the pain comes later when I'm home alone. -- ME2
On Wed, Jul 22, 2009 at 11:18 AM, Andy Shook<[email protected]> wrote: > ME2 and I both do it, it's painless and works > > > > > > Hmmmm…. > > > > Shook > > > > From: Sherry Abercrombie [mailto:[email protected]] > Sent: Wednesday, July 22, 2009 11:18 AM > To: MS-Exchange Admin Issues > Subject: Re: Making sure all can read... (was RE: 2k3 message > tracking-Resolved) > > > > Why not use gmail for reading mailing lists. ME2 and I both do it, it's > painless and works..... > > On Wed, Jul 22, 2009 at 9:20 AM, Jason Gurtz <[email protected]> wrote: > > All: > > Because Listserv seems to subtly break mime headers, posting to the list > in anything other than a plain-text 8-bit charset will likely result in > some people being unable to read your message. Also, sending mail in UTF > will cause those who use Eudora to Kvetch endlessly until you fix your > posting style (but don't EVER suggest they switch to something that's > supported!) ;) > > I sure am glad I don't use my gmail for reading mailing lists! > > ~JasonG > >> -----Original Message----- >> From: Peter van Houten [mailto:[email protected]] >> Sent: Wednesday, July 22, 2009 09:54 >> To: MS-Exchange Admin Issues >> Subject: Re: 2k3 message tracking-Resolved >> >> You have to be joking! >> >> Jason G. help him... >> >> -- >> Peter van Houten >> >> On the 22/07/2009 15:48, [email protected] wrote the >> following: >> > +ADw-html xmlns:v+AD0AIg-urn:schemas-microsoft-com:vml+ACI- >> > xmlns:o+AD0AIg-urn:schemas-microsoft-com:office:office+ACI- >> > xmlns:w+AD0AIg-urn:schemas-microsoft-com:office:word+ACI- >> > xmlns:m+AD0AIg-http://schemas.microsoft.com/office/2004/12/omml+ACI- >> > xmlns+AD0AIg-http://www.w3.org/TR/REC-html40+ACIAPg- +ADw-head+AD4- >> > +ADw-meta http-equiv+AD0-Content-Type content+AD0AIg-text/html+ADs- >> > charset+AD0-utf-7+ACIAPg- +ADw-meta name+AD0-Generator >> > content+AD0AIg-Microsoft Word 12 (filtered medium)+ACIAPg- >> > +ADwAIQ---+AFs-if +ACE-mso+AF0APg- +ADw-style+AD4- v+AFw-:+ACo- >> > +AHs-behavior:url(+ACM-default+ACM-VML)+ADsAfQ- o+AFw-:+ACo- >> > +AHs-behavior:url(+ACM-default+ACM-VML)+ADsAfQ- w+AFw-:+ACo- >> > +AHs-behavior:url(+ACM-default+ACM-VML)+ADsAfQ- .shape >> > +AHs-behavior:url(+ACM-default+ACM-VML)+ADsAfQ- +ADw-/style+AD4- >> > +ADwAIQBb-endif+AF0---+AD4- +ADw-style+AD4- +ADwAIQ--- /+ACo- Font >> > Definitions +ACo-/ +AEA-font-face +AHs-font-family:Calibri+ADs- >> > panose-1:2 15 5 2 2 2 4 3 2 4+ADsAfQ- +AEA-font-face >> > +AHs-font-family:Tahoma+ADs- panose-1:2 11 6 4 3 5 4 4 2 4+ADsAfQ- >> > /+ACo- Style Definitions +ACo-/ p.MsoNormal, li.MsoNormal, >> div.MsoNormal >> > +AHs-margin:0in+ADs- margin-bottom:.0001pt+ADs- font-size:11.0pt+ADs- >> > font-family:+ACI-Calibri+ACI-,+ACI-sans-serif+ACIAOwB9- a:link, >> > span.MsoHyperlink +AHs-mso-style-priority:99+ADs- color:blue+ADs- >> > text-decoration:underline+ADsAfQ- a:visited, span.MsoHyperlinkFollowed >> > +AHs-mso-style-priority:99+ADs- color:purple+ADs- >> > text-decoration:underline+ADsAfQ- p.MsoPlainText, li.MsoPlainText, >> > div.MsoPlainText +AHs-mso-style-priority:99+ADs- >> > mso-style-link:+ACI-Plain Text Char+ACIAOw- margin:0in+ADs- >> > margin-bottom:.0001pt+ADs- font-size:10.0pt+ADs- >> > font-family:+ACI-Arial+ACI-,+ACI-sans-serif+ACIAOwB9- p.MsoAcetate, >> > li.MsoAcetate, div.MsoAcetate +AHs-mso-style-priority:99+ADs- >> > mso-style-link:+ACI-Balloon Text Char+ACIAOw- margin:0in+ADs- >> > margin-bottom:.0001pt+ADs- font-size:8.0pt+ADs- >> > font-family:+ACI-Tahoma+ACI-,+ACI-sans-serif+ACIAOwB9- >> > span.PlainTextChar +AHs-mso-style-name:+ACI-Plain Text Char+ACIAOw- >> > mso-style-priority:99+ADs- mso-style-link:+ACI-Plain Text+ACIAOw- >> > font-family:+ACI-Arial+ACI-,+ACI-sans-serif+ACIAOwB9- >> > span.BalloonTextChar +AHs-mso-style-name:+ACI-Balloon Text > Char+ACIAOw- >> > mso-style-priority:99+ADs- mso-style-link:+ACI-Balloon Text+ACIAOw- >> > font-family:+ACI-Tahoma+ACI-,+ACI-sans-serif+ACIAOwB9- .MsoChpDefault >> > +AHs-mso-style-type:export-only+ADsAfQ- +AEA-page Section1 >> > +AHs-size:8.5in 11.0in+ADs- margin:1.0in 1.0in 1.0in 1.0in+ADsAfQ- >> > div.Section1 +AHs-page:Section1+ADsAfQ- --+AD4- +ADw-/style+AD4- >> > +ADwAIQ---+AFs-if gte mso 9+AF0APgA8-xml+AD4- +ADw-o:shapedefaults >> > v:ext+AD0AIg-edit+ACI- spidmax+AD0AIg-2050+ACI- /+AD4- >> > +ADw-/xml+AD4APAAhAFs-endif+AF0---+AD4APAAh---+AFs-if gte mso >> > 9+AF0APgA8-xml+AD4- +ADw-o:shapelayout v:ext+AD0AIg-edit+ACIAPg- >> > +ADw-o:idmap v:ext+AD0AIg-edit+ACI- data+AD0AIg-1+ACI- /+AD4- >> > +ADw-/o:shapelayout+AD4APA-/xml+AD4APAAhAFs-endif+AF0---+AD4- >> > +ADw-/head+AD4- +ADw-body lang+AD0-EN-US link+AD0-blue >> > vlink+AD0-purple+AD4- +ADw-div class+AD0-Section1+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4-If they used the mailbox (Outlook or OWA) >> > you'd see something in sent items. +ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- >> > +ADw-p class+AD0-MsoPlainText+AD4-This telnet is from my workstation > to >> > one of our bridgeheads to a hotmail account. It isn+IBk-t in my sent >> > items but the hotmail account got it. >> > +ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4-I+IBk-d guess the script used did the same >> > thing, just a whole lot faster+ACEAPA-o:p+AD4APA-/o:p+AD4APA-/p+AD4- >> > +ADw-p >> > class+AD0-MsoPlainText+AD4APA-o:p+AD4AJg-nbsp+ADsAPA-/o:p+AD4APA- >> /p+AD4- >> > +ADw-p class+AD0-MsoPlainText+AD4-.+ADw-img width+AD0-383 height+AD0- >> 242 >> > id+AD0AIg-Picture+AF8-x0020+AF8-1+ACI- >> > src+AD0AIg-cid:image003.jpg+AEA-01CA0AB1.8E1A0700+ACIAPgA8-o:p+AD4APA- >> /o:p+AD4APA-/p+AD4- >> > +ADw-p >> > class+AD0-MsoPlainText+AD4APA-o:p+AD4AJg-nbsp+ADsAPA-/o:p+AD4APA- >> /p+AD4- >> > +ADw-p class+AD0-MsoPlainText+AD4------Original Message-----+ADw- >> br+AD4- >> > From: Glen Johnson +AFs-mailto:gjohnson+AEA-vhcc.edu+AF0- +ADw-br+AD4- >> > Sent: Wednesday, July 22, 2009 9:08 AM+ADw-br+AD4- To: MS-Exchange >> Admin >> > Issues+ADw-br+AD4- Subject: RE: 2k3 message >> > tracking-Resolved+ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4APA-o:p+AD4AJg-nbsp+ADsAPA-/o:p+AD4APA- >> /p+AD4- >> > +ADw-p class+AD0-MsoPlainText+AD4-Thanks to all for the >> > suggestions.+ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4-I finally had time to work on this more and >> > found where the two users had replied to phishing emails, provided >> their >> > user name and password.+ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4-Looks like the phishers have a script that >> > runs against owa and sends out all the >> > spam.+ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4-The guilty users are being dealt with by >> > their supervisors.+ACY-nbsp+ADs- I suggested a clue-by-four upside the >> > head as they been through security training(twice) that addresses this >> > exact issue.+ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4-Oh well, job >> > security.+ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4-One last >> > question.+ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4-Is it possible to tell if the email were >> > dumped into the exchange server via owa or an outlook >> > client.+ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4-I'm not seeing any reference to Outlook in >> > the messages so I'm leaning towards >> > OWA.+ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4APA-o:p+AD4AJg-nbsp+ADsAPA-/o:p+AD4APA- >> /p+AD4- >> > +ADw-p class+AD0-MsoPlainText+AD4------Original >> > Message-----+ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4-From: Jason Gurtz >> > +AFs-mailto:jasongurtz+AEA-npumail.com+AF0- >> > +ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4-Sent: Tuesday, July 21, 2009 3:49 >> > PM+ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4-To: MS-Exchange Admin >> > Issues+ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4-Subject: RE: 2k3 message >> > tracking+ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4APA-o:p+AD4AJg-nbsp+ADsAPA-/o:p+AD4APA- >> /p+AD4- >> > +ADw-p class+AD0-MsoPlainText+AD4AJg-gt+ADs- When I reset the password >> > on the two accounts that were sending all >> > the+ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4AJg-gt+ADs- spam, it stopped and hasn+IBk-t >> > returned so the only conclusion I+IBk-ve come >> > up+ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4AJg-gt+ADs- with is that these two accounts >> > got their password stolen, and then >> > some+ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4AJg-gt+ADs- script or bot accessed their OWA >> > account and sent all the spam.+ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- > +ADw- >> p >> > class+AD0-MsoPlainText+AD4AJg-gt+ADsAPA-o:p+AD4AJg-nbsp+ADsAPA- >> /o:p+AD4APA-/p+AD4- >> > +ADw-p class+AD0-MsoPlainText+AD4AJg-gt+ADs- Does that sound >> > possible/logical?+ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4APA-o:p+AD4AJg-nbsp+ADsAPA-/o:p+AD4APA- >> /p+AD4- >> > +ADw-p class+AD0-MsoPlainText+AD4-Sounds like the users where phished >> > and from what I've heard, this is >> > very+ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4-common at edu's.+ACY-nbsp+ADs- You might >> want >> > to check out installing something like >> > +ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4-Untangle which has an anti-phishing filter >> > +ACY-lt+ADs-http://www.untangle.com/+ACY-gt+ADs- in >> > +ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4-front of your mail >> > server(s).+ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4APA-o:p+AD4AJg-nbsp+ADsAPA-/o:p+AD4APA- >> /p+AD4- >> > +ADw-p class+AD0-MsoPlainText+AD4-If you're motivated enough to > install >> > a Linux based mail gateway you may+ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- >> > +ADw-p class+AD0-MsoPlainText+AD4-be +ADw-o:p+AD4APA-/o:p+AD4APA- >> /p+AD4- >> > +ADw-p class+AD0-MsoPlainText+AD4-able to use this nifty scanning >> > software called Kochi which actually >> > tries+ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4-to authenticate to your >> > AD:+ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4AJg-lt+ADs- >> http://oss.lboro.ac.uk/kochi1.html+ACY-gt+ADsAPA-o:p+AD4APA-/o:p+AD4APA- >> /p+AD4- >> > +ADw-p >> > class+AD0-MsoPlainText+AD4APA-o:p+AD4AJg-nbsp+ADsAPA-/o:p+AD4APA- >> /p+AD4- >> > +ADw-p class+AD0-MsoPlainText+AD4-I guess there's some client based >> > tools too to stem the flow of passwords >> > +ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4-through the browser, check out the > Wikipedia >> > article for a list of things+ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- +ADw-p >> > class+AD0-MsoPlainText+AD4-to +ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- > +ADw- >> p >> > class+AD0-MsoPlainText+AD4-try: >> > > http://en.wikipedia.org/wiki/Anti-phishing+AF8-software+ADw-o:p+AD4APA- >> /o:p+AD4APA-/p+AD4- >> > +ADw-p >> > class+AD0-MsoPlainText+AD4APA-o:p+AD4AJg-nbsp+ADsAPA-/o:p+AD4APA- >> /p+AD4- >> > +ADw-p >> > > class+AD0-MsoPlainText+AD4Afg-JasonG+ADw-o:p+AD4APA-/o:p+AD4APA-/p+AD4- >> > +ADw-p >> > class+AD0-MsoPlainText+AD4APA-o:p+AD4AJg-nbsp+ADsAPA-/o:p+AD4APA- >> /p+AD4- >> > +ADw-p >> > class+AD0-MsoPlainText+AD4APA-o:p+AD4AJg-nbsp+ADsAPA-/o:p+AD4APA- >> /p+AD4- >> > +ADw-/div+AD4- +ADw-/body+AD4- +ADw-/html+AD4- > > > > > > -- > Sherry Abercrombie > > "Any sufficiently advanced technology is indistinguishable from magic." > Arthur C. Clarke
