Internal Spammer or External Spammer
How do i find out if Spam is coming from Internal or External Source.
My queues are filled with Spam and i have no way of finding out where it is coming from.
I want to stop it somehow too ... Can i setup a rule to drop it or something ?
My queues are filled with Spam and i have no way of finding out where it is coming from.
I want to stop it somehow too ... Can i setup a rule to drop it or something ?
See to which address those mails are getting delivered. Open that mailbox and see the message header of one spam. See from where its generating and take the corrective actions.
Good luck
Shaba
Good luck
Shaba
ASKER
Queues are going out... addresses are .HINET or Yahoo, See header below... No Internal IP listed....
Identity: mail07\83\626
Subject: Undeliverable: ¡¹¡¹§Ú¦³¤@¥÷ݾªº¤u§@¤¶²Ð
Internet Message ID: <31cce163-e08d-4032-9d61-d
From Address: <>
Status: Ready
Size (KB): 36
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 10/19/2011 12:32:31 PM
Expiration Time: 10/21/2011 12:32:31 PM
Last Error:
Queue ID: mail07\83
Recipients: biotgrdqvxvyjw@ms12.hinet.
Identity: mail07\83\626
Subject: Undeliverable: ¡¹¡¹§Ú¦³¤@¥÷ݾªº¤u§@¤¶²Ð
Internet Message ID: <31cce163-e08d-4032-9d61-d
From Address: <>
Status: Ready
Size (KB): 36
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 10/19/2011 12:32:31 PM
Expiration Time: 10/21/2011 12:32:31 PM
Last Error:
Queue ID: mail07\83
Recipients: biotgrdqvxvyjw@ms12.hinet.
How do i find out if Spam is coming from Internal or External Source.Put your server into http://www.mxtoolbox.com/diagnostic.aspx and make sure it is not an open relay.
If it comes back clean, then the spam is originating from inside your network and/or allowed relay domains.
ASKER
This is what came back. Now how do i close the relay (as i thought i had !).
ASKER
Guys,
This is gone on for a number of days and no-one seems to be able to at least offer me a rule or something that says drop all mail send from external email address from inside the organisation (that's the only thing that is common, the mails are send from external address to external address)....there surely has to be someway to stop the mail flowing out first and foremost without effecting mail from domain addresses. I can find the problem after but this is vital i at least drop these mails before they get outside to interntet....
Cheers,
P.
This is gone on for a number of days and no-one seems to be able to at least offer me a rule or something that says drop all mail send from external email address from inside the organisation (that's the only thing that is common, the mails are send from external address to external address)....there surely has to be someway to stop the mail flowing out first and foremost without effecting mail from domain addresses. I can find the problem after but this is vital i at least drop these mails before they get outside to interntet....
Cheers,
P.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This is gone on for a number of days and no-one seems to be able to at least offer me a rule or something that says drop all mail send from external email address from inside the organisationYes, and you just answered the last question we had last night, and it did show that you have an open relay. It's not like nobody has been trying to point you in the right direction.
Be patient.
Close the open relay as lucid8 instructed and we'll go from there.
ASKER
I got it sorted. I needed to disable the internal relay and Allow anonymous users on default connector.
I have had this issue a number of days and logged more than one question on various forums and no-one suggested this solution...I posted the "this has been going on for a number of days......" post out of frustration and posted to any forum i asked the question in...so apologies if i seemed impatient as this was only a recent thread i started....If you can imagine i had 3 days of mail flowing out and no-one suggested a rule or anything to stop it, i looked up forums to stop open relays and did all that was required.... Checked logs, put in transport rules...nada !!! So i called MS and boom...Solved! I'm sorry if i seemed petulant...
I have had this issue a number of days and logged more than one question on various forums and no-one suggested this solution...I posted the "this has been going on for a number of days......" post out of frustration and posted to any forum i asked the question in...so apologies if i seemed impatient as this was only a recent thread i started....If you can imagine i had 3 days of mail flowing out and no-one suggested a rule or anything to stop it, i looked up forums to stop open relays and did all that was required.... Checked logs, put in transport rules...nada !!! So i called MS and boom...Solved! I'm sorry if i seemed petulant...
Glad you got it sorted and yeah I imagine it wasn't a fun time for you eh?
ASKER
Ha Ha.... not fun at all...Thanks for your help all the same...
Thanks for the points much appreciated
ASKER