troubleshooting Question

Exchange 2013 spam

Avatar of Jean-François Guénet
Jean-François GuénetFlag for Canada asked on
AntiSpamExchange
21 Comments1 Solution1022 ViewsLast Modified:
Can someone explain me how to block this king of spam please

It's a spam that came from outside but look like it was send by a user in our domain to another user from our domain

Received: from MYSERVEREXCHANGE.mydomain.ca (192.168.xx.xx) by
 MYSERVEREXCHANGE.mydomain.ca (192.168.xx.xx) with Microsoft SMTP Server
 (TLS) id 15.0.1076.9 via Mailbox Transport; Tue, 23 Aug 2016 13:53:35 -0400
Received: from MYSERVEREXCHANGE.mydomain.ca (192.168.xx.xx) by
 MYSERVEREXCHANGE.mydomain.ca (192.168.xx.xx) with Microsoft SMTP Server
 (TLS) id 15.0.1076.9; Tue, 23 Aug 2016 13:53:35 -0400
Received: from mail.mydomain.ca (192.168.xx.xx) by MYSERVEREXCHANGE
 (192.168.xx.xx) with Microsoft SMTP Server id 15.0.1076.9 via Frontend
 Transport; Tue, 23 Aug 2016 13:53:35 -0400
Received: from localhost (localhost [127.0.0.1])
      by mail.mydomain.ca (Postfix) with ESMTP id 56D127B81B2
      for <accueil@mydomain.ca>; Tue, 23 Aug 2016 13:53:35 -0400 (EDT)
X-MTA-CheckPoint: {57BC8D9F-0-562A8C0-4A0207B6}
X-Control-Analysis: str=0001.0A0B0202.57BC8D9F.0083,ss=1,re=2.100,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
Received: from p3plwbeout10-04.prod.phx3.secureserver.net (p3plsmtp10-04-2.prod.phx3.secureserver.net [97.74.135.188])
      by mail.mydomain.ca (Postfix) with ESMTP id 2F0977B81A4
      for <accueil@mydomain.ca>; Tue, 23 Aug 2016 13:53:35 -0400 (EDT)
Received: from localhost ([97.74.135.154])
      by p3plwbeout10-04.prod.phx3.secureserver.net with bizsmtp
      id ahta1t0013L2auR01htaKy; Tue, 23 Aug 2016 10:53:34 -0700
X-SID: ahta1t0013L2auR01
Received: (qmail 15479 invoked by uid 99); 23 Aug 2016 17:53:34 -0000
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="utf-8"
X-Originating-IP: 192.64.7.98
User-Agent: Workspace Webmail 6.4.6
Message-ID: <20160823105332.e1852152ce3ce8b6263f1dba7a85bb31.cb26e90684.wbe@email10.godaddy.com>
From: " firstname lastname" <firstname.lastname@mydomain.ca>
X-Sender: info@objectifsurveillance.ca
Reply-To: " firstname lastname" <chiefexecutiveoficer@aol.com>
To: <accueil@mydomain.ca>
Subject: Bonjour
Date: Tue, 23 Aug 2016 10:53:32 -0700
MIME-Version: 1.0
Return-Path: info@objectifsurveillance.ca
X-MS-Exchange-Organization-PRD: mydomain.ca
X-MS-Exchange-Organization-SenderIdResult: Fail
Received-SPF: Fail (MYSERVEREXCHANGE.mydomain.ca: domain of
 firstname.lastname@mydomain.ca does not designate 192.168.xx.xx as permitted
 sender) receiver=MYSERVEREXCHANGE.mydomain.ca;
 client-ip=192.168.xx.xx; helo=mail.mydomain.ca;
X-MS-Exchange-Organization-Network-Message-Id: e32d3cd2-b096-4c9c-9430-08d3cb7e67c8
X-MS-Exchange-Organization-Antispam-Report: ContentFilterConfigBypassedSender
X-MS-Exchange-Organization-SCL: -1
X-MS-Exchange-Organization-AuthSource: MYSERVEREXCHANGE.mydomain.ca
X-MS-Exchange-Organization-AuthAs: Anonymous





And second

Why these kind of porn spam is not block :)

Received: from MYSERVEREXCHANGE.mydomain.ca (192.168.xx.xx) by
 MYSERVEREXCHANGE.mydomain.ca (192.168.xx.xx) with Microsoft SMTP Server
 (TLS) id 15.0.1076.9 via Mailbox Transport; Mon, 29 Aug 2016 09:49:29 -0400
Received: from MYSERVEREXCHANGE.mydomain.ca (192.168.xx.xx) by
 MYSERVEREXCHANGE.mydomain.ca (192.168.xx.xx) with Microsoft SMTP Server
 (TLS) id 15.0.1076.9; Mon, 29 Aug 2016 09:49:29 -0400
Received: from mail.mydomain.ca (192.168.100.253) by MYSERVEREXCHANGE
 (192.168.xx.xx) with Microsoft SMTP Server id 15.0.1076.9 via Frontend
 Transport; Mon, 29 Aug 2016 09:49:29 -0400
Received: from localhost (localhost [127.0.0.1])
      by mail.mydomain.ca (Postfix) with ESMTP id 285BB7F0670
      for <firstname.lastname@mydomain.ca>; Mon, 29 Aug 2016 09:49:29 -0400 (EDT)
X-MTA-CheckPoint: {57C43D69-0-462A8C0-386307B6}
X-Control-Analysis: str=0001.0A0B0208.57C43D69.0071,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
Received: from server77-68-38-173.live-servers.net (server77-68-38-173.live-servers.net [77.68.38.173])
      by mail.mydomain.ca (Postfix) with ESMTP id DDA987F0672
      for <firstname.lastname@mydomain.ca>; Mon, 29 Aug 2016 09:49:28 -0400 (EDT)
Received: by server77-68-38-173.live-servers.net (Postfix, from userid 33)
      id B29A0E03836; Mon, 29 Aug 2016 14:49:22 +0100 (BST)
To: <firstname.lastname@mydomain.ca>
Subject: Watch Me Put My Whole Fist In My Snatch
X-PHP-Originating-Script: 33:footer12.php(1968) : eval()'d code
Date: Mon, 29 Aug 2016 14:49:22 +0100
From: Diane Martin <diane_martin@fguk.eu>
Message-ID: <6bb3402c9fe12eff2f5b0483ed7be5ae@fguk.eu>
X-Priority: 3
MIME-Version: 1.0
Content-Type: multipart/alternative;
      boundary="b1_6bb3402c9fe12eff2f5b0483ed7be5ae"
Content-Transfer-Encoding: 8bit
Return-Path: diane_martin@fguk.eu
X-MS-Exchange-Organization-PRD: fguk.eu
X-MS-Exchange-Organization-SenderIdResult: None
Received-SPF: None (MYSERVEREXCHANGE.mydomain.ca: diane_martin@fguk.eu
 does not designate permitted sender hosts)
X-MS-Exchange-Organization-Network-Message-Id: 8d03c9bb-3393-4bbc-c0d1-08d3d0134c87
X-MS-Exchange-Organization-SCL: 3
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report: DV:3.3.5705.600;SID:SenderIDStatus
 None;OrigIP:192.168.100.253
X-MS-Exchange-Organization-AuthSource: MYSERVEREXCHANGE.mydomain.ca
X-MS-Exchange-Organization-AuthAs: Anonymous



Thanks for your help
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 1 Answer and 21 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 21 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros