• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 662
  • Last Modified:

Thousands of junk email arriving at user mailbox.

Hi Experts,

We are using exchange 2003 server SP2 in front end and backend configuration. front end is hosted in dmz and back end is placed in internal network.

We are getting thousands of email to one particular user from one email address and all mails are going to junk email folder on users outlook 2003. As soon as users start outlook 2003 mail starts coming so legitimate mails are not able to come into inbox.

My questions are: 1) How to stop these mails coming to users inbox?
2) Sender of junk email has mail address as xyz@mycompany.com, where mycompany.com is my domain name. But xyz user is not actually active directory user. so how this is possible that spammer is using my domain name. I have not enabled relaying in exchange.

Thanks
RJP55
0
rjp55
Asked:
rjp55
  • 5
  • 3
  • 2
  • +1
3 Solutions
 
Glen KnightCommented:
Configure recipient filtering as per: http://support.microsoft.com/kb/886208

make sure you check the box to filter recipients not in the directory.
0
 
flyingskyCommented:
Well, what kind of anti-spam are you using?
For your question number 2, the sender's email address can be changed easily. So when the spam emails say coming from xyz@mycompany.com, it's not true. Check the IP address, that's where they really are coming from.
To me, it looks like there's some kind of spy ware on that machine, based on the fact that "As soon as users start outlook 2003 mail starts coming". Have you tried another machine with the same user account?
0
 
farazhkhanCommented:
Hi,

This is what we called E-mail Address Spoofing, I would advice you to read these:
http://technet.microsoft.com/en-us/library/aa997157(EXCHG.65).aspx
http://www.msexchange.org/tutorials/Hardening-Exchange-Server-2003-Environment-Part3.html

The best method to deal with these kind of attacks is SPF which allows you to explicitly state exactly which SMTP Servers are allowed to send as your domain name. Although we should note that people have to be checking the record for it to do any good.
Anyway, I'd advise you configure one, it will certainly help.
This is the projects web page: http://www.openspf.org/

Regards,
Faraz H. Khan
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
Glen KnightCommented:
Also check your relay settings to make sure your only allowing authenticated users to send mail.

There are a few options here: http://technet.microsoft.com/en-us/kb/kb00324958.aspx

and another document here: http://support.microsoft.com/kb/821746
0
 
Glen KnightCommented:
SPF is only checked when you are sending messages or if you have a spam service that checks for other peoples SPF when you receive mail.

Either way it's unlikely to help in this situation.  The openspf.org hasn't been working for a while I would recommend this one: http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
0
 
rjp55Author Commented:
I am using GFI mail essential on my front end exchange server.
0
 
rjp55Author Commented:
How can I check the IP address from where this emails are coming, flyingsky?
0
 
flyingskyCommented:
In OL, right click one of the spam email -> message options
0
 
rjp55Author Commented:
I configured recipent filtering as mentioned. I have configured it on backend and frontend. But still one user is getting thousands of spam.
0
 
rjp55Author Commented:
I even configured GFI mail essential in GFI custom black list to block that particular email address on my front end server. But still problem persists , as soon as one user starts outlook 2003 his junk email filter starts with that spam message. and  message count starts increasing from one, two so on.

Please help me..... to fix this...
0
 
rjp55Author Commented:
Actually it was exchange database problem so i ran eseutil /p on my backend server and the problem solved...
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

  • 5
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now