Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 558
  • Last Modified:

Exchange server and spammer

Hi,  
out Server is not open relay. still  there is any way to find out if my server has been compromised by spammer or not ??

because today, i have received an email from Shawbiz.ca, the guy saying someone at 9.48 pm sent him email from our company email address which is actally spam email.

the username he said, we dont have any user , i have check message tracking to check what happended 9.48 pm
but no email has been sent out side at that time by that email address.

from my understanding : message trackign with show outgoing and imcommign message is nto it ??

so what shall i assume, my server has been compromised by spammer ??

 
0
fosiul01
Asked:
fosiul01
  • 4
  • 2
  • 2
  • +2
3 Solutions
 
rakeshmiglaniCommented:
you can ask Shawbiz.ca to check the smtp header of the "spam" mail that he received.
it could have been that the email that Shawbiz.ca got did not generate from your server but the "spammer" must have used your domain name to send out the "spam" message from another server.
0
 
Karl12347Commented:
Spammers can make up any email address they want even if the domain does not belong to them. I would not worry about this. I would only worry if these spam emails are coming through to your company internally.
It is very unlikely that the exchange server has been compromised.
Any decent spam filter software should pickup the emails by the content anyway.

Hope this helps.
Karl
0
 
tsorensen55Commented:
Your server isn't compromised, spammers use "spoofing" which basically means they can use any email address they want. Tell the person who notified you to look at the message headers and verify the server name the message came from. If it didn't originate from your server then you should be fine.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
fosiul01Author Commented:
But what is this message header ??
suppose , some company has Contact us form, where you need to write your email address.
if  i type someone elses email address, such as user1@mycompany.com so that company will think , Some one called user1 from mycompany has been sent the email is not it ??

but what will show in message header ??
0
 
TriviousCommented:
This is not uncommon, but you would be wise to get a SPAM appliance anyways. You shouldn't have an unprotected network either way. I have a barracuda SPAM filter 300 for 75 clients and my spam and spoofing has been dramatically reduced!
0
 
fosiul01Author Commented:
no, i am not getting spam from outsider, i am saying about : if my servr has been compromised by spammer, if they are sending email by using my sever .

as far i know, spam protection will protect you from getting email address from spammer. but it will not protect you if someone is tryign to sent spamming email by using your server, is nto it ??

and my server is not open relay
0
 
rakeshmiglaniCommented:
the message header shows details about the servers and ip address from where the message originated.
check http://www.emailaddressmanager.com/tips/header.html and http://www.uic.edu/depts/accc/newsletter/adn29/headers.html to understand more about it.
0
 
tsorensen55Commented:
In outlook message headers can be viewed generally by right clicking on the message and choosing the message options. Once in there towards the bottom you will see Internet Headers and it will contain data similar to the below which is one of my messages received from one of my vendors.

The part that details originating server i will just put right here so you know what to look for:
Received: from mailout.vendor.com (mailout.vendor.com [12.*.*.*]) by cuda2.mydomain.com with ESMTP
--That line shows you my cuda2 server received the message from mailout.vendor.com, if he looks at his message header and sees Received: from "anything but your domainname.com" then it was not sent by your server and you are neither compromised nor at fault, simply a victim of spoofing.

Microsoft Mail Internet Headers Version 2.0
Received: from server.mydomain.com ([192.*.*.*]) by server.mydomain.com with Microsoft SMTPSVC(6.0.3790.3959);
       Wed, 11 Jun 2008 10:23:41 -0500
Received: from cuda2.mydomain.com ([192.*.*.*]) by server.mydomain.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959);
       Wed, 11 Jun 2008 10:23:38 -0500
X-ASG-Debug-ID: 1213197808-25da00ee0000-zLxarx
X-Barracuda-URL: http://192.*.*.*:8000/cgi-bin/mark.cgi
Received: from mailout.vendor.com (localhost [127.0.0.1])
      by cuda2.mydomain.com (Spam Firewall) with ESMTP
      id 48CDD998EE7; Wed, 11 Jun 2008 10:23:28 -0500 (CDT)
Received: from mailout.vendor.com (mailout.vendor.com [12.*.*.*]) by cuda2.mydomain.com with ESMTP id JAmGTj6XyYMvtgew; Wed, 11 Jun 2008 10:23:28 -0500 (CDT)
X-ASG-Whitelist: Barracuda Reputation
X-IronPort-AV: E=Sophos;i="4.27,624,1204524000";
   d="pdf'?scan'208,217";a="54356525"
X-CSIP: YES
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
0
 
fosiul01Author Commented:
Hi guys thanks
i emailed that guy to copy and past message header .
he has read the email , so now i am waiting for the reply

let him reply, then i will past the reply here .

0
 
fosiul01Author Commented:
Hi guys,
 that guy sent me header message, i have checked, the Sender Ip does not match with our Ip and server address.
so i reply him back to say, this is not from our company!!

thanks for helping me out here
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 4
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now