MIMESweeper for SMTP by Clearswift or eManager by Trend would certainly help get rid a good bit of the SPAM. Will it get rid of everything - probably not. However, it gets rid of a good percentage it would be worth it.
Nate Couch EDS Messaging > ---------- > From: Shawn Connelly > Reply To: [EMAIL PROTECTED] > Sent: Wednesday, June 26, 2002 09:24 > To: [EMAIL PROTECTED] > Subject: unexplainable email header - resend > > RESEND - The first copy didn't seem to make it to the list. Apologies if > I > goofed! > Can someone please explain how this SPAM email arrived in several > mailboxes > within our organization? > > At first glance, it appears to have come from a former employee who hasn't > worked here in years and has long been deleted from all servers (address > SPOOFING). > > Some info: Using Exchange server 5.5 with all current patches and we are > not relaying. > > What I am wondering is why did this occur (not the first time and it seems > to be increasing) and how can I prevent this from occurring again? > > On a somewhat related note, I need to find some way to eliminate (at > least) > 50% of the tremendous volume of SPAM that arrives in our company but I > want > a front-end program (not at individual workstations). > I'm wondering if MIMESWEEPER for SMTP can identify email such as this? > Any > thoughts? > > - header info (from OPTIONS) - My comments in ** > > Received from mx1.magmacom.com ([206.191.0.217]) by ntinternet.dipix.com > with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) > id NH11ZP55; Thu, 20 Jun 2002 00:07:07 -0400 > Received from [203.106.238.32] ([203.106.238.32]) ** FROM APNIC-CIDR-BLK > (ASIA) - A KNOWN RELAY SERVER ** > by mx1.magmacom.com (Magma's Mail Server) with SMTP id > g5K483Jf000109; > Thu, 20 Jun 2002 00:08:08 -0400 (EDT) > X-Authentication-Warning mx1.magmacom.com: [203.106.238.32] didn't use > HELO > protocol > ** THE SOURCE ATTEMPTED TO AVOID INDENTIFICATION IN ORDER TO RELAY BUT MY > SERVER CAUGHT > AND REJECTED EMAIL BUT WHY DID EXCHANGE SEND AN "OBVIOUS" SPAM TO AN > INTERNAL RECIPIENT? ** > From [EMAIL PROTECTED] ** FORMER EMPLOYEE BUT NOT A VALID ADDRESS - > PREFIX > REMOVED ** > Subject Refinance and Save $$$ > Received from dipix.com by 0YNGCJVC.dipix.com with SMTP for > [EMAIL PROTECTED]; Thu, 20 Jun 2002 00:08:39 -0500 > Message-Id <[EMAIL PROTECTED]> > Reply-To [EMAIL PROTECTED] > Date Thu, 20 Jun 2002 00:08:39 -0500 > X-Priority 3 > To [EMAIL PROTECTED] > > > Thank you, > Shawn > > > -------------------------------------------------------------------------- > -- > --- > Shawn Connelly, Network Engineer. Dipix Technologies Inc. > > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
