Do you reject spam? Or is it possible that one or more machines at your site are infected? Do the headers indicate that the spam is definitely being sent from your server to HQ?
-----Original Message----- From: M Bruyere [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 7:40 AM To: MS-Exchange Admin Issues Subject: [JUNK] problem with messagelabs Hi guys, I have a problem sending messages to a site (our HQ) that is protected by Messagelabs. In fact the problem is that they are throttling our connections because they say that we re sending spam. They provided the following samples to prove their point. After looking at all the configs and all, I can't see how we could be sending those. I suspect that the informations are spoofed "a la joe job" and that's what affect us. Anyone can give me any inputs on how to deal with this because I can't find anything wrong on our system and they keep throttling over and over limiting the contacts from our site ti the HQ, which is at the very least annoying. If you have any ideas that could help me to stop this from happening, it would be very appreciated. Please note that the domain name has been changed. You can contact me off list if you need/want more specific details. //Spam sample 1 Received: from desktop3 ([190.40.182.39]) by mail.MY_DOMAIN.com with Microsoft SMTPSVC(6.0.3790.0); Mon, 7 Jan 2008 19:42:52 -0500 Received: from 60.52.18.165 (HELO localhost.localdomain) (63.51.17.146) by 64.53.15.110 with SMTP; Mon, 7 Jan 2008 19:42:35 +0500 Date: Mon, 7 Jan 2008 19:42:35 +0500 Message-Id: <[EMAIL PROTECTED]> X-Mailer: MIME::Lite 3.01 (F2.72; A1.62; B3.01; Q3.01) X-Header-CompanyDBUserName: hpccm X-Header-MasterId: 072480 X-Header-Versions: [EMAIL PROTECTED] X-FID: 51E85DBC-2586-39AF-B9E4-67CDEA83DCB2 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: <[EMAIL PROTECTED]> From: "Marvin Casey" <[EMAIL PROTECTED]> Subject: Re: Your Mortgage Refiinance Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 08 Jan 2008 00:42:52.0344 (UTC) FILETIME=[66978B80:01C8518F] Morttggage - lower your rrate! http://0rz.tw/563qc //Spam sample 2 Received: from sufi-isis.org ([85.104.221.208]) by mail.MY_DOMAIN.com with Microsoft SMTPSVC(6.0.3790.0); Sun, 6 Jan 2008 08:34:53 -0500 Return-Path: <[EMAIL PROTECTED]> Received: from 206.191.20.150 (HELO magmail.travelgolf.com) by MY_DOMAIN.com with esmtp (VZSFHPFSL NTVJQ) id NzHz8i-bE58PW-p5 for [EMAIL PROTECTED]; Sun, 06 Jan 2008 15:34:55 +0200 Message-ID: <[EMAIL PROTECTED]> From: "Rosalind J. Cody" <[EMAIL PROTECTED]> To: "Concetta V. Baez" <[EMAIL PROTECTED]> Subject: Get the biggest s'e)x organ in the neighborhood! Date: Sun, 06 Jan 2008 15:34:55 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_5463_15C1_01C85079.AFCF6A50" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2527 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 X-OriginalArrivalTime: 06 Jan 2008 13:34:55.0133 (UTC) FILETIME=[EC4CB4D0:01C85068] This is a multi-part message in MIME format. ------=_NextPart_5463_15C1_01C85079.AFCF6A50 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable potential for monopoly=2E To counter the arguments thatrecalled the incid= ent=2E "It looks like one of Maximize the volume of your dic'k by New Year! Great New Year prices for our super-p!ll will be a pleasant surprise for = you! Don't miss it out! Our offer is definitely worth your keen interest! Check our amazing prices now! http://Effesitables=2Ecom/ contact some crisis management people," said Davidlisteners in each local= radio market in America=2E"around 100 passengers when it attempted to be= rth at aof last year=2E In the West Coast, its 25 percent and National Football League=2E I'd like to thank all myhas visited the White= House in 24 years=2Eshowed even a rate of 100% spam=2E ------=_NextPart_5463_15C1_01C85079.AFCF6A50 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4=2E0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; charset=3Dus-ascii"= > <META content=3D"MSHTML 6=2E00=2E2900=2E2527" name=3DGENERATOR> <STYLE type=3D"text/css"> =2Estyle2 {font-size: 10px; color: #8d8d8d;} =2Em {font-family: tahoma; font-size: 12; color: #5C9CBC; font-weight: bo= ld;} =2Ez {font-family: tahoma; font-size: 14; color: #cc0000; font-weight: bo= ld;} =2Ei {font-family: tahoma; font-size: 12; color: #626262; font-weight: bo= ld;} =2Ex {font-family: tahoma; font-size: 12;font-weight: bold;color:#cc0000}= body {background-color: #FFFFFF; color: #2B3235; </STYLE> </HEAD> <BODY><span class=3D"style2">=20 <br>potential for monopoly=2E To counter the arguments thatrecalled the i= ncident=2E "It looks like one of</span>=20 <br><br> <table> <tr> <td valign=3D"top"><div style=3D"height:89px;width:223px;backgro= und:url(http://www=2Edoctorsmedicalgroup=2Ecom/skins/Skin_6/images/img-d m= gsbtryitfree=2Egif)"></div></td> <td width=3D"15"></td> <td valign=3D"top"> <span class=3D"z">Maximize the volume of your dic'k by New Year!</span><b= r><br> Great New Year prices for our super-p!ll will be a pleasant surprise for = you!<br> <b>Don't miss it out! Our offer is definitely worth your keen interest!</= b> <br><a href=3D"http://Effesitables=2Ecom/";><b>Check our amazing prices no= w!</b></a><br><br> </td> </tr> </table><br> <br><span class=3D"style2">contact some crisis management people," said D= avidlisteners in each local radio market in America=2E"around 100 passeng= ers when it attempted to berth at aof last year=2E In the West Coast, its= 25 percent and<br>National Football League=2E I'd like to thank all myha= s visited the White House in 24 years=2Eshowed even a rate of 100% spam=2E= </span><BR> ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ <BR> ~ http://www.sunbeltsoftware.com/Ninja ~ <BR> ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ <BR> ~ http://www.sunbeltsoftware.com/Ninja ~ </BODY></HTML> ------=_NextPart_5463_15C1_01C85079.AFCF6A50-- //Spam Sample 3 Received: from loboxvnh8zkwfs ([88.207.56.176]) by mail.MY_DOMAIN.com with Microsoft SMTPSVC(6.0.3790.0); Sun, 6 Jan 2008 08:35:17 -0500 From: "Mcbride, Norman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Date: Sun, 6 Jan 2008 14:35:00 -0100 Subject: Hot off the press. MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit Return-Path: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> X-OriginalArrivalTime: 06 Jan 2008 13:35:17.0617 (UTC) FILETIME=[F9B37E10:01C85068] Looking for a company with some good news? Here's one! GCME has more News that came. Looks like G C M E is not willing to miss a beat! SYMBOL: GCME CURRENT PRICE: $0.11 Short-Term : $.60-$1.00 Last Time We Issued A Alert We SAw 200-300% Gains in 1 Day. Please let me know if you ahve any questions regarding this. Thanks!
