question