Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 505
  • Last Modified:

Spam to webmaster address lands in users mailbox

We have a user that is receiving spam that is meant for webmaster@ourdomain.com
The webmaster email address does not exist in our exchange organisation or if it does I can't find it.
IMF is enabled but no luck in stopping it!
How is this spam making all the way to a users mailbox.
Attached Internet Headers from Outlook 2007.
p.s. removed ip address and dns names of our ISP

-----------------------------------------
Microsoft Mail Internet Headers Version 2.0
Received: from ourisp ([ip_address]) by ourexchange server with Microsoft
 SMTPSVC(6.0.3790.3959); Thu, 2 Oct 2008 17:07:05 +0200
Content-Transfer-Encoding: 7bit
Importance: normal
Priority: normal
Received: from ourisp ([ipaddress]) by ourisp with Microsoft SMTPSVC(6.0.3790.3959); Thu, 2 Oct 2008 17:06:58 +0200
Received: from 27.Red-80-32-151.staticIP.rima-tde.net ([80.32.151.27]) by ourisp
 with Microsoft SMTPSVC(6.0.3790.1830); Thu, 2 Oct 2008 17:08:32 +0200
From: "Saeng" <Saeng-kremruek@BANKTRUSTBREWTON.COM>
To: <webmaster@ourdomain.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4073
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;boundary="----=_NextPart_000_000E_01C924B1.4DA1CAF0"
Subject: We are sure that lengthening will help you boost your intimate life!
Date: Thu, 2 Oct 2008 17:07:08 +0200
Message-ID: <000d01c924a0$8a18faf0$1b972050@claudia>
X-MS-TNEF-Correlator:
Thread-Topic: We are sure that lengthening will help you boost your intimate life!
thread-index: AckksU2hOsoP3cUaSamsMQW56QlpLg==
Return-Path: <Saeng-kremruek@BANKTRUSTBREWTON.COM>
X-OriginalArrivalTime: 02 Oct 2008 15:08:32.0734 (UTC) FILETIME=[BC2F17E0:01C924A0]

------=_NextPart_000_000E_01C924B1.4DA1CAF0
Content-Type: text/plain;charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
X-EC0D2A8E-5CB7-4969-9C36-46D859D137BE-PartID: C4EA93A3-6506-4D9E-9811-52EDB5923234

------=_NextPart_000_000E_01C924B1.4DA1CAF0
Content-Type: text/html;charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
X-EC0D2A8E-5CB7-4969-9C36-46D859D137BE-PartID: D01DAAC3-57A3-4142-9030-343A28A8A373


------=_NextPart_000_000E_01C924B1.4DA1CAF0--
0
SACUADMIN
Asked:
SACUADMIN
  • 6
  • 4
  • 2
1 Solution
 
gke565Commented:
Is it possible the user has a secondary SMTP address listed in their profile from long ago?  Is email from another account being forwared to this user?
0
 
SACUADMINAuthor Commented:
I have checked the profile and I can find no reference to the "webmail" address. No email from another account is being forwarded to the user. I am truly stumped.
0
 
robrandonCommented:
If you address an email internally to the webmaster@ourdomain.com address, does it go to that user?

Does that address resolve when you enter it in Outlook?  What happens when you click the properties of that address?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
SACUADMINAuthor Commented:
If I address it internally I get...
"The e-mail account does not exist at the organization this message was sent to.  Check the e-mail address, or contact the recipient directly to find out the correct address".

Properties for the address just brings up the "Email Properties" dialog.

However if I send to it from an external address, it lands straight in the user's mailbox

0
 
gke565Commented:
Are you hosting your own domain on exchange for the email - or are you POP'g an outside server?
0
 
SACUADMINAuthor Commented:
We are not hosting our own domain on exchange.
Mail is routed via an ISP to our exchange environment.
0
 
gke565Commented:
I would bet then that the ISP has a forwarded to the user, probably because that was the user that set up the account and the ISP required a webmaster address.  Best to set up a webmaster account internally and have the ISP change the pointer.
0
 
SACUADMINAuthor Commented:
Thanks I will get in touch with the ISP and find out.

For my education, Are you saying the ISP could create any email address and forward it to a user in our domain and we could do nothing to stop it?

Doesn't sound right? :-(

0
 
robrandonCommented:
If they are hosting your Exchange they would be able to.
0
 
gke565Commented:
Some ISPs will require a webmaster or postmaster account as part of their agreement, mostly to deflect questions about your company to you.  You might want to do a whois on your domain and see what the contacts are for it.
0
 
SACUADMINAuthor Commented:
Thats my worry. They are not hosting our exchange. All the mailboxes and accounts are internal. They are just forwarding mail meant for our domain to our exchange server via a front-end Exchange Server.

0
 
SACUADMINAuthor Commented:
Thanks it was forwarded by the ISP.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

  • 6
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now