Solved

Exchange server and spammer

Posted on 2008-06-11
10
527 Views
Last Modified: 2008-06-12
Hi,  
out Server is not open relay. still  there is any way to find out if my server has been compromised by spammer or not ??

because today, i have received an email from Shawbiz.ca, the guy saying someone at 9.48 pm sent him email from our company email address which is actally spam email.

the username he said, we dont have any user , i have check message tracking to check what happended 9.48 pm
but no email has been sent out side at that time by that email address.

from my understanding : message trackign with show outgoing and imcommign message is nto it ??

so what shall i assume, my server has been compromised by spammer ??

 
0
Comment
Question by:fosiul01
  • 4
  • 2
  • 2
  • +2
10 Comments
 
LVL 35

Accepted Solution

by:
rakeshmiglani earned 300 total points
ID: 21760580
you can ask Shawbiz.ca to check the smtp header of the "spam" mail that he received.
it could have been that the email that Shawbiz.ca got did not generate from your server but the "spammer" must have used your domain name to send out the "spam" message from another server.
0
 
LVL 3

Assisted Solution

by:Karl12347
Karl12347 earned 60 total points
ID: 21760597
Spammers can make up any email address they want even if the domain does not belong to them. I would not worry about this. I would only worry if these spam emails are coming through to your company internally.
It is very unlikely that the exchange server has been compromised.
Any decent spam filter software should pickup the emails by the content anyway.

Hope this helps.
Karl
0
 
LVL 3

Expert Comment

by:tsorensen55
ID: 21760628
Your server isn't compromised, spammers use "spoofing" which basically means they can use any email address they want. Tell the person who notified you to look at the message headers and verify the server name the message came from. If it didn't originate from your server then you should be fine.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 29

Author Comment

by:fosiul01
ID: 21760661
But what is this message header ??
suppose , some company has Contact us form, where you need to write your email address.
if  i type someone elses email address, such as user1@mycompany.com so that company will think , Some one called user1 from mycompany has been sent the email is not it ??

but what will show in message header ??
0
 
LVL 3

Expert Comment

by:Trivious
ID: 21760677
This is not uncommon, but you would be wise to get a SPAM appliance anyways. You shouldn't have an unprotected network either way. I have a barracuda SPAM filter 300 for 75 clients and my spam and spoofing has been dramatically reduced!
0
 
LVL 29

Author Comment

by:fosiul01
ID: 21760732
no, i am not getting spam from outsider, i am saying about : if my servr has been compromised by spammer, if they are sending email by using my sever .

as far i know, spam protection will protect you from getting email address from spammer. but it will not protect you if someone is tryign to sent spamming email by using your server, is nto it ??

and my server is not open relay
0
 
LVL 35

Expert Comment

by:rakeshmiglani
ID: 21760735
the message header shows details about the servers and ip address from where the message originated.
check http://www.emailaddressmanager.com/tips/header.html and http://www.uic.edu/depts/accc/newsletter/adn29/headers.html to understand more about it.
0
 
LVL 3

Assisted Solution

by:tsorensen55
tsorensen55 earned 140 total points
ID: 21761572
In outlook message headers can be viewed generally by right clicking on the message and choosing the message options. Once in there towards the bottom you will see Internet Headers and it will contain data similar to the below which is one of my messages received from one of my vendors.

The part that details originating server i will just put right here so you know what to look for:
Received: from mailout.vendor.com (mailout.vendor.com [12.*.*.*]) by cuda2.mydomain.com with ESMTP
--That line shows you my cuda2 server received the message from mailout.vendor.com, if he looks at his message header and sees Received: from "anything but your domainname.com" then it was not sent by your server and you are neither compromised nor at fault, simply a victim of spoofing.

Microsoft Mail Internet Headers Version 2.0
Received: from server.mydomain.com ([192.*.*.*]) by server.mydomain.com with Microsoft SMTPSVC(6.0.3790.3959);
       Wed, 11 Jun 2008 10:23:41 -0500
Received: from cuda2.mydomain.com ([192.*.*.*]) by server.mydomain.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959);
       Wed, 11 Jun 2008 10:23:38 -0500
X-ASG-Debug-ID: 1213197808-25da00ee0000-zLxarx
X-Barracuda-URL: http://192.*.*.*:8000/cgi-bin/mark.cgi
Received: from mailout.vendor.com (localhost [127.0.0.1])
      by cuda2.mydomain.com (Spam Firewall) with ESMTP
      id 48CDD998EE7; Wed, 11 Jun 2008 10:23:28 -0500 (CDT)
Received: from mailout.vendor.com (mailout.vendor.com [12.*.*.*]) by cuda2.mydomain.com with ESMTP id JAmGTj6XyYMvtgew; Wed, 11 Jun 2008 10:23:28 -0500 (CDT)
X-ASG-Whitelist: Barracuda Reputation
X-IronPort-AV: E=Sophos;i="4.27,624,1204524000";
   d="pdf'?scan'208,217";a="54356525"
X-CSIP: YES
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
0
 
LVL 29

Author Comment

by:fosiul01
ID: 21761591
Hi guys thanks
i emailed that guy to copy and past message header .
he has read the email , so now i am waiting for the reply

let him reply, then i will past the reply here .

0
 
LVL 29

Author Comment

by:fosiul01
ID: 21767080
Hi guys,
 that guy sent me header message, i have checked, the Sender Ip does not match with our Ip and server address.
so i reply him back to say, this is not from our company!!

thanks for helping me out here
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question