Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Email Spoof comes from our own domain

Posted on 2013-07-01
8
Medium Priority
?
1,353 Views
Last Modified: 2013-07-09
Hi Experts,

Recently we installed Barracuda Email filtering system on our network.  We have an in-house Excahange 2003 server.  We are getting  spam email sent out from our_username@ourdomain.com.  Is it caused by malware or adware? Is this server level or end user PC issue?

I really appreciate If you can give us some suggestion or solution to stop the spam.

We got the follow bounced-back message: I use John Don as user and my domain is abc.com.

Thank you so much in advance.

EN

***************************************************
From: MAILER-DAEMON@btinternet.com [mailto:MAILER-DAEMON@btinternet.com]
Sent: Saturday, June 29, 2013 10:10 AM
To: Don, John
Subject: Delivery failure

Message from btinternet.com.
Unable to deliver message to the following address(es).

<dgmck@btinternet.com>:
This user doesn't have a btinternet.com account (dgmck@btinternet.com) [0]

<ukangel69@btinternet.com>:
This user doesn't have a btinternet.com account (ukangel69@btinternet.com) [0]

--- Original message follows.

The original message is over 5K. Message truncated.

Return-Path: <jdon@abc.com>
X-YahooFilteredBulk: 65.20.0.12
Received-SPF: fail (domain of abc.com does not designate 65.20.0.12 as permitted sender)
X-YMailISG: o0gnU1QWLDsJVYem29kOqvMcGNRq5rxNyuBvqiTb82MOwrqP
 6NKaKrtJlXwR0DVblJ21C6.XsWH828_DXq5y9z3gNJ3keOD7GDxdEIJiiowr
 MinC2YlCpCOXJkFCf9Mj1F9AdsMLYuwmY2ehXHfmM80g6BGwZOtlHpaS0xIH
 gVBWJZ688bhX7OaSv1d0zFpbEGHNvNVsSHSSQxAcABOObioQASsx1Sb9XfvQ
 CUhrR9WexqQpqPVTRQx1Eu_oeDP_MsiAB8Tz03drEg6akYZT.TdJQbFfXSyK
 6ZNfzpuj0TSVk6B88U08c3QQufy7Xs.JnSZd13yS0qZVvMMOP4Ykcc0G2VBs
 56ksHOz_JOBT4SxBeIx2yGrzHjQAh80LzVzFfnq1wcvoYcr0nxNyHfmW4FqA
 2SeKtuXt8vgcP2d7fpiKaoJmf9sPyNefuHmc6wNMtJJwdjfPpH_380URgtB7
 VPnEJnXHEQPdXvaN.FEoklakXAE89zddDWDaX_P11IFFgaAKrBmVShrEXPUa
 7aGjXL2o8b_F.cMIkXdwVwkrtuNva.x5P_lpUNZSVnbBlqudT2nVjfDIxCLN
 60HAqn2nIKQ_iSbaM8UMobLvB9CMhuCU7mrs093EVMeDJf1tjxdZ35O8gDOJ
 o1mLJPev62H_3xb3eP_yP5LNY9YziN8bvRmHBL0dlGidqpDbsscVx0rlG3Go
 JopkP.2Rp5YwTBTbj_9LZwND.6sRQr43Gx4LR_P7cT77MrhA0ud2LTB9DnWz
 QgsntWaW6tItvVbyqj924KG4sGzYCMn7M0aaPGDExbUEXaphwl912NgF6Vhu
 g_YNSKj7lFJ5uf23vjQMZl5hTgfgHab.cyn8.nomol9ZVXvzJh9MLLV0Czz3
 yFl8u78tu_OAPHdc1ET0LN8BwqP_yhi1YPq4DedwiLy8c8L1T4st5OugfcvT
 yt8pBxZzI0wRLHoh_.nbzH98cnlBRDhk4YGeTgE8gcYPSfNdFvPRstX508I_
 SZmerUh96u33hXi4.85tAMaeUx8owA.dNYb4crtdlMM0pPYLUAAvXXoPD3k4
 KBdj2V9b24XagH1SCCHHnCacRbKbXcapRxWnpbCHefmmll71JlKp.pO_DEae
 e36._.dY.ksNAOLUnSgiC_Vh6vAvYbY-
X-Originating-IP: [65.20.0.12]
Authentication-Results: mta1059.bt.mail.ir2.yahoo.com  from=abc.com; domainkeys=neutral (no sig);  from=ndsj.org; dkim=neutral (no sig)
Received: from 127.0.0.1  (EHLO smtpin06.bt.ext.cpcloud.co.uk) (65.20.0.12)
  by mta1059.bt.mail.ir2.yahoo.com with SMTP; Sat, 29 Jun 2013 17:09:36 +0000
Received: from host-89-230-168-19.ostrowmaz.mm.pl (89.230.168.19) by smtpin06.bt.ext.cpcloud.co.uk (8.6.100.03)
        id 51CB2A4D0158039D; Sat, 29 Jun 2013 17:09:35 +0000
Received: from MichaelPC (unverified [89.230.168.19])
      by nectyr.com (SurgeMail 6.4a) with ESMTP id 413425243-1712458
      for <ukangel69@btinternet.com>; Sat, 29 Jun 2013 13:09:39 -0500
From: "INFO - Even Second" <jdon@abc.com>
To: "'Ukangel69'" <ukangel69@btinternet.com>
Subject: What TIME is it?
Date: Sat, 29 Jun 2013 13:09:39 -0500
Message-ID: <000901ce7427$0e6dda70$2e798d80$@com>
MIME-Version: 1.0
Content-Type: multipart/related;
      boundary="----=_NextPart_000_000A_01CE7407.875C3A70"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AQHOc6t86PZOZK/C40ayuLBkSJUrASlLL+PUgAA2WYA=
Content-Language: en-ca


