Link to home
Start Free TrialLog in
Avatar of Silencer001
Silencer001Flag for Belgium

asked on

Spam from internal network?

Hi everyone,

A customer of mine keeps getting spam emails from to They are using Trend Micro's Hosted Email Security for their spam. A policy is active to block * to *

Normally this would stop the spoofing, but the mails keep getting through. The strange thing is that the mailheaders don't point out that this mail is being filtered by trend micro. Maybe a client is infected with a virus that keeps sending spam?

This is the mailheader from the emails:
Received: from ( by
 ( with Microsoft SMTP Server id; Wed, 10 Aug 2011
 09:47:56 +0200
Received: from (account <> HELO	by (CommuniGate Pro SMTP 5.2.3)	with ESMTPA id 264460314 for
 <>; Wed, 10 Aug 2011 15:48:22 +0800
From: info <>
To: info <>
Date: Wed, 10 Aug 2011 09:48:22 +0200
Subject: Job Proposal
Thread-Topic: Job Proposal
Thread-Index: AcxXMdIw7Kk1fGVnRsaiFRZNzEmdpQ==
Message-ID: <>
X-MS-Exchange-Organization-SenderIdResult: None
X-MS-Exchange-Organization-PCL: 2
received-spf: None (SBS.theirdomain.local: does not designate
 permitted sender hosts)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0

Open in new window

I hope some of you can shed a light on this.

Kind regards,
Avatar of Miguel Angel Perez Muñoz
Miguel Angel Perez Muñoz
Flag of Spain image

This email came from outside:

Is a typical spoofing mail address.
Avatar of Silencer001


Ok thanks, just came up with this link:

But how comes that Trend Micro isn't filtering these messages? They don't even show up in the mailheaders and our only MX-record is pointing to trend micro.
Because local domain are same on origin and receipt, and software suppose that are internal.

Your antispam software uses RBL? Consider applying to better results.
And check to see if the spf record is set correctly, or if there even is one.
Avatar of Cliff Galiher
Cliff Galiher
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial