RESEND - The first copy didn't seem to make it to the list. Apologies if I
goofed!
Can someone please explain how this SPAM email arrived in several mailboxes
within our organization?
At first glance, it appears to have come from a former employee who hasn't
worked here in years and has long been deleted from all servers (address
SPOOFING).
Some info: Using Exchange server 5.5 with all current patches and we are
not relaying.
What I am wondering is why did this occur (not the first time and it seems
to be increasing) and how can I prevent this from occurring again?
On a somewhat related note, I need to find some way to eliminate (at least)
50% of the tremendous volume of SPAM that arrives in our company but I want
a front-end program (not at individual workstations).
I'm wondering if MIMESWEEPER for SMTP can identify email such as this? Any
thoughts?
- header info (from OPTIONS) - My comments in **
Received from mx1.magmacom.com ([206.191.0.217]) by ntinternet.dipix.com
with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21)
id NH11ZP55; Thu, 20 Jun 2002 00:07:07 -0400
Received from [203.106.238.32] ([203.106.238.32]) ** FROM APNIC-CIDR-BLK
(ASIA) - A KNOWN RELAY SERVER **
by mx1.magmacom.com (Magma's Mail Server) with SMTP id
g5K483Jf000109;
Thu, 20 Jun 2002 00:08:08 -0400 (EDT)
X-Authentication-Warning mx1.magmacom.com: [203.106.238.32] didn't use HELO
protocol
** THE SOURCE ATTEMPTED TO AVOID INDENTIFICATION IN ORDER TO RELAY BUT MY
SERVER CAUGHT
AND REJECTED EMAIL BUT WHY DID EXCHANGE SEND AN "OBVIOUS" SPAM TO AN
INTERNAL RECIPIENT? **
>From [EMAIL PROTECTED] ** FORMER EMPLOYEE BUT NOT A VALID ADDRESS - PREFIX
REMOVED **
Subject Refinance and Save $$$
Received from dipix.com by 0YNGCJVC.dipix.com with SMTP for
[EMAIL PROTECTED]; Thu, 20 Jun 2002 00:08:39 -0500
Message-Id <[EMAIL PROTECTED]>
Reply-To [EMAIL PROTECTED]
Date Thu, 20 Jun 2002 00:08:39 -0500
X-Priority 3
To [EMAIL PROTECTED]
Thank you,
Shawn
----------------------------------------------------------------------------
---
Shawn Connelly, Network Engineer. Dipix Technologies Inc.
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
