|
exchange
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Tracking down SpammerHello All!
Exchange 2003. I have a Ironport gateway for mail flow to and from the internet. We were getting blocked because we were sending out spoof spam from accou***@paypal.us I was able to get Ironport to drop everything that didn't come from our domain. My spammer still tries so I'm trying to track down where the spam is coming from inside my domain. It does not bog down my mailbox servers. What is the best way to track where the spam is coming from? It could be coming from one of our mail enabled copiers! I just don't know. Thanks, Tango Hi, Are you sure the message is coming from within your network, it may be a
Joe Job ( http://en.wikipedia.org/wiki/Joe_job ) where the headers are spoofed, if you get a copy of the headers you can see if this is the case. If so consider using an SPF record - http://www.openspf.org/ there is a wizard for SPF records on microsoft.com . The other thing to do is ensure that your servers are not able to open relay, switch the copiers from SMTP to FTP/SMB and scan to a share then have your users mail the file manually. -- Johan Strange _______________________________ MCSE, MCSA + Messaging, CompA+ Logic42 Computer Solutions - The answer to everything Show quote "Tango" wrote: > Hello All! > Exchange 2003. I have a Ironport gateway for mail flow to and from > the internet. We were getting blocked because we were sending out > spoof spam from accou***@paypal.us I was able to get Ironport to drop > everything that didn't come from our domain. My spammer still tries > so I'm trying to track down where the spam is coming from inside my > domain. It does not bog down my mailbox servers. > > What is the best way to track where the spam is coming from? It could > be coming from one of our mail enabled copiers! I just don't know. > > Thanks, > Tango >  |
|||||||||||||||||||||||
Other interesting topics