Exchange 2010
Hi there,
I have a big problem in my enterprise.
We receive many spams on mailbox or diffusion lists.
I tried to test my server with openrelay, it's good.
I tried to find the source of those attacks :
50 attacks in only one minute from the same "bot"??
Seems to be external.
On our Forefront Exchange protection 2010, i got this:
Antispam block them, but sometimes, spams can bypass our antispam.
(Antispam is well configured.)
I can't blacklist those spams with theirs keywords or content... they use words that are commonly used in our enterprise.
Can you help me to find the source of this spam, maybe internal?
I have a big problem in my enterprise.
We receive many spams on mailbox or diffusion lists.
I tried to test my server with openrelay, it's good.
I tried to find the source of those attacks :
50 attacks in only one minute from the same "bot"??
Seems to be external.
On our Forefront Exchange protection 2010, i got this:
Antispam block them, but sometimes, spams can bypass our antispam.
(Antispam is well configured.)
I can't blacklist those spams with theirs keywords or content... they use words that are commonly used in our enterprise.
Can you help me to find the source of this spam, maybe internal?
Murali Reddy
You will get it from the IP source (sender IP and Host) of the message header or Exchange Tracking logs or get it from the forfront Message details section and blocklist accordingly.
ASKER
Yes I know : 
Come from external source...
How to block them?
Could it be computers in our internal network the causes of those spams?
Spams never comes from the same IP...
Come from external source...
How to block them?
Could it be computers in our internal network the causes of those spams?
Spams never comes from the same IP...
If it is from your internal network, I doubt the message would go to forfront or any higeine system.
ASKER
Ok, thanks for your answer. How to block them... add baracuda?
Problem on our TMG, or rules?
Problem on our TMG, or rules?
Add them to the blocklist, on whatever the external higiene system you are using to filter out your emails.
Rules will still allow the emails to come into your network, I wont suggets that.
Rules will still allow the emails to come into your network, I wont suggets that.
ASKER
But... spams are always different, email address, IP, subject, attached file is always different.
Every day news spams will come up...
Every day news spams will come up...
That depends on how good the spam engines updating to the latest defenitions. Check with your higiene solution provider or alter you spam rules little vigorous.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.