Or vice versa - someone used us (bordersgroupinc.com) as a bogus return address (aaaa@, [EMAIL PROTECTED]) to spam another company (again, [EMAIL PROTECTED]) so we got lots of NDRs from this other company. (~40,000/hour)
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fyodorov, Andrey Sent: Wednesday, January 07, 2004 3:45 PM To: Exchange Discussions Subject: RE: getting heaps of spams Are they NDRs going to places like Yahoo? Someone could be using you to generate a "reverse" relay. Basically they deliberately stuff the messages with From addresses of the actual victims and send those messages to the bogus addresses at your domain. This generates the NDRs that then bounce back to their "originators", spamming them. Another theory is that they are spamming you with a dictionary type attack (generating all sorts of string combinations) hoping to hit valid addresses in your domain, and using bogus From addresses. For every successful hit there are a ton of failed attempts that result in NDRs that are now heading back to bogus Yahoo addresses. Sincerely, Andrey Fyodorov, Exchange MVP Systems Engineer Messaging and Collaboration Spherion -----Original Message----- From: Jees [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 06, 2004 6:49 PM To: Exchange Discussions Subject: RE: getting heaps of spams James, few of these emails are directed to my domain, however the large portion of these junkies are going to third part emails, like Yahoo etc. Many thanks. --- "Blunt, James H (Jim)" <[EMAIL PROTECTED]> wrote: > Just because he is getting 4000 NDR's an hour still > doesn't indicate that he > is an open relay. It simply means that someone > spamming his domain name is > trying to brute-force the spam through in mass > quantities (probably ~50,000 > at a time) by appending every combination they can > think of, to the left of > his domain name (e.g., [EMAIL PROTECTED], > [EMAIL PROTECTED], [EMAIL PROTECTED], > etc.). > > -----Original Message----- > From: Bailey, Matthew [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 06, 2004 6:54 AM > To: Exchange Discussions > Subject: RE: getting heaps of spams > > > Are you dealing with Spam received in the Inbox of > your users or 4000 NDRs > per hour? The answer to this question will really > tell you what you need to > do. If you are receiving 4000 messages per hour in > your user's mailboxes > then you REALLY need a Spam filtering solution (we > use SurfControl's product > and love it). If your postmaster mailbox is filled > with 4000 NDR's, then you > need to close the open relay. (and still consider > getting a spam filtering > product). > > My $0.02, > > - Matt > > -----Original Message----- > From: Jees [mailto:[EMAIL PROTECTED] > Sent: Monday, January 05, 2004 7:16 PM > To: Exchange Discussions > Subject: RE: getting heaps of spams > > > > Ed, thanks for your response. Getting spams on my > exchange is a daily retual to me, however, not as > much > as 4000 or more spam emails withing the hour. > > Last time, when i had such a high volume of spam, we > had a look at \\exchange server\tracking.log and > figured out that one of the exchange server within > the enterprise had open > for relaying. I can't remember now how we worked it > out then, but probably > experienced heaps of entries from the spamming > exchange server. > > Hope i am making sense. > > > > > --- "Ed Crowley [MVP]" <[EMAIL PROTECTED]> wrote: > > You can be completely relay secure yet get > bombarded > > with spam. All > > Exchange servers will let spam through. Looking > at > > the Internet headers of > > each message will show the stamps of the servers > > which handled the message. > > > > Ed Crowley MCSE+Internet MVP > > Freelance E-Mail Philosopher > > Protecting the world from PSTs and Bricked > Backups!T > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On > > Behalf Of Jees > > Sent: Sunday, January 04, 2004 5:21 PM > > To: Exchange Discussions > > Subject: getting heaps of spams > > > > i have exchange 5.5 sp4 running on win 2k sp4. We > > have number of exchanges > > around the globe that has trusts between them. > > > > I am currently getting tens of thausands of spam > > email, however my exchange > > is tested and has no relying problem. I am > expecting > > one of the exchange > > servers within the global enterprise is open to > > relying. > > > > Can someone tell me how i can check which exchange > > server letting all these > > spam email to drain to my server? > > > > thank you all in advance > > > > __________________________________ > > Do you Yahoo!? > > Find out what made the Top Yahoo! Searches of 2003 > > > http://search.yahoo.com/top2003 > > > > > _________________________________________________________________ > > List posting FAQ: > > http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; > lang > > =english > > To unsubscribe: > > mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > > > > _________________________________________________________________ > > List posting FAQ: > > http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; > lang=english > > To unsubscribe: > > mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > __________________________________ > Do you Yahoo!? > Yahoo! Hotjobs: Enter the "Signing Bonus" > Sweepstakes > http://hotjobs.sweepstakes.yahoo.com/signingbonus > > _________________________________________________________________ > List posting FAQ: > http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; > lang=english > To unsubscribe: > mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > > > > _________________________________________________________________ > List posting FAQ: > http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang > =english > To unsubscribe: > mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: > http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english > To unsubscribe: > mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] __________________________________ Do you Yahoo!? Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
