URGENT: Exchange Server Spamming Local Mailboxes (Header Included)
Posted on 2009-04-01
Note the ".local" in the header.
If requested, I will furnish the source of the entire email.
Received: by SERVER.DOMAIN.local
id <01C99F17.21198B9A@SERVER.DOMAIN.local>; Sat, 7 Mar 2009 05:23:24 -0600
X-MimeOLE: Produced By Microsoft Exchange V6.5
Subject: SCAMMED VICTIM/ URGENT RESPONDS FOR YOUR $2.8 MILLION COMPENSATION
Date: Thu, 2 Apr 2009 13:09:07 -0600
Thread-Topic: SCAMMED VICTIM/ URGENT RESPONDS FOR YOUR $2.8 MILLION COMPENSATION
From: "Prof Musa Ahmed" <firstname.lastname@example.org>
To: "undisclosed-recipients" <undisclosed-recipients:;>
Our Firewall is locked down to only talk to an external MX service that filters spam. All inbound headers originate from the MX service.
No virus/worm infections were found on Exchange server.
Exchange server could be sending emails locally as a result of SMTP relay settings
Outbound SMTP is fine, and nothing is going out that shouldn't be. This was verified by System Manager, External MX solution, and firewall activitiy. Traffic is normal
I may have been lucky and found the very beginning instance of this problem, but I am not sure.
Journaling is enabled on a specific account for mail archival (not sure if this would be related)
There is no antivirus installed on Exchange server being external MX scans all inbound/outbound email.
According to my journaling information, this email was received TOMORROW (April 2, 2009) Present date as of now is April 1, 2009