Solved

Potential abuse of our Exchange 2003 server.

Posted on 2007-12-03
4
311 Views
Last Modified: 2010-04-21
Hi,

I've spent ages trying to 'lock down' our exchange 2003 server. My MD had this e-mail come through to his inbox recently which he said he did not send yet he got a 'From: System Administrator ' e-mail telling him he had and that it had failed. See details below.

Is there anyone out there that can tell us mere mortals how to stop this sort of thing happening OR do I scap exchange and use some other mail server software - any suggestions?

Hope to hear from you people.

Cheers

Andy.

Contents of e-mail----------------------------------------------------------------------------
To: steve.webster.lab@govmail.gov.sk.ca
Subject: Undeliverable: **Message you sent blocked by our bulk email filter** [Scanned]

Your message did not reach some or all of the intended recipients.
      Subject:      November 75% OFF
      Sent:      29/11/2007 10:34
The following recipient(s) could not be reached:
      steve.webster.lab@govmail.gov.sk.ca on 29/11/2007 10:34
            You do not have permission to send to this recipient.  For assistance, contact your system administrator.
            < cuda2.gov.sk.ca #5.7.1 smtp; 550 5.7.1 Message content rejected, UBE, id=26048-02-25>

e-mail header .....................................................................................................
Microsoft Mail Internet Headers Version 2.0
Thread-Topic: **Message you sent blocked by our bulk email filter** [Scanned]
X-PMWin-Spam: Gauge=IIIIIIII, Probability=8%, Report='__MIME_VERSION, __CTE, __HAS_MSGID, __SANE_MSGID, __CT, __CTYPE_HAS_BOUNDARY, __CTYPE_MULTIPART, __BAT_BOUNDARY'
X-PMWin-Version: 2.6.1, Antispam-Engine: 2.5.2, Antivirus-Engine: 2.52.1
thread-index: Acgyc41x8giPljvLQPeax/bTIoUlfQ==
Received: from cuda2.gov.sk.ca ([204.83.176.201]) by DQGlobal.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 29 Nov 2007 10:35:25 +0000
MIME-Version: 1.0
From: "Barracuda Spam Firewall" <postmaster@gov.sk.ca>
Content-Transfer-Encoding: 7bit
Message-ID: <20071129123416.16901.qmail@garo>
Subject: **Message you sent blocked by our bulk email filter** [Scanned]
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
Content-Type: multipart/report;
          report-type=delivery-status;
          boundary="----------=_1196332453-26048-67"
To: <steve.webster@dqglobal.com>
Date: Thu, 29 Nov 2007 04:34:13 -0600 (CST)
Return-Path:
X-OriginalArrivalTime: 29 Nov 2007 10:35:25.0449 (UTC) FILETIME=[8D5ED790:01C83273]
-----------=_1196332453-26048-67
Content-Type: text/plain;
          charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: base64
------------=_1196332453-26048-67
Content-Type: message/delivery-status
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Description: Delivery error report
------------=_1196332453-26048-67
Content-Type: text/rfc822-headers;
          charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Description: Undelivered-message headers
..........................................................................................................
0
Comment
Question by:naexpert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 20395099
Another badly configured Barracuda...

This is spoofing. Happens all the time. Someone is sending email that has an email address as the from address. The remote site noticed it is is spam and tries to send it back to the sender - when everyone should know that almost all spam is spoofed, with fake from headers and bouncing it back is pointless. This seems to be the default behaviour of the barracudas.

Unfortunately there is close to nothing you can do about it. You have to accept the NDRs that are destined for your site, if you do not then your server will get blacklisted.

Simon.
0
 

Author Comment

by:naexpert
ID: 20395235
Hi Simon,

Let em get this straight in my mind,

Spammer is sending e-mail with our e-mail address (faked) but they are not using our e-mail server, they are sending the e-mail from another server correct?

Andy.
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 20395371
Correct.
There is nothing in SMTP to verify that the server sending the email is supposed to be sending that email. There are initiatives like SPF (sender policy framework or whatever its name is this week) however their use is so limited that they are having close no effect on levels of spam. You can put anything you like in the from field and there is nothing you can do to stop it.

Send yourself an email using telnet (http://www.amset.info/exchange/telnet-test.asp) but put bill.gates@microsoft.com or tony.blair@downingstreet.gov.uk in as the From field. You will get the email correctly.

Simon.
0
 

Author Closing Comment

by:naexpert
ID: 31412302
Hi Simon,

Thanks for your plain English reply.

Cheers

andy.
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
Suggested Courses
Course of the Month3 days, 11 hours left to enroll

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question