Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Exchange 2007 appending "Spam:" in thesubject field of all emails

Posted on 2013-01-08
9
Medium Priority
?
161 Views
Last Modified: 2016-06-30
Hi,
We are running Exchange 2007 and have come across an issue where nearly all our emails are being appended with "Spam:" in the subject field.

This started happening when we got back from out christmas holiday.  I did learn that the exchange server went down over the holiday period and someone came in and reset the server.  I'm wondering if this may have finished off installing an update of some sort and changed the settings.

I could not find any settings to change or even where to look whether it be in exchange management console or our anti-virus program, we are running Trend Micro Worry Free Business server edition.  I couldn't find any settings regarding filtering emails.

This "Spam:" notice is also happening to some of our internal emails and from people we send and receive emails to and from everyday.

Here is a copy of the header of one of the emails:

Received: from SERVER-SBS.synergy.local ([fe80::7d3c:eb01:8dde:c4a4]) by
 SERVER-SBS.synergy.local ([fe80::7d3c:eb01:8dde:c4a4%10]) with mapi; Mon, 7
 Jan 2013 11:41:59 +1000
Content-Type: application/ms-tnef; name="winmail.dat"
Content-Transfer-Encoding: binary
From: Selena Beard <admin@synergysystems.com.au>
To:  Matt Byers <Matt@synergysystems.com.au>
Date: Mon, 7 Jan 2013 11:41:57 +1000
Subject: Spam: MINUTES 07/01/2013
Thread-Topic: MINUTES 07/01/2013
Thread-Index: Ac3seC2/mEe6RNbeRciRz/A3T3AvHw==
Message-ID: <010EEA728745C04392A54F5253898B480205B9C32509@SERVER-SBS.synergy.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-Exchange-Organization-SCL: -1
X-MS-TNEF-Correlator: <010EEA728745C04392A54F5253898B480205B9C32509@SERVER-SBS.synergy.local>
MIME-Version: 1.0
X-TM-AS-Product-Ver: SMEX-8.6.0.1374-7.000.1014-19022.003
X-TM-AS-Result: No-15.132900-8.000000-31
X-TM-AS-User-Approved-Sender: No
X-TM-AS-User-Blocked-Sender: No

If you require any more information, I will be happy to provide.

Notice: I do have a lot of experience in computer systems but not a great deal in exchange servers.  I did notice the SCL is rated at -1 where i thought it could only be rated from 0-9?

Thank you,
Matt
0
Comment
Question by:mattyjb
  • 3
  • 3
7 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 38757348
I  saw such issues when GFI mail essentials was installed as an antispam and configured to append spam word in email subject...


Check GFI config ( if it is used as an antispam software, if not check the anispam is it is configured to do so).
0
 

Author Comment

by:mattyjb
ID: 38757430
Thank you for the reply,
We are not running GFI unfortunately, however I will have another look through the AntiSpam tab in exchange management console although the last couple of times I looked I could not find any settings or options relating to what to do with any emails that could 'possibly' be spam.

Thank you again.
0
 
LVL 22

Accepted Solution

by:
Larry Struckmeyer MVP earned 2000 total points
ID: 38757549
X-TM-AS-Product-Ver: SMEX-8.6.0.1374-7.000.1014-19022.003
X-TM-AS-Result: No-15.132900-8.000000-31
X-TM-AS-User-Approved-Sender: No
X-TM-AS-User-Blocked-Sender: No

Those lines are from Trend Micro.  It appears that either it is set to mark at too low a level, or the mail is being scanned by their "cloud" servers and giving too many false positives.  Since the message you posted is an internal message, or appears to be, it must be the SMEX scanner on the local exchange server.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:mattyjb
ID: 38757842
Thank you for that info, that has helped me a lot in what I am looking for.

For some reason I couldn't find ScanMail on the server although I did find the set up file for it.

I love taking over the Server after the usual person has left.

If there is anything else anyone can tell me about the above issue it would be greatly appreciated as the more information I get, the more understanding I can get on this sort of thing.
0
 
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 38758373
Compare the MX records of your public DNS records to the public IP of your local edge device... same or different?
0
 

Author Comment

by:mattyjb
ID: 38761474
I havent compared the public DNS record to the Public IP of the Local edge device as that went a little over my head.  

I did however notice the behavour with the emails where the 'Spam:' in the subject field is clearing up.  It seems to stop labeling it spam after 2 or 3 emails from the same person.  Like its trying to 're-learn' what the normal day to day or what the safe email addresses are.

If this sounds like a normal thing for an anti-spam program to do then I guess hooray for us!  Maybe something was reset in the new year and the antispam is learning it again, I have no idea, however it seems to be slowly clearing up.

Thank you for your insight, I did learn a little bit from you guys.

If you have anything to add to this comment about the behavour of the emails, please do as I would like your insight.  
If not, again thank you.
0
 
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 41684140
It does appear to me that my response suggesting the Trend Micro SMEX scanner was indeed the answer to the question.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
Among the most obnoxious of Exchange errors is error 1216 – Attached Database Mismatch error of the Jet Database Engine. When faced with this error, users may have to suffer from mailbox inaccessibility and in worst situations, permanent data loss.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question