Exchange Server 2010
Dear
I have critical case in my Organization mail server concerning my mail account ,I Have received many undelivered mails on my mailbox for mails i never sent it before using a fake display name as shown below , also my queue in mail server have full of mails sent it y me and i didnt sent any of these mails , Please advise .
--------------------------
Delivery has failed to these recipients or groups:
dansto@online.no
Your message couldn't be delivered. Try to send it again later. If the problem continues, please contact your helpdesk.
Diagnostic information for administrators:
Generating server: nmmx3.nsc.no
dansto@online.no
#< #5.3.0 X-Unix; 73> #SMTP#
Original message headers:
Return-Path: <ibrahim.nakip@alkancit.co
Received: from mail.alkancit.com (mail.alkancit.com [196.219.1.200]) by
nmmx3.nsc.no (8.14.7/8.14.7) with ESMTP id u7M5qXt0014420
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for
<dansto@online.no>; Mon, 22 Aug 2016 07:52:37 +0200 (MEST)
Received: from fepakaqi (69.9.196.157) by mail.alkancit.com (172.16.1.26) with
Microsoft SMTP Server (TLS) id 14.3.248.2; Mon, 22 Aug 2016 07:44:49 +0200
Message-ID: <F76695393C280C7686CFD65DA
From: Angel <ibrahim.nakip@alkancit.co
Reply-To: Angel <albinamakinna@gmail.com>
To: <selmon_rama@hotmail.com>
Subject: Cheerio
Date: Mon, 22 Aug 2016 06:21:12 -0700
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="utf-8"; reply-type=original
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 15.4.3555.308
X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3555.308
Content-Transfer-Encoding:
X-Xxroufqwki: sw=gld ver=1.2 d=6m tld=com st=win
X-XClient-IP-Addr: 196.219.1.200
Received-SPF: neutral (nmmx3.nsc.no: 196.219.1.200 is neither permitted nor denied by domain of ibrahim.nakip@alkancit.com
X-Scanned-By: MIMEDefang 2.78
I have critical case in my Organization mail server concerning my mail account ,I Have received many undelivered mails on my mailbox for mails i never sent it before using a fake display name as shown below , also my queue in mail server have full of mails sent it y me and i didnt sent any of these mails , Please advise .
--------------------------
Delivery has failed to these recipients or groups:
dansto@online.no
Your message couldn't be delivered. Try to send it again later. If the problem continues, please contact your helpdesk.
Diagnostic information for administrators:
Generating server: nmmx3.nsc.no
dansto@online.no
#< #5.3.0 X-Unix; 73> #SMTP#
Original message headers:
Return-Path: <ibrahim.nakip@alkancit.co
Received: from mail.alkancit.com (mail.alkancit.com [196.219.1.200]) by
nmmx3.nsc.no (8.14.7/8.14.7) with ESMTP id u7M5qXt0014420
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for
<dansto@online.no>; Mon, 22 Aug 2016 07:52:37 +0200 (MEST)
Received: from fepakaqi (69.9.196.157) by mail.alkancit.com (172.16.1.26) with
Microsoft SMTP Server (TLS) id 14.3.248.2; Mon, 22 Aug 2016 07:44:49 +0200
Message-ID: <F76695393C280C7686CFD65DA
From: Angel <ibrahim.nakip@alkancit.co
Reply-To: Angel <albinamakinna@gmail.com>
To: <selmon_rama@hotmail.com>
Subject: Cheerio
Date: Mon, 22 Aug 2016 06:21:12 -0700
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="utf-8"; reply-type=original
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 15.4.3555.308
X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3555.308
Content-Transfer-Encoding:
X-Xxroufqwki: sw=gld ver=1.2 d=6m tld=com st=win
X-XClient-IP-Addr: 196.219.1.200
Received-SPF: neutral (nmmx3.nsc.no: 196.219.1.200 is neither permitted nor denied by domain of ibrahim.nakip@alkancit.com
X-Scanned-By: MIMEDefang 2.78
ASKER
Yes I have access to DNS record but you mean DNS for mail server or What?
Wherever you edit your MX record...
You're getting bounced e-mails because somebody is spoofing your e-mail address.
>Delivery has failed to these recipients or groups:
>dansto@online.no
It seems that you're using an online mail provider by the name of "Telenor"? I don't speak Norwegian but this seems to be a telecom provider of some sorts?
If you're a customer of Telenor and you should ask them to protect their mailservers using SPF/DKIM because you can't do that yourself for a shared e-mail domain.
If you're actually working for Telenor, then ... what can say?
>Delivery has failed to these recipients or groups:
>dansto@online.no
It seems that you're using an online mail provider by the name of "Telenor"? I don't speak Norwegian but this seems to be a telecom provider of some sorts?
If you're a customer of Telenor and you should ask them to protect their mailservers using SPF/DKIM because you can't do that yourself for a shared e-mail domain.
If you're actually working for Telenor, then ... what can say?
ASKER
Dear
I have my own mail servers , and have never deal with this(Telenor) before
I have my own mail servers , and have never deal with this(Telenor) before
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 15.4.3555.308
X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3555.308
Content-Transfer-Encoding:quoted-printable
X-Xxroufqwki: sw=gld ver=1.2 d=6m tld=com st=win
X-XClient-IP-Addr: 196.219.1.200
Received-SPF: neutral (nmmx3.nsc.no: 196.219.1.200 is neither permitted nor denied by domain of ibrahim.nakip@alkancit.com)
It seems that someone use windows live mail to spoof your email? Does 192.2191.200 is your mail server ip address?
In your question you posted the headers that were part of the generated diagnostic information.
It would be interesting to see the actual headers of such a bounced e-mail, to see the path how these messages actually end up at your server. To do this, open such a message in outlook, then go to file->properties and copy the headers at the bottom of the window.
It would be interesting to see the actual headers of such a bounced e-mail, to see the path how these messages actually end up at your server. To do this, open such a message in outlook, then go to file->properties and copy the headers at the bottom of the window.
ASKER
Dear suriyaehnop
Yes my Mail Server IP 196.219.1.200
Yes my Mail Server IP 196.219.1.200
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks
Have you got an SPF, DKIM and DMARC record set in your DNS zone file?
Do you have access to your DNS record?