We help IT Professionals succeed at work.

Exchange 2007 SP3 -SPAM to anything@ourdomain.com

johnj_01201
johnj_01201 asked
on
We have 2 spam issues. The 1st I see answers for - how to stop spam from spoofed senders @ourdomain.com. The second issue we have is users are getting email addressed to fictitous users. I do not see anything in the header to see why they get these. For example bob@ourdomain.com is getting spam that says it is to "accounting@ourdomain.com" or "popcorn@ourdomain.com"
I am not able to see or find a link between the spoofed "TO:" and the actual recipients.
We get dozens of these per day to many of our email accounts. The spoofed names@ourdomain.com are usually random except for "accounting@ourdomain.com" comes in almost daily.
Comment
Watch Question

Technical Development Lead
Commented:
Have you concidered that they may be CCed or even BCCed to the other email address? Use the exchange message tracking facility?

http://www.msexchange.org/tutorials/exchange-2007-message-tracking-part1.html
Commented:
I would check your connector settings and if you're running an open relay in exchange or not.

http://blogs.technet.com/b/exchange/archive/2006/11/17/3397307.aspx

test if you have an open relay here

http://www.abuse.net/relay.html



John EastonDirector
Commented:
Spammers use a lot of tricks to try and bypass anti-spam software.  However, to address your questions:

1. There is not much you can do about this as it is usually generated by other servers (unless your server is an open relay as mentioned above).  However, make sure you have an SPF record on your domain's DNS.  You may need your ISP to add this if you do not have access to you DNS records.  This can specify which IP addresses can send mail from your domain and therefore can help others in rejecting mail that comes from elsewhere.

2. This could be due to the MIME TO: address which you see in outlook being different to the SMTP TO: address used by the server to route the mail.  Many anti-spam software will have an option to check for this and block mail where this is different.
We do not have the Edge role installed, but it is behind a reverse proxy. I need to look into what you all posted. What about something I read to disable Anonymous access? For example a web page gave instructions to telnet into port 25 and say your billg@microsoft.com and then send the email to yourself. Also, we do not have relaying enabled and I ran a test to make sure.
John EastonDirector
Commented:
If your server recieves mail directly from the internet, and you disable Anonymous access then external mail servers will not be able to send mail to you.  Using telnet is a useful tool to test if your server is working well.

If however, your ISP recieves all your mail and you then download it from a POP mailbox then disabling incoming SMTP may help.  However, junk mail can still be recieved in your POP mailbox - particuarly if it is a 'catch all' address.

Author

Commented:
Thanks, all of the above has been helpful.