I have a user who's receiving NDR's for Spam that's being sent out, with
his email address.
I've checked our Exchange server and I can't find a record of the emails
being sent from our server (Not used as a relay).
So that leaves me with either he's got some form of virus that's sending
emails from his machine, or someone is simply spoofing his email
address.
I've done both virus scans (AVG Network) and spyware (SpyBot) and have
come up clean on his machine.. The header is below, and diesn't give any
information as to the originating machine.
Is this most likely someone just sending spam and spoofing the From:
email address?
Thanks
David
Microsoft Mail Internet Headers Version 2.0
Received: from exchange.activewebservices.ru ([83.220.52.195]) by
mail.highersourceaviation.com with Microsoft SMTPSVC(6.0.3790.3959);
Thu, 10 Apr 2008 08:05:50 -0400
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Thu, 10 Apr 2008 16:06:33 +0400
MIME-Version: 1.0
Message-ID: <[EMAIL PROTECTED]>
Subject: Delivery Status Notification (Failure)
X-WatchGuard-Spam-ID: str=0001.0A010206.47FE02CB.00C7,ss=1,fgs=0
X-WatchGuard-Spam-Score: 0, clean; 0, no virus
X-WatchGuard-Mail-From:
Content-Type: multipart/report; report-type=delivery-status;
boundary="9B095B5ADSN=_01C88E7E1C2DC326000161C0exchange.activew"
Return-Path: <>
X-OriginalArrivalTime: 10 Apr 2008 12:05:51.0857 (UTC)
FILETIME=[38B3BE10:01C89B03]
--9B095B5ADSN=_01C88E7E1C2DC326000161C0exchange.activew
Content-Type: text/plain; charset=unicode-1-1-utf-7
--9B095B5ADSN=_01C88E7E1C2DC326000161C0exchange.activew
Content-Type: message/delivery-status
--9B095B5ADSN=_01C88E7E1C2DC326000161C0exchange.activew
Content-Type: message/rfc822
Message-ID: <[EMAIL PROTECTED]>
From: =?koi8-r?B?8NLFxNPUwdfJ1MXM09TXwSDJzs/T1NLBzs7ZyCDLz83Qwc7Jyg==?=
<[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: =?koi8-r?B?9NLVxM/Xz8Ug0NLB188=?=
Date: Thu, 10 Apr 2008 10:18:58 +0000
MIME-Version: 1.0
X-WatchGuard-Spam-ID: str=0001.0A010206.47FE02CB.00C7,ss=1,fgs=0
X-WatchGuard-Spam-Score: 0, clean; 0, no virus
X-WatchGuard-Mail-From:
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0007_01C89B03.024BB251"
------=_NextPart_000_0007_01C89B03.024BB251
Content-Type: text/plain;
charset="koi8-r"
Content-Transfer-Encoding: quoted-printable
------=_NextPart_000_0007_01C89B03.024BB251
Content-Type: text/html;
charset="koi8-r"
Content-Transfer-Encoding: quoted-printable
------=_NextPart_000_0007_01C89B03.024BB251--
--9B095B5ADSN=_01C88E7E1C2DC326000161C0exchange.activew--
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
To subscribe: http://e-newsletters.internet.com/discussionlists.html/
To unsubscribe send a blank email to [EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
To unsubscribe via postal mail, please contact us at:
Jupitermedia Corp.
Attn: Discussion List Management
475 Park Avenue South
New York, NY 10016
Please include the email address which you have been contacted with.
