Solved

Echange is forwarding junk messages to administrator group

Posted on 2006-11-06
11
292 Views
Last Modified: 2010-03-06
I have a strange things happening, when ever an email comes in for info or root or even john doe, it gets sent to everyone in the built in administrator group, Please help I would like to get this to stop but don't know how.
0
Comment
Question by:brady1408
11 Comments
 
LVL 16

Expert Comment

by:poweruser32
ID: 17883505
did you check AD to see if any of these email addresses have any forwarding rule set up?
0
 
LVL 5

Author Comment

by:brady1408
ID: 17883706
I did and they do not, the only distribution group that they are part of is the support distribution so even then they shouldn't be recieving email for root or info.
0
 
LVL 23

Expert Comment

by:Stacy Spear
ID: 17883812
Why not reject the messages sent from outside to those addresses. Not a final solution but achieves quick results.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17884234
Some version information would be nice.

Are you getting the actual messages or just the NDRs with the spam message attached?

Simon.
0
 
LVL 5

Author Comment

by:brady1408
ID: 17884411
Good questions thanks the version is Version: 6.5.6944.0 exchange server 2003 lastest service packs to my knowledge, on I'm getting the whole message, infact here is some header info with the domain changed of course.

This is a good example you will notice that it was sent to accounting@xxx.com I don't have a mailbox set up for accounting nor do I have a distribution group set up with that name, so why are all the people in the Administrator group getting this email when it comes in?

Microsoft Mail Internet Headers Version 2.0
Received: from jacek ([83.26.117.103]) by zzz.com with Microsoft SMTPSVC(6.0.3790.1830);
       Mon, 6 Nov 2006 09:42:18 -0700
Return-Path: <bduwasro@uwa.edu>
Received: from 199.88.23.18 (HELO phosphorus.uwa.edu)
     by zzz.com with esmtp (D>34OE+S5,12 W7V?@)
     id W=X0A:-O41L(<-B>
     for accounting@zzz.com; Mon, 6 Nov 2006 16:41:53 -0060
Date:      Mon, 6 Nov 2006 16:41:53 -0060
From:      "Leonor Cullen" <bduwasro@uwa.edu>
X-Mailer: The Bat! (v3.51.10) Educational
X-Priority: 3 (Normal)
Message-ID: <400621268.84701411230977@thebat.net>
To: accounting@zzz.com
Subject: Be leaner and slim_mer by next week
MIME-Version: 1.0
Content-Type: text/plain;
  charset=Windows-1252
Content-Transfer-Encoding: quoted-printable
X-Spam: Not detected
X-OriginalArrivalTime: 06 Nov 2006 16:42:20.0644 (UTC) FILETIME=[872C0240:01C701C2]


0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 104

Expert Comment

by:Sembee
ID: 17884537
You have forgotten the first rule of spam emails - the entire header can be considered to be false.
The fact that it says that it was sent to accounting doesn't mean that was the only user the spam email was sent to. A very common tactic is to send the email to a long list of people - with the first address in the to: line and the rest in the BCC line.

Simon.
0
 
LVL 5

Author Comment

by:brady1408
ID: 17884688
Guess no one ever taught me the first rule then, in that case what can I do to cut down spam? any good recomendations of server side spam filters?
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 17885804
If you have Exchange 2003 then always start with IMF. That will deal with a lot of content.
For third party tools, GFI Mail Essentials is quite effective. I also use Vamsoft ORF. It has a feature called greylisting which deals with an awful lot of spam. One site I look after drops 92% of all email with Vamsoft because it is spam.

Simon.
0
 
LVL 5

Author Comment

by:brady1408
ID: 17908100
Just a quick update I plan to accept Sembee's answer as it has been a ton of help but didn't want this to get closed quite yet, I enabled IMF it seemed to help a couple of users but for myself it didn't do a thing, so I am trying the trial version of Vamsoft and so far am very pleased, although I'm a little worried. I'm using the greylisting feature you mentioned and so far 98% of the mail coming into the server has been rejected, that number seems high but it might not be I'm just going to have to give it some time. Also is there a log of rejected senders how do I check for false possitives on the junk filtering, I know how blacklisting works and am not worried about that at all but the greylisting I just don't understand and that's what worries me a little, I don't see what temporarly rejecting an email will do to catch spam, and if it's temperarly rejecting ham then how does it know that it's okay the next time the server tries to send it?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17908222
Have a read of my blog post first.
http://www.sembee.co.uk/archive/2006/09/18/24.aspx

I have explained a lot of how greylisting works there.

98% is not unusual. I have sites running in the high 90s myself. You need to watch the logs as you may see the odd piece of legitimate email being rejected. I have seen email messages from eBay be rejected in the past, but I refuse to white list that domain because it is targeted by phishers as well.

Don't forget that greylisting also catches email sent to non-existing users. If you are on Exchange 2003 with SP2 and have recipient filtering enabled then you would be dropping those messages anyway. I drop on my home server 10,000 misaddressed emails a day. That can distort the Vamsoft stats slightly.

Simon.
0
 
LVL 5

Author Comment

by:brady1408
ID: 17908523
Very good Sembee I read you blog and before I heard back from you I found another good white paper on the subject found here. http://projects.puremagic.com/greylisting/whitepaper.html

I'm very happy with the way things are going I looked through the logs and every email that was rejected looked like spam to me I couldn't find a ham messege in the list of rejects, so I guess I feel much better about false possitives, there is always something to be said for knowing how something works, it really helped put my mind at ease.

Thanks a ton!!!
Brady1408
0

Featured Post

Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now