Spammer sends the spam to your domain using a 'known' bad address. He sets each spam to have a 'from' address of who he really wants to spam. The bounce goes back to the victim from your server, spam delivered.
Set your message policy to check active directory for incoming. Stops this problem and cleans up your queue big time. JK -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mellott, Bill Sent: Wednesday, May 19, 2004 10:53 AM To: Exchange Discussions Subject: Relaying?? - Spam? via [EMAIL PROTECTED] address?? Interesting situation... I've got a SBS2003 machine at a location... Running Trenmicro Scanmaiil for AV The other day the thing was hammered.... The Badmail folder had 200K+ files in it There where a bunch of smtp queues for lot's of "messages" in them It appeared that some entity....was "relaying"????? By using the [EMAIL PROTECTED] address Yes the SBS is set NOT to relay..double checked... But it occur's to me that what if some clever spammer did a spoof using the [EMAIL PROTECTED] as the FROM address??? Wouldn't the mail server accept it cause well the domain checks out ok? Any thought's or insites on this? Thanks bill _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
