Read Internet RFC 821. Ed Crowley MCSE+Internet MVP kcCC+I Tech Consultant hp Services Protecting the world from PSTs and Bricked Backups!
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Shawn Connelly Sent: Wednesday, June 26, 2002 7:25 AM To: Exchange Discussions Subject: unexplainable email header - resend RESEND - The first copy didn't seem to make it to the list. Apologies if I goofed! Can someone please explain how this SPAM email arrived in several mailboxes within our organization? At first glance, it appears to have come from a former employee who hasn't worked here in years and has long been deleted from all servers (address SPOOFING). Some info: Using Exchange server 5.5 with all current patches and we are not relaying. What I am wondering is why did this occur (not the first time and it seems to be increasing) and how can I prevent this from occurring again? On a somewhat related note, I need to find some way to eliminate (at least) 50% of the tremendous volume of SPAM that arrives in our company but I want a front-end program (not at individual workstations). I'm wondering if MIMESWEEPER for SMTP can identify email such as this? Any thoughts? - header info (from OPTIONS) - My comments in ** Received from mx1.magmacom.com ([206.191.0.217]) by ntinternet.dipix.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id NH11ZP55; Thu, 20 Jun 2002 00:07:07 -0400 Received from [203.106.238.32] ([203.106.238.32]) ** FROM APNIC-CIDR-BLK (ASIA) - A KNOWN RELAY SERVER ** by mx1.magmacom.com (Magma's Mail Server) with SMTP id g5K483Jf000109; Thu, 20 Jun 2002 00:08:08 -0400 (EDT) X-Authentication-Warning mx1.magmacom.com: [203.106.238.32] didn't use HELO protocol ** THE SOURCE ATTEMPTED TO AVOID INDENTIFICATION IN ORDER TO RELAY BUT MY SERVER CAUGHT AND REJECTED EMAIL BUT WHY DID EXCHANGE SEND AN "OBVIOUS" SPAM TO AN INTERNAL RECIPIENT? ** From [EMAIL PROTECTED] ** FORMER EMPLOYEE BUT NOT A VALID ADDRESS - PREFIX REMOVED ** Subject Refinance and Save $$$ Received from dipix.com by 0YNGCJVC.dipix.com with SMTP for [EMAIL PROTECTED]; Thu, 20 Jun 2002 00:08:39 -0500 Message-Id <[EMAIL PROTECTED]> Reply-To [EMAIL PROTECTED] Date Thu, 20 Jun 2002 00:08:39 -0500 X-Priority 3 To [EMAIL PROTECTED] Thank you, Shawn ------------------------------------------------------------------------ ---- --- Shawn Connelly, Network Engineer. Dipix Technologies Inc. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
