Ah, well your first note did not hint at that. So, it sounds like mail is being sent using a valid smtp string, and that perhaps the address line is not the to field but oen of the two copy fields.
Most such things are not attacks, but rather accidents. This sounds like an automailer script gone awry, with maybe 50/50 shot that it is acutally internal. Add, whether internal or not, there is probably an 80% shot that it is tied to a web server (a highly common source of sloppy code). Trap the mailer daemon events on your gateway and see if it leads you to the source. The exact syntax of the smtp string will tell you the path through DNS MX record resolution. If your FQN's are different from your external MX presentation (normal if you are rewriting the strings), you can save a few steps. -----Original Message----- From: Callan, Chris [mailto:[EMAIL PROTECTED]] Sent: Monday, April 22, 2002 1:06 PM To: Exchange Discussions Subject: RE: Email Accounts Because of the fact that this is now running rampant through my exchange site. It appears an outside site has been sending this crap all day. -----Original Message----- From: Dupler, Craig [mailto:[EMAIL PROTECTED]] Sent: Monday, April 22, 2002 4:02 PM To: Exchange Discussions Subject: RE: Email Accounts Why are you convinced that something is wrong? -----Original Message----- From: Callan, Chris [mailto:[EMAIL PROTECTED]] Sent: Monday, April 22, 2002 12:56 PM To: Exchange Discussions Subject: RE: Email Accounts Okay, guys I need some help here, an e-mail was just forward to me from one of my HelpDesk guys. An internal user was sent an e-mail from another internal user, but the From line doesn't show the Exchange name. it shows the SMTP address, and the first part of the smtp address. In the sent line there is no time when it was sent. It just says none. Now I think someone relayed into my exchange server, but how would I go about getting this situation identified and rectified. Chris _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
