Solved

Exchange server and spammer

Posted on 2008-06-11
10
519 Views
Last Modified: 2008-06-12
Hi,  
out Server is not open relay. still  there is any way to find out if my server has been compromised by spammer or not ??

because today, i have received an email from Shawbiz.ca, the guy saying someone at 9.48 pm sent him email from our company email address which is actally spam email.

the username he said, we dont have any user , i have check message tracking to check what happended 9.48 pm
but no email has been sent out side at that time by that email address.

from my understanding : message trackign with show outgoing and imcommign message is nto it ??

so what shall i assume, my server has been compromised by spammer ??

 
0
Comment
Question by:fosiul01
  • 4
  • 2
  • 2
  • +2
10 Comments
 
LVL 35

Accepted Solution

by:
rakeshmiglani earned 300 total points
ID: 21760580
you can ask Shawbiz.ca to check the smtp header of the "spam" mail that he received.
it could have been that the email that Shawbiz.ca got did not generate from your server but the "spammer" must have used your domain name to send out the "spam" message from another server.
0
 
LVL 3

Assisted Solution

by:Karl12347
Karl12347 earned 60 total points
ID: 21760597
Spammers can make up any email address they want even if the domain does not belong to them. I would not worry about this. I would only worry if these spam emails are coming through to your company internally.
It is very unlikely that the exchange server has been compromised.
Any decent spam filter software should pickup the emails by the content anyway.

Hope this helps.
Karl
0
 
LVL 3

Expert Comment

by:tsorensen55
ID: 21760628
Your server isn't compromised, spammers use "spoofing" which basically means they can use any email address they want. Tell the person who notified you to look at the message headers and verify the server name the message came from. If it didn't originate from your server then you should be fine.
0
 
LVL 29

Author Comment

by:fosiul01
ID: 21760661
But what is this message header ??
suppose , some company has Contact us form, where you need to write your email address.
if  i type someone elses email address, such as user1@mycompany.com so that company will think , Some one called user1 from mycompany has been sent the email is not it ??

but what will show in message header ??
0
 
LVL 3

Expert Comment

by:Trivious
ID: 21760677
This is not uncommon, but you would be wise to get a SPAM appliance anyways. You shouldn't have an unprotected network either way. I have a barracuda SPAM filter 300 for 75 clients and my spam and spoofing has been dramatically reduced!
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 29

Author Comment

by:fosiul01
ID: 21760732
no, i am not getting spam from outsider, i am saying about : if my servr has been compromised by spammer, if they are sending email by using my sever .

as far i know, spam protection will protect you from getting email address from spammer. but it will not protect you if someone is tryign to sent spamming email by using your server, is nto it ??

and my server is not open relay
0
 
LVL 35

Expert Comment

by:rakeshmiglani
ID: 21760735
the message header shows details about the servers and ip address from where the message originated.
check http://www.emailaddressmanager.com/tips/header.html and http://www.uic.edu/depts/accc/newsletter/adn29/headers.html to understand more about it.
0
 
LVL 3

Assisted Solution

by:tsorensen55
tsorensen55 earned 140 total points
ID: 21761572
In outlook message headers can be viewed generally by right clicking on the message and choosing the message options. Once in there towards the bottom you will see Internet Headers and it will contain data similar to the below which is one of my messages received from one of my vendors.

The part that details originating server i will just put right here so you know what to look for:
Received: from mailout.vendor.com (mailout.vendor.com [12.*.*.*]) by cuda2.mydomain.com with ESMTP
--That line shows you my cuda2 server received the message from mailout.vendor.com, if he looks at his message header and sees Received: from "anything but your domainname.com" then it was not sent by your server and you are neither compromised nor at fault, simply a victim of spoofing.

Microsoft Mail Internet Headers Version 2.0
Received: from server.mydomain.com ([192.*.*.*]) by server.mydomain.com with Microsoft SMTPSVC(6.0.3790.3959);
       Wed, 11 Jun 2008 10:23:41 -0500
Received: from cuda2.mydomain.com ([192.*.*.*]) by server.mydomain.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959);
       Wed, 11 Jun 2008 10:23:38 -0500
X-ASG-Debug-ID: 1213197808-25da00ee0000-zLxarx
X-Barracuda-URL: http://192.*.*.*:8000/cgi-bin/mark.cgi
Received: from mailout.vendor.com (localhost [127.0.0.1])
      by cuda2.mydomain.com (Spam Firewall) with ESMTP
      id 48CDD998EE7; Wed, 11 Jun 2008 10:23:28 -0500 (CDT)
Received: from mailout.vendor.com (mailout.vendor.com [12.*.*.*]) by cuda2.mydomain.com with ESMTP id JAmGTj6XyYMvtgew; Wed, 11 Jun 2008 10:23:28 -0500 (CDT)
X-ASG-Whitelist: Barracuda Reputation
X-IronPort-AV: E=Sophos;i="4.27,624,1204524000";
   d="pdf'?scan'208,217";a="54356525"
X-CSIP: YES
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
0
 
LVL 29

Author Comment

by:fosiul01
ID: 21761591
Hi guys thanks
i emailed that guy to copy and past message header .
he has read the email , so now i am waiting for the reply

let him reply, then i will past the reply here .

0
 
LVL 29

Author Comment

by:fosiul01
ID: 21767080
Hi guys,
 that guy sent me header message, i have checked, the Sender Ip does not match with our Ip and server address.
so i reply him back to say, this is not from our company!!

thanks for helping me out here
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now