Solved

Exchange server and spammer

Posted on 2008-06-11
10
539 Views
Last Modified: 2008-06-12
Hi,  
out Server is not open relay. still  there is any way to find out if my server has been compromised by spammer or not ??

because today, i have received an email from Shawbiz.ca, the guy saying someone at 9.48 pm sent him email from our company email address which is actally spam email.

the username he said, we dont have any user , i have check message tracking to check what happended 9.48 pm
but no email has been sent out side at that time by that email address.

from my understanding : message trackign with show outgoing and imcommign message is nto it ??

so what shall i assume, my server has been compromised by spammer ??

 
0
Comment
Question by:fosiul01
  • 4
  • 2
  • 2
  • +2
10 Comments
 
LVL 35

Accepted Solution

by:
rakeshmiglani earned 300 total points
ID: 21760580
you can ask Shawbiz.ca to check the smtp header of the "spam" mail that he received.
it could have been that the email that Shawbiz.ca got did not generate from your server but the "spammer" must have used your domain name to send out the "spam" message from another server.
0
 
LVL 3

Assisted Solution

by:Karl12347
Karl12347 earned 60 total points
ID: 21760597
Spammers can make up any email address they want even if the domain does not belong to them. I would not worry about this. I would only worry if these spam emails are coming through to your company internally.
It is very unlikely that the exchange server has been compromised.
Any decent spam filter software should pickup the emails by the content anyway.

Hope this helps.
Karl
0
 
LVL 3

Expert Comment

by:tsorensen55
ID: 21760628
Your server isn't compromised, spammers use "spoofing" which basically means they can use any email address they want. Tell the person who notified you to look at the message headers and verify the server name the message came from. If it didn't originate from your server then you should be fine.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 29

Author Comment

by:fosiul01
ID: 21760661
But what is this message header ??
suppose , some company has Contact us form, where you need to write your email address.
if  i type someone elses email address, such as user1@mycompany.com so that company will think , Some one called user1 from mycompany has been sent the email is not it ??

but what will show in message header ??
0
 
LVL 3

Expert Comment

by:Trivious
ID: 21760677
This is not uncommon, but you would be wise to get a SPAM appliance anyways. You shouldn't have an unprotected network either way. I have a barracuda SPAM filter 300 for 75 clients and my spam and spoofing has been dramatically reduced!
0
 
LVL 29

Author Comment

by:fosiul01
ID: 21760732
no, i am not getting spam from outsider, i am saying about : if my servr has been compromised by spammer, if they are sending email by using my sever .

as far i know, spam protection will protect you from getting email address from spammer. but it will not protect you if someone is tryign to sent spamming email by using your server, is nto it ??

and my server is not open relay
0
 
LVL 35

Expert Comment

by:rakeshmiglani
ID: 21760735
the message header shows details about the servers and ip address from where the message originated.
check http://www.emailaddressmanager.com/tips/header.html and http://www.uic.edu/depts/accc/newsletter/adn29/headers.html to understand more about it.
0
 
LVL 3

Assisted Solution

by:tsorensen55
tsorensen55 earned 140 total points
ID: 21761572
In outlook message headers can be viewed generally by right clicking on the message and choosing the message options. Once in there towards the bottom you will see Internet Headers and it will contain data similar to the below which is one of my messages received from one of my vendors.

The part that details originating server i will just put right here so you know what to look for:
Received: from mailout.vendor.com (mailout.vendor.com [12.*.*.*]) by cuda2.mydomain.com with ESMTP
--That line shows you my cuda2 server received the message from mailout.vendor.com, if he looks at his message header and sees Received: from "anything but your domainname.com" then it was not sent by your server and you are neither compromised nor at fault, simply a victim of spoofing.

Microsoft Mail Internet Headers Version 2.0
Received: from server.mydomain.com ([192.*.*.*]) by server.mydomain.com with Microsoft SMTPSVC(6.0.3790.3959);
       Wed, 11 Jun 2008 10:23:41 -0500
Received: from cuda2.mydomain.com ([192.*.*.*]) by server.mydomain.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959);
       Wed, 11 Jun 2008 10:23:38 -0500
X-ASG-Debug-ID: 1213197808-25da00ee0000-zLxarx
X-Barracuda-URL: http://192.*.*.*:8000/cgi-bin/mark.cgi
Received: from mailout.vendor.com (localhost [127.0.0.1])
      by cuda2.mydomain.com (Spam Firewall) with ESMTP
      id 48CDD998EE7; Wed, 11 Jun 2008 10:23:28 -0500 (CDT)
Received: from mailout.vendor.com (mailout.vendor.com [12.*.*.*]) by cuda2.mydomain.com with ESMTP id JAmGTj6XyYMvtgew; Wed, 11 Jun 2008 10:23:28 -0500 (CDT)
X-ASG-Whitelist: Barracuda Reputation
X-IronPort-AV: E=Sophos;i="4.27,624,1204524000";
   d="pdf'?scan'208,217";a="54356525"
X-CSIP: YES
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
0
 
LVL 29

Author Comment

by:fosiul01
ID: 21761591
Hi guys thanks
i emailed that guy to copy and past message header .
he has read the email , so now i am waiting for the reply

let him reply, then i will past the reply here .

0
 
LVL 29

Author Comment

by:fosiul01
ID: 21767080
Hi guys,
 that guy sent me header message, i have checked, the Sender Ip does not match with our Ip and server address.
so i reply him back to say, this is not from our company!!

thanks for helping me out here
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Antivirus on Exchange 3 37
Extend AD Schema to 2008 R2 after domain upgrade. 5 39
Manage Mobile Phones (devices) 6 49
Gmail with domain mail 8 29
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question