?
Solved

Spam to webmaster address lands in users mailbox

Posted on 2008-10-02
12
Medium Priority
?
507 Views
Last Modified: 2010-04-21
We have a user that is receiving spam that is meant for webmaster@ourdomain.com
The webmaster email address does not exist in our exchange organisation or if it does I can't find it.
IMF is enabled but no luck in stopping it!
How is this spam making all the way to a users mailbox.
Attached Internet Headers from Outlook 2007.
p.s. removed ip address and dns names of our ISP

-----------------------------------------
Microsoft Mail Internet Headers Version 2.0
Received: from ourisp ([ip_address]) by ourexchange server with Microsoft
 SMTPSVC(6.0.3790.3959); Thu, 2 Oct 2008 17:07:05 +0200
Content-Transfer-Encoding: 7bit
Importance: normal
Priority: normal
Received: from ourisp ([ipaddress]) by ourisp with Microsoft SMTPSVC(6.0.3790.3959); Thu, 2 Oct 2008 17:06:58 +0200
Received: from 27.Red-80-32-151.staticIP.rima-tde.net ([80.32.151.27]) by ourisp
 with Microsoft SMTPSVC(6.0.3790.1830); Thu, 2 Oct 2008 17:08:32 +0200
From: "Saeng" <Saeng-kremruek@BANKTRUSTBREWTON.COM>
To: <webmaster@ourdomain.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4073
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;boundary="----=_NextPart_000_000E_01C924B1.4DA1CAF0"
Subject: We are sure that lengthening will help you boost your intimate life!
Date: Thu, 2 Oct 2008 17:07:08 +0200
Message-ID: <000d01c924a0$8a18faf0$1b972050@claudia>
X-MS-TNEF-Correlator:
Thread-Topic: We are sure that lengthening will help you boost your intimate life!
thread-index: AckksU2hOsoP3cUaSamsMQW56QlpLg==
Return-Path: <Saeng-kremruek@BANKTRUSTBREWTON.COM>
X-OriginalArrivalTime: 02 Oct 2008 15:08:32.0734 (UTC) FILETIME=[BC2F17E0:01C924A0]

------=_NextPart_000_000E_01C924B1.4DA1CAF0
Content-Type: text/plain;charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
X-EC0D2A8E-5CB7-4969-9C36-46D859D137BE-PartID: C4EA93A3-6506-4D9E-9811-52EDB5923234

------=_NextPart_000_000E_01C924B1.4DA1CAF0
Content-Type: text/html;charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
X-EC0D2A8E-5CB7-4969-9C36-46D859D137BE-PartID: D01DAAC3-57A3-4142-9030-343A28A8A373


------=_NextPart_000_000E_01C924B1.4DA1CAF0--
0
Comment
Question by:SACUADMIN
  • 6
  • 4
  • 2
12 Comments
 
LVL 3

Expert Comment

by:gke565
ID: 22626203
Is it possible the user has a secondary SMTP address listed in their profile from long ago?  Is email from another account being forwared to this user?
0
 

Author Comment

by:SACUADMIN
ID: 22626300
I have checked the profile and I can find no reference to the "webmail" address. No email from another account is being forwarded to the user. I am truly stumped.
0
 
LVL 16

Expert Comment

by:robrandon
ID: 22626412
If you address an email internally to the webmaster@ourdomain.com address, does it go to that user?

Does that address resolve when you enter it in Outlook?  What happens when you click the properties of that address?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 

Author Comment

by:SACUADMIN
ID: 22626524
If I address it internally I get...
"The e-mail account does not exist at the organization this message was sent to.  Check the e-mail address, or contact the recipient directly to find out the correct address".

Properties for the address just brings up the "Email Properties" dialog.

However if I send to it from an external address, it lands straight in the user's mailbox

0
 
LVL 3

Expert Comment

by:gke565
ID: 22626568
Are you hosting your own domain on exchange for the email - or are you POP'g an outside server?
0
 

Author Comment

by:SACUADMIN
ID: 22626596
We are not hosting our own domain on exchange.
Mail is routed via an ISP to our exchange environment.
0
 
LVL 3

Accepted Solution

by:
gke565 earned 1000 total points
ID: 22626643
I would bet then that the ISP has a forwarded to the user, probably because that was the user that set up the account and the ISP required a webmaster address.  Best to set up a webmaster account internally and have the ISP change the pointer.
0
 

Author Comment

by:SACUADMIN
ID: 22626701
Thanks I will get in touch with the ISP and find out.

For my education, Are you saying the ISP could create any email address and forward it to a user in our domain and we could do nothing to stop it?

Doesn't sound right? :-(

0
 
LVL 16

Expert Comment

by:robrandon
ID: 22626720
If they are hosting your Exchange they would be able to.
0
 
LVL 3

Expert Comment

by:gke565
ID: 22626725
Some ISPs will require a webmaster or postmaster account as part of their agreement, mostly to deflect questions about your company to you.  You might want to do a whois on your domain and see what the contacts are for it.
0
 

Author Comment

by:SACUADMIN
ID: 22626833
Thats my worry. They are not hosting our exchange. All the mailboxes and accounts are internal. They are just forwarding mail meant for our domain to our exchange server via a front-end Exchange Server.

0
 

Author Closing Comment

by:SACUADMIN
ID: 31502440
Thanks it was forwarded by the ISP.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Using Granular Exchange Recovery Software to recover specific items from corrupt Exchange mailboxes. With Granular recovery techniques,  repair exchange mailbox and then move single items objects stored in Exchange EDB Files such as emails, contacts…
In migration, Powershell can be a very crucial tool to achieve success and finalize projects within deadline or even fix issues. X500 or Legacy Exchange DN Attribute can cause lots of issue during the migration
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

568 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question