This is a multi-part message in MIME format.

------=_NextPart_000_000A_01CE7407.875C3A70
Content-Type: multipart/alternative;
      boundary="----=_NextPart_001_000B_01CE7407.875C3A70"


------=_NextPart_001_000B_01CE7407.875C3A70
Content-Type: text/plain;
      charset="utf-8"
Content-Transfer-Encoding: 7bit


------=_NextPart_001_000B_01CE7407.875C3A70
Content-Type: text/html;
      charset="utf-8"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" = xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" = xmlns=3D"http://www.w3.org/TR/REC-html40"><head><META = HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Dus-ascii"><meta name=3DGenerator content=3D"Microsoft Word 14 = (filtered medium)"><!--[if !mso]><style>v\:* = {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
      {font-family:Calibri;
      panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
      {font-family:Tahoma;
      panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
      {margin:0in;
      margin-bottom:.0001pt;
      font-size:11.0pt;
      font-family:"Calibri","serif";}
a:link, span.MsoHyperlink
      {mso-style-priority:99;
      color:blue;
      text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
      {mso-style-pri
*** MESSAGE TRUNCATED ***
0
Comment
Question by:EnjoyNet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 7

Expert Comment

by:Mohammed Tahir
ID: 39291722
1- Installed and configure Anti-Spam on your exchange server.
2- Ensure your server is not open to Relay.
0
 

Author Comment

by:EnjoyNet
ID: 39291756
Thank you for quick response.

1. how to do it? We have a barracuda box for email filtering.  What do you suggest we do on Exchange?

Best,
0
 
LVL 7

Expert Comment

by:Mohammed Tahir
ID: 39291920
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:EnjoyNet
ID: 39295048
Thank you for the links.

However we are using Exchange 2003.  How can we do it?

Thanks

EN
0
 
LVL 7

Accepted Solution

by:
Mohammed Tahir earned 1200 total points
ID: 39295634
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 400 total points
ID: 39296428
It isn't clear from your question - is there ANYTHING in that header that related to your network? Forget about the domain name - that is spoofed very easily.
You need to prove that the email is originating from your network.

Installing the antispam agents etc on to Exchange 2003 is a waste of time in my opinion for this issue. You need to be sure the email is actually originating from your system.

You should have port 25 outbound blocked completely, so that only the appliance can send email to the internet.

Simon.
0
 
LVL 10

Assisted Solution

by:Vijaya Babu Sekar
Vijaya Babu Sekar earned 400 total points
ID: 39306704
you can add your own smtp domain in your email gateway block list (like FOPE, Messsage lab, Trend IMSS) so that you can not receive Spoofing from your domain.

Please dont add in your exchange server, if you added, internal mails will be blocked.
0
 

Author Closing Comment

by:EnjoyNet
ID: 39312195
Thank you very much.
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question