naexpert
asked on
Potential abuse of our Exchange 2003 server.
Hi,
I've spent ages trying to 'lock down' our exchange 2003 server. My MD had this e-mail come through to his inbox recently which he said he did not send yet he got a 'From: System Administrator ' e-mail telling him he had and that it had failed. See details below.
Is there anyone out there that can tell us mere mortals how to stop this sort of thing happening OR do I scap exchange and use some other mail server software - any suggestions?
Hope to hear from you people.
Cheers
Andy.
Contents of e-mail-------------------- ---------- ---------- ---------- ---------- ---------- ------
To: steve.webster.lab@govmail. gov.sk.ca
Subject: Undeliverable: **Message you sent blocked by our bulk email filter** [Scanned]
Your message did not reach some or all of the intended recipients.
Subject: November 75% OFF
Sent: 29/11/2007 10:34
The following recipient(s) could not be reached:
steve.webster.lab@govmail. gov.sk.ca on 29/11/2007 10:34
You do not have permission to send to this recipient. For assistance, contact your system administrator.
< cuda2.gov.sk.ca #5.7.1 smtp; 550 5.7.1 Message content rejected, UBE, id=26048-02-25>
e-mail header .......................... .......... .......... .......... .......... .......... .......... .......... .....
Microsoft Mail Internet Headers Version 2.0
Thread-Topic: **Message you sent blocked by our bulk email filter** [Scanned]
X-PMWin-Spam: Gauge=IIIIIIII, Probability=8%, Report='__MIME_VERSION, __CTE, __HAS_MSGID, __SANE_MSGID, __CT, __CTYPE_HAS_BOUNDARY, __CTYPE_MULTIPART, __BAT_BOUNDARY'
X-PMWin-Version: 2.6.1, Antispam-Engine: 2.5.2, Antivirus-Engine: 2.52.1
thread-index: Acgyc41x8giPljvLQPeax/bTIo UlfQ==
Received: from cuda2.gov.sk.ca ([204.83.176.201]) by DQGlobal.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 29 Nov 2007 10:35:25 +0000
MIME-Version: 1.0
From: "Barracuda Spam Firewall" <postmaster@gov.sk.ca>
Content-Transfer-Encoding: 7bit
Message-ID: <20071129123416.16901.qmai l@garo>
Subject: **Message you sent blocked by our bulk email filter** [Scanned]
Content-Class: urn:content-classes:messag e
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
Content-Type: multipart/report;
report-type=delivery-statu s;
boundary="----------=_1196 332453-260 48-67"
To: <steve.webster@dqglobal.co m>
Date: Thu, 29 Nov 2007 04:34:13 -0600 (CST)
Return-Path:
X-OriginalArrivalTime: 29 Nov 2007 10:35:25.0449 (UTC) FILETIME=[8D5ED790:01C8327 3]
-----------=_1196332453-26 048-67
Content-Type: text/plain;
charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: base64
------------=_1196332453-2 6048-67
Content-Type: message/delivery-status
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Description: Delivery error report
------------=_1196332453-2 6048-67
Content-Type: text/rfc822-headers;
charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Description: Undelivered-message headers
.......................... .......... .......... .......... .......... .......... .......... .......... ..........
I've spent ages trying to 'lock down' our exchange 2003 server. My MD had this e-mail come through to his inbox recently which he said he did not send yet he got a 'From: System Administrator ' e-mail telling him he had and that it had failed. See details below.
Is there anyone out there that can tell us mere mortals how to stop this sort of thing happening OR do I scap exchange and use some other mail server software - any suggestions?
Hope to hear from you people.
Cheers
Andy.
Contents of e-mail--------------------
To: steve.webster.lab@govmail.
Subject: Undeliverable: **Message you sent blocked by our bulk email filter** [Scanned]
Your message did not reach some or all of the intended recipients.
Subject: November 75% OFF
Sent: 29/11/2007 10:34
The following recipient(s) could not be reached:
steve.webster.lab@govmail.
You do not have permission to send to this recipient. For assistance, contact your system administrator.
< cuda2.gov.sk.ca #5.7.1 smtp; 550 5.7.1 Message content rejected, UBE, id=26048-02-25>
e-mail header ..........................
Microsoft Mail Internet Headers Version 2.0
Thread-Topic: **Message you sent blocked by our bulk email filter** [Scanned]
X-PMWin-Spam: Gauge=IIIIIIII, Probability=8%, Report='__MIME_VERSION, __CTE, __HAS_MSGID, __SANE_MSGID, __CT, __CTYPE_HAS_BOUNDARY, __CTYPE_MULTIPART, __BAT_BOUNDARY'
X-PMWin-Version: 2.6.1, Antispam-Engine: 2.5.2, Antivirus-Engine: 2.52.1
thread-index: Acgyc41x8giPljvLQPeax/bTIo
Received: from cuda2.gov.sk.ca ([204.83.176.201]) by DQGlobal.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 29 Nov 2007 10:35:25 +0000
MIME-Version: 1.0
From: "Barracuda Spam Firewall" <postmaster@gov.sk.ca>
Content-Transfer-Encoding:
Message-ID: <20071129123416.16901.qmai
Subject: **Message you sent blocked by our bulk email filter** [Scanned]
Content-Class: urn:content-classes:messag
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
Content-Type: multipart/report;
report-type=delivery-statu
boundary="----------=_1196
To: <steve.webster@dqglobal.co
Date: Thu, 29 Nov 2007 04:34:13 -0600 (CST)
Return-Path:
X-OriginalArrivalTime: 29 Nov 2007 10:35:25.0449 (UTC) FILETIME=[8D5ED790:01C8327
-----------=_1196332453-26
Content-Type: text/plain;
charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding:
------------=_1196332453-2
Content-Type: message/delivery-status
Content-Disposition: inline
Content-Transfer-Encoding:
Content-Description: Delivery error report
------------=_1196332453-2
Content-Type: text/rfc822-headers;
charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding:
Content-Description: Undelivered-message headers
..........................
ASKER
Hi Simon,
Let em get this straight in my mind,
Spammer is sending e-mail with our e-mail address (faked) but they are not using our e-mail server, they are sending the e-mail from another server correct?
Andy.
Let em get this straight in my mind,
Spammer is sending e-mail with our e-mail address (faked) but they are not using our e-mail server, they are sending the e-mail from another server correct?
Andy.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Simon,
Thanks for your plain English reply.
Cheers
andy.
Thanks for your plain English reply.
Cheers
andy.
This is spoofing. Happens all the time. Someone is sending email that has an email address as the from address. The remote site noticed it is is spam and tries to send it back to the sender - when everyone should know that almost all spam is spoofed, with fake from headers and bouncing it back is pointless. This seems to be the default behaviour of the barracudas.
Unfortunately there is close to nothing you can do about it. You have to accept the NDRs that are destined for your site, if you do not then your server will get blacklisted.
Simon